Sharp drop in overall security spending forecast from Gartner due to COVID-19


The pandemic is causing security spending in 2020 to shrink dramatically in most, but not all, segments, according to a revised estimate.

Budget planning, spreadsheet on laptop screen

Image: simpson33, Getty Images/iStockphoto

Analytics firm Gartner has revised its 2020 security spending forecast in light of the COVID-19 pandemic, predicting an increase, but a much smaller one than originally expected.

Gartner’s original 2020 security spending forecast issued in December 2019 predicted an 8.7% growth rate, which is now being revised down to only 2.4% growth.

 “Overall we expect a pause and a reduction of growth in both security software and services during 2020,” said Gartner Managing VP Lawrence Pingree, which he attributes directly to COVID-19. 

Despite the overall decline in security spending in 2020, some segments of the cybersecurity market are seeing increases directly attributable to the novel coronavirus pandemic. 

“There are a few factors in favor of some security market segments, such as cloud-based offerings and subscriptions, being propped up by demand or delivery model. Some security spending will not be discretionary and the positive trends cannot be ignored,” Pingree said.

SEE: COVID-19: A guide and checklist for restarting your business (TechRepublic Premium)

Reflecting that, Gartner predicts a 33.3% increase in spending on cloud security in 2020 over 2019. Other areas seeing growth are data security at 7.2%, application security at 6.2%, and identity access management and infrastructure protection, both predicted to grow by 5.8%. 

Most segments will still see gains, albeit smaller than the ones listed above. Of the 10 security segments listed in Gartner’s prediction, only two of them are forecasted to decline: Network security equipment and consumer security software at -12.6% and -0.3%, respectively. 

Resilience in the security market, Gartner said, is largely due to increased penetration of the cloud-based delivery model, which was responsible for 12% of overall security deployments in 2019. 

In general, cloud-based delivery models have exceeded 50% of deployments for markets such as secure email and web gateways, Gartner said.

Cloud-based security has been expected to grow rapidly for some time, and new security concerns of the COVID-19 pandemic may serve to accelerate that transition as remote work means there’s less need for centralized security inside of a castle-like perimeter. 

This tracks with Gartner’s predictions for loss in the network security hardware department: Why invest in securing an on-premise network when more of your business is moving to the cloud? 

Cloud-hosted SaaS security tools can reduce overhead and free up IT time spent updating software, but they aren’t without their drawbacks. A March 2020 survey of security professionals found that many have data privacy concerns, fears over service disruptions, and software integration, and worries over data sovereignty.

Gartner clients can read a full report of security spending at Gartner’s website, and tech decision makers should be sure to check out Gartner’s COVID-19 resilience resource center for strategies in adapting to the changing business technology landscape.

Executive Briefing Newsletter

Discover the secrets to IT leadership success with these tips on project management, budgets, and dealing with day-to-day challenges.
Delivered Tuesdays and Thursdays

Sign up today

Also see

How open source could help empower social change


Social change is on the minds of everyone across the globe. How can open source help make this a reality? Jack Wallen offers some suggestions.

Image: Getty Images/iStockphoto

The world is in a bit of upheaval at the moment; there’s a pandemic and there’s racial and social strife running rampant through the streets of every city. Although you might think the tech sector would be the last place to look for a means to a changed end, it’s time to rethink that take on technology and those behind it.

As we’ve seen with so many other endeavors, tech can help–especially open source.

Open source didn’t originally set out to become a movement beyond code. Eventually, however, it spilled out into various other avenues until it could be found just about everywhere. Now, open source has a chance to show that it can not only be a catalyst for change in the software and hardware industry, but a means for social change.


That’s a good question. 

There are, however, answers. Let’s dig in.

SEE: Diversity and Inclusion policy (TechRepublic Premium)

Software solutions

Let’s start out with the obvious: Software. Because open source tends to be both open and free, those solutions are perfectly suited for organizations geared for change. But, we’re not just necessarily talking about a group cobbling together a solution made up of the usual suspects: Apache, MySQL, WordPress, etc. There are open source projects created specifically to help empower social changes.

Some of those projects include:

  • Givesource: An open source fundraising platform for nonprofits. This project was created by marketing and software company Firespring and includes features like: Ease of use, responsive design, PaymentSpring integration, scalable, quick setup template, online/offline donations, matching fund support, and donor data reporting. 

  • ClientComm: An open source platform that empowers simplified communication between case officers and their clients. This tool gives case officers a powerful platform from which they can track clients and send case workers texts for any situation that might arise.

  • Mifos: An open source platform that banking institutions can use to offer low- or no-cost digital banking solutions to the poor.

  • alex: An open source tool that can detect gender favoriting, polarizing, race-related, religion inconsiderate, and other unequal phrasing in text.

  • tasking manager: A tool to help teams coordinate mapping on OpenStreetMap.

  • A community for mental health experiences wherein people can share their personal stories with allies.

  • refugerestrooms: A tool that helps provide safe restroom access to transgender, intersex, and gender nonconforming individuals.

  • Terrastories: A geostorytelling tool to enable local communities to locate and map oral storytelling traditions for places of significance. 

  • Clear My Record: A platform that can enable citizens to more easily clear their records so that they may remove barriers to jobs, housing, and educational opportunities.

  • pandemic-ebt-mn: A tool to support Pandemic EBT (P-EBT) applications in Minnesota.

  • pandemic-ebt-ca: A tool to support Pandemic EBT (P-EBT) applications in California.

  • B.E.A.R.: An app that provides a desktop GUI that reads California Department of Justice .dat files that contain criminal histories and identifies convictions that are eligible for relief under CA Proposition 64. 

  • Project Callisto: A platform to detect repeat perpetrators of professional sexual coercion and sexual assault.

  • Open Food Network: A platform that enables new, ethical supply chains for food.

Of course, one must also include the regular fare in this list, because without the likes of Apache, NGINX, MySQL, Rails, Rust, Nextcloud, and so many more, social change through open source wouldn’t be possible.

But what else can open source do to help drive change?

Improve terminology

If there’s one thing open source can do that could have an immediate and lasting effect, it would be to start changing some of the terminology used. A perfect example is within clustering technology. Once upon a time, it was common to use the master/slave nomenclature. That is simply not acceptable and many projects were already ahead of this game and switched to master/node. 

However, it’s time to drop the master tag as well. Instead of master, I’ll toss out some options:

  • Main

  • Head

  • Conductor

  • Director

  • Lead

  • Manager

  • Chief

  • Prime

  • Major

The point is, words matter; terminology like this is long past due for change. In that same vein, projects should also go through code and documentation to remove verbiage that might be hurtful or insensitive to specific groups.

SEE: GitHub to replace “master” with alternative term to avoid slavery references (ZDNet)

Embrace diversity

This is one area of change that open source has already taken charge of. I know many open source developers that come together as an entire rainbow of culture–it’s quite a beautiful thing to experience. 

However, it could go much further. A 2017 GitHub open source survey found that:

  • Three percent of respondents identified as female

  • One percent identified as non-binary

  • Ninety-five percent of respondents identified as male

  • Sixteen percent of respondents identified as minority ethnic or national group within their home country

  • Seven percent of the survey respondents identified as lesbian, gay, bisexual, or asexual

It is also reported that:

The good thing about open source is that, by its very nature, anyone can check out code, fork it, and create something of their own. So any programmer, regardless of color, race, religion, sexual identity, sexual preference, or gender, can start a project. If you’ve got the skills, open source has the code. While you’re at it, create a project focused on change.

Be bold. Code change into the world.

See something, say something

Finally, if you’re a part of the open source community, consider yourself as a means to a better end. If you see behavior that is counter to progress and positive social change, call it out. We’re well past the time for silence. And, at the moment, the court of public opinion has a very loud and large voice that holds powerful sway over companies.

However, if you take it upon yourself to call out unacceptable behavior, consider communicating to the perpetrator first. It could be a situation where the person has no idea they are perpetuating behaviors that have no place in an enlightened society. Educate them. If they reject your offer to help, then reach out to those in charge of the project they are working on. If that bears no results, continue escalating until change for the better happens.

Open source can do wonders for society, be it with software, a simple change in terminology, diversity in numbers, or policing unacceptable behaviors. By design, this community is open, and it’s time to be held to a higher standard. 

Be the change society needs.

Open source can help with that.

Open Source Weekly Newsletter

You don’t want to miss our tips, tutorials, and commentary on the Linux OS and open source applications.
Delivered Tuesdays

Sign up today

Also see

Microsoft adds CompTIA certifications to datacenter training programs


Five community colleges offer the Datacenter Academy program that is part of a larger community development program.

Diverse IT colleagues setting server hardware

Image: EvgeniyShkolenko, Getty Images/iStockphoto

Community college students at five Microsoft Datacenter Academies around the country have a new requirement to test their tech skills: CompTIA certifications.

Three CompTIA certifications will become required components of the existing IT curriculum at the schools:

  • CompTIA A+ 
  • CompTIA Network+

  • CompTIA Server+ 

The Datacenter Academy trains students for entry-level jobs at data centers. Training covers infrastructure cabling, copper and fiber optic testing, and computer network connectivity. Courses range from eight weeks to 20 months.

SEE: Guide to Becoming a Digital Transformation Champion (TechRepublic Premium)

The Datacenter Academy program is a part of Microsoft’s Datacenter Community Development initiative, which works to build partnerships that deliver economic, social, and environmental benefits in communities where Microsoft operates datacenters. This initiative brings together nonprofits, governments, educators, and businesses to improve computer science education and support business development.

“CompTIA is an important partner for the Microsoft Datacenter Academy program, which develops IT skills for the community workforce in locations where Microsoft operates datacenters,” Utaukwa Allen, senior director, Microsoft Datacenter community development, said in a press release. “Skills learned through the CompTIA curriculum prepare workers for jobs in the digital economy, including working in a Microsoft datacenter.”

Participating schools also can add the CompTIA Security+ certification, which covers baseline cybersecurity skills, to their programs. Classroom instructors at the five partner schools will have the opportunity to join the CompTIA Instructor Network.

Currently, five community colleges around the US have Microsoft Data Center training programs, including Southside Virginia Community College, the Southern Virginia Higher Education Center, Des Moines Area Community College in Iowa, Laramie County Community College in Wyoming, and Big Bend Community College in Washington. 

Earlier this spring at the Des Moines Area Community College, the datacenter academy opened a virtual learning lab, which features virtual reality (VR) and augmented reality (AR) technologies that will give students the opportunity to navigate the Microsoft data centers located throughout Central Iowa via a simulated environment.

During the COVID-19 pandemic, datacenters were deemed essential businesses by most jurisdictions due to the reliance on cloud services by businesses, schools, and government agencies, including many first responders.

Cloud certifications, security certifications and project management programs are other popular ways to quantify professional experience and increase earnings potential.

Microsoft Weekly Newsletter

Be your company’s Microsoft insider by reading these Windows and Office tips, tricks, and cheat sheets.
Delivered Mondays and Wednesdays

Sign up today

Also see

COVID-19: Digital transformation plans are being put on fast-forward


Post-pandemic plans for digital transformation should include omnichannel communications, automation, and agent-assisted AI models.

TechRepublic’s Karen Roby talked with Colson Hillier, the CMO at Alorica, provider of Business Process and Customer Satisfaction Outsourcing solutions, about digital transformation projects in the post COVID-19 era. The following is an edited transcript of their conversation.

Karen Roby: Where should companies be focusing right now, and explain why omnichannel communications should be a priority.

SEE: Guide to Becoming a Digital Transformation Champion (TechRepublic Premium)

Colson Hillier: I think that the idea of omnichannel is really about customer empowerment. Today, you think about the way that we interact with the brands that we love, and almost all of it involves multiple channels. I don’t sit and watch TV any longer just by itself. I’ve got my iPad up, and I’m emailing, or texting, or using social networks. All those channels have a different sort of role to play in the overall customer experience. It’s really important to get it right in terms of how you manage all of those channels in a way that’s consistent and delivers an outcome for a customer that doesn’t feel like it’s coming from six different places. 

Our approach is to really look at that sort of opportunity on three different levels. The first is the application layer and making sure that you’re relevant and available at all of the different apps that are used by customers to understand your products, or get information, or make purchases. The second is an intelligence layer where you’ve got to apply a lot of the logic and intelligence on how to manage that customer interaction. And the bottom layer is knowledge management. So, you need to work all three of these in order to deliver the right experience, but knowledge management essentially takes all of the information that you need about product information, a customer’s profile, and puts it in a place that is accessible via the cloud and is well-indexed so that it can be used in those omnichannel experiences. The intelligence layer looks at all that information and takes the content of a query, whether that’s a social post, or a text, or a chat session or something like that, and it interprets that as the intent of the customer and delivers the knowledge that is needed to the client through that application.

If you can get those three things right, you can deliver an experience that feels very much aligned to where the customer wants to be met. There are different attitudes in social than you have when you’re SMS-ing versus when you’re on the phone with somebody. But the key is to make sure that you can manage that customer interaction across all of those channels in a way that’s consistent and sort of respects the interaction or the investment that the customer has made, either yesterday or earlier in the year, and give them an experience that’s personalized and sort of builds on your history with them, as opposed to feeling like it comes from six different places.

Karen Roby: Expand a bit on the importance of agent-assisted artificial intelligence (AI) models.

Colson Hillier: That core of being able to serve customers that have increasingly complex issues that they’re trying to resolve in an environment where our businesses are changing, our clients’ businesses are changing so rapidly, new product cycles, introductions, new policies and procedures. The pace of change is so great right now that it’s almost impossible to train an employee on how to handle every situation that they’re going to come across in a classroom training, what we would call just-in-case training. 

A lot of where we focus our energy is on how do you take knowledge and use that at every stage of the agent life cycle to make sure that you have the right information for the client or the end user at the point of need? To do that, you need to be able to have your insights and information to resolve problems or provide customer experience readily available. It needs to be indexed in a way that it can be delivered in context into a conversation so that an agent is able to easily find and deliver that content to a customer. 

SEE: Life after lockdown: Your office job will never be the same–here’s what to expect (cover story PDF) (TechRepublic)

We focused a lot on a couple of different things. One is that knowledge management layer–we mentioned that with omnichannel just a moment ago. The first way to deploy that is typically an agent-assist model. As you deploy an interface to an agent that’s handling a customer service interaction and they’re consistently utilizing this tool in order to access the content, and that content could come from the web, it could come from what we call tribal knowledge, so gathering all the intelligence of their peer groups, and supervisors, and things that typically were used on post-it notes or in notepads, and bringing that all together in a way that’s easily indexed and searched and delivered to the agent in a consumable format.

It can have a massive impact on the efficiency and the consistency of the delivery of a customer-service experience. For example, when we looked at one of our clients, we started by evaluating all the calls they were taking. And we found that over 45% of the time an agent was on a call with a client, it was dead air time. And that time was spent researching and looking things up, it was asking a neighbor or a supervisor for some support, or generally processing things that were very low value to the customer interaction and really driving inefficiency in that interaction. So, when we deploy a knowledge management solution, the agent has access to that information in real time and is able to get those responses delivered much more quickly. We see average handle time reduced by about 15%, we see what we call first-call resolution, or the ability to resolve a customer’s issue the first time that they call in, increased by seven to nine points.

These are really important metrics to the efficiency of how you deliver a customer experience through the call centers that we operate. The other important byproduct of having a platform like that is that it deploys AI and machine learning in a continued-improvement process. As I start to get questions, and I’m interrogating this knowledge-management platform to get the answer, if that’s the correct answer, I know that, and I sort of signal back on the affirmative. But if it’s not, I’m able to go back and have our knowledge engineers go back and understand why that was the case and tune the model so that it gets more effective. As you do this hundreds of thousands of times, you get to identify things that are repeatable and that you know you have high confidence in being able to deliver the response against. Those are the best candidates to take and migrate into something that’s fully automated, like a bot experience where humans are no longer required to deal with some of the types of questions that come up in our call center environments.

Karen Roby: What are your thoughts on automation?

Colson Hillier: There’s so many companies that have grown up, particularly larger companies, where processes that worked well at small scale, or when you had a very streamlined decision-making flow, or a limited number of systems that needed to be touched, worked just fine. But as you go through growth in your business and add new departments that are part of a chain or new systems that need to be updated and kept in sync with others, we found that process automation is an awesome way to sort of thread together all of the disparities in a large ecosystem that needs to be managed in order to deliver an outcome.

SEE: An IT pro’s guide to robotic process automation (free PDF) (TechRepublic)

Whether it’s something like a back-office process automation where you’ve got an intake of a document that needs to be updated across four or five different systems and done consistently with high degrees of accuracy, or if it’s a process that is creating a lot of fallout or negative net promoter scores that you can address with systematic delivery, the process of understanding the end-to-end flow of information as it moves through a company, identifying where there are significant areas of fallout or inconsistency, or even very high resource allocation, like labor allocation, helps us to identify where there are opportunities to, again, deliver efficiency, consistency, and ultimately a better customer experience by solving on speed and accuracy.

Data, Analytics and AI Newsletter

Learn the latest news and best practices about data science, big data analytics, and artificial intelligence.
Delivered Mondays

Sign up today

Also see

Karen Roby spoke with Colson Hillier, the CMO at Alorica, provider of Business Process and Customer Satisfaction Outsourcing solutions, about digital transformation projects in the post COVID-19 era. 

Image: Mackenzie Burke

How to effectively respond to a Request for Proposal (RFP)


Learn some strategies for arranging the best possible responses to RFPs to market your company’s strengths

Image: Getty Images/iStockphoto

A Request for Proposal (RFP) is issued when an organization needs to purchase a product or service and needs to vet out vendors and products to make the best possible selection. 

The vetting process works by providing a description of the company and the product/service requirement as well as the goals and criteria for implementation and project success. This involves asking a series of questions about the potential vendor’s product or service in order to elicit details for how an implementation strategy would work.

An RFP should provide enough detail to give respondents the appropriate context needed to propose a valid solution, but vendors should also exercise some flexibility in their responses to utilize creativity and stand out from the competition. 

SEE: RFP templates and guidebook (TechRepublic Premium)

Tips do’s for vendors

Enjoying this article?

Download this article and thousands of whitepapers and ebooks from our Premium library. Enjoy expert IT analyst briefings and access to the top IT professionals, all in an ad-free experience.

Join Premium Today

Vendors seeking to acquire business via an RFP should adhere to the following principles when responding to them.

  • Answer each question in sufficient detail. However, keep answers short and to the point to ensure that they are as concise as possible.
  • Ensure answers are accurate and truthful.
  • Utilize subjective examples where possible; e.g. the software being provided yields these specific benefits.
  • Get clarification on the ambiguities before potentially proceeding down the wrong path.

Be aware that some customers will put “unique” questions not related to the actual projects in an RFP such as inquiring about the density of a black hole or asking how many European swallows does it actually take to carry a coconut. This is an attempt to ensure prospective vendors are paying attention to the material and not merely responding with a generic blanket template. Answer these questions as accurately and professionally as possible.

Don’t be afraid to go above and beyond where the opportunity arises; if there is available material to educate the customer on issues or factors related to their questions (but not specifically spelled out) provide this if it offers relevance.

It’s also a good idea to keep a supply of statistics, case studies, satisfied customer quotes/contacts (if they are amenable to discussing the product/service with potential customers), and other reusable data which can facilitate the RFP response process. That being said, customize RFP responses to make them as unique to the customer and their needs as possible.

SEE: RFP templates and guidebook (TechRepublic Premium)

Tip don’ts for vendors

Avoid giving away any confidential or proprietary information. If this is unavoidable, don’t do so without a non-disclosure agreement.  Also, don’t initially quote the lowest possible price for the product or service; assume there will be some negotiation on both sides to come to a fixed agreement.

Don’t introduce hidden fees or other elements, which may result in a negative “surprise” on the part of the customer. Although it is a good idea to try to bundle pricing and offer discounts where possible.

SEE: RFP templates and guidebook (TechRepublic Premium)

Follow-up tips

It’s important to keep records of both which RFP responses were successful and which were unsuccessful. It’s also important to determine the reasoning behind this. Was it price? Features? Complexity? Utilize any feedback from customers who elected not to pursue the product/service being offered and tailor future RFP responses accordingly.

Follow the potential customer’s recommendations for RFP response submission, but always offer to engage in a telephone call or in-person visit to discuss the response and offer answers to any questions.

Remember to always follow up with the potential customer after submitting the RFP response to ensure it was received. Check in with them after a two-week period to offer any clarification or further information they might need.

SEE: RFP templates and guidebook (TechRepublic Premium)

Kaspersky Virtual Cyber Insights Conference | South East Asia


Register Now


Provided by:



On Tuesday, July 2, 2020, senior cybersecurity experts and industry analysts will get together at the much-awaited Kaspersky APAC Virtual Cyber Insights Conference 2020 to debate and deliberate on the top threats facing Enterprises in South East Asian countries – and what they mean for IT leaders and Security Decision Makers, in terms of incident response, business continuity and risk management. Participants will leave with clear, actionable intelligence on how to transform their cyber defense capabilities.

Register Now