According to our survey data dating back to 2008, despite year after year of high profile security breaches from Heartland Payment Systems to Wikileaks to Sony, security budgets have only increased by single digits. This is hardly enough to keep up with the increasing sophistication of attacks, the avalanche of breach notification laws and the changing business and IT environment.
The changing business and IT environment is perhaps the greatest concern. With a massive explosion of mobile devices and other endpoint form factors and an ever expanding ecosystem of customers, partners, clouds, service providers and supply chains, you increasingly have less and less direct control over your data, your applications and end-user identities. We refer to this expanding ecosystem as the “extended enterprise.” An extended enterprise is one for which, a business function is rarely, if ever, a self-contained workflow within the infrastructure boundaries of the company. We believe that the extended enterprise is such a major shift for CISOs and security professionals that we dedicated our upcoming Security Forum to it as well as a significant stream of research.
“I remember when I lost my mind” … oops that’s Gnarls Barkley. I should have started with … I remember when software asset management (SAM) was on my radar as an IT service management (ITSM) practitioner. It was circa 2003, and my then employer was scared to death of the implications of non-compliance. We did some ground work but IMO it somewhat “died a death” when we realized that we had no idea where all the purchase records were – let’s assume they are all compliant now. Since then I have viewed SAM as just being on the to-do list for far too many organizations, never quite making it into the realms of actual “doing.” Sad but true.
Thankfully, however, my first three months at Forrester is changing this opinion – as 30% to 40% of my client inquiries relate to IT asset management (ITAM) and SAM (if you are interested the other 60% to 70% relate to ITIL adoption, process improvement, and ITSM tool selection – there’s a lot of tool replacement going on). SAM is rising from the ashes of its compliance era, in many ways this time “it’s all about the Benjamins.”