Investing in a new security product can be as damaging to a company as buying old technology, according to research group Gartner.

With the increasing need to comply with new government regulations and the speed at which new threats evolve, Gartner's research vice president, Rich Mogull, warned enterprises to make their security spending decisions wisely.

"In deciding when to adopt a new security technology, timing is crucial. Invest too soon and you risk the pain and expense of an immature technology; invest too slowly and you risk being left behind and leaving your organisation vulnerable.

"Aside from the age-old need to 'keep the bad guys out' and 'let the good guys in', compliance with government and industry regulations are now playing a significant role in security spending decisions," said Mogull.

Mogull, who will be chairing the Gartner IT Security Summit in Sydney this week, also had some good news -- he believes that as security products converge, they will be less complicated and therefore more secure.

"Functional convergence in security products is occurring, for example, host firewalls, antivirus, anti-spam, and basic host intrusion prevention are combining into single desktop agents. In the future, this would make security less complex," he added.