Key Security Technologies Customers Are Buying Right Now

Yes, times are tough. But customers will open their wallets in 2009 for essential technology, and security is one segment that definitely fits the bill. The 2009 CRN Market Report: Security surveyed more than 350 small, midsize and enterprise businesses to get insight into their security budgets, pain points and spending plans for the year. Here's what we found.

Customers surveyed for the 2009 CRN Market Report: Security agreed on one major point -- they will spend money this year for security solutions. With threats of viruses, data theft and Web-based attacks looming large, the vast majority of companies understand that security is an IT area where they can ill afford to skimp, recession or not. Across small, midsize and enterprise customers, more than 85 percent of businesses said security purchases are on the near-term horizon.

Viruses, spyware and other malware still pose a huge threat for small businesses, which is why antimalware topped the list of security technologies companies with less than 100 employees plan to buy this year. More than 36 percent of small business respondents said they will buy antimalware solutions in the next 12 months. Meanwhile, 27 percent of small businesses said data loss prevention and wireless security are on the shopping list, tying those technologies for second place. Web security and perimeter security rounded out the top five technologies small business plan to snap up this year.

Antimalware topped the list of security technologies midsize customers plan to buy in 2009, but Web security is also grabbing a good amount of mindshare. For companies with 100 - 999 employees, 38 percent of respondents said they plan to purchase antimalware solutions this year, while 33 percent said Web security is on the list. The latter is gaining notoriety as midsize customers seek to protect their growing number of Web applications and add content and Web-filtering services to their security infrastructures. Data loss prevention ranked third, wireless security fourth and perimeter and end-point security tied for fifth most popular technology midmarket customers plan to buy in 2009.

With thefts such as the recent Heartland Payment Systems data breach grabbing big headlines, it's no wonder large businesses have data loss prevention on the brain. More enterprise customers surveyed for the 2009 CRN Market Report: Security (34 percent) said they plan to buy DLP solutions than any other security technology this year. Web 2.0 threats are also on the enterprise radar, with 30 percent of respondents saying they'll snap up Web security solutions in the next 12 months. Antimalware ranked third on the list of planned enterprise purchases, while wireless security and unified threat management tied for fourth.

Among midsize customers that plan to purchase managed services this year, wireless intrusion prevention topped their wish lists, followed by remote e-mail services and intrusion detection management. Enterprise customers -- those with more than 1,000 employees -- have slightly different priorities. Firewall management came in at No. 1, followed by remote e-mail services, intrusion prevention and patch management, all tied at No. 2.

Be prepared. It's the Boy Scout motto, but it also comes in handy for solution providers heading into security sales calls. Knowing where the decision-making power lies helps VARs hone their message and streamline the sales process. More than half of small businesses report that their main IT security purchasing authority is their top non-technology focused executive, such as an owner, CEO or president. Midmarket customers also report that non-technologists hold the security purse strings, though by a lesser margin. The game changes at enterprise customers, where CIOs and CTOs most commonly get to make the call. In all three cases, IT management is the group least likely to wield authority when it comes to security spending.

Customers of all sizes said the increase of security threats and the desire to prevent data loss are the top two drivers of security technology sales. From there, a few differences emerge. For example, enterprises are far more concerned with regulatory compliance than their small and midsize counterparts, even though smaller firms are staring down Payment Card Industry standards deadlines this year. Midmarket companies ranked lower IT costs and greater efficiencies as a bigger driver than large or small customers did, while new technologies and innovations seem more attractive to small businesses.

Small, midsize and large customers all reported spending roughly 20 percent of their overall IT budgets on security products and services in 2009, figures they said will hold steady in 2009.