The Changing Pace of Security
Global spending on IT security is set to reach over USD 101 billion in 2018, and the Middle Eastern and African region will see the security market grow to over USD 13 billion by 2019. While securing enterprises is an attractive business to be in right now, it is also fraught with challenges. We outline some of the key focus areas for resellers and system integrators.
Traditionally, ownership, proximity and access to assets went hand in hand for businesses. As enterprises opt for Digital Transformation, this relationship undergoes a fundamental change. Relentlessly growing data volumes, increasing costs of infrastructure ownership and a highly globalized workforce have made cloud computing, virtualization and mobility the cornerstone of any enterprise’s attempts to survive and compete in the 21st century.
As data and networking resources move out of premises, enterprises lose a significant amount of visibility and control. With mobility added to the mix, enterprise boundaries have pretty much vanished. In effect, these innovations turn an organization inside out, exposing it to an ever increasing array of unwanted access methods, even as the older, well known models of security fail. The existing on-premise physical infrastructure and heterogeneous technology stack all add to the complexity. In a nutshell, enterprises today are challenged with:
- A complex portfolio of security solutions with specific coverage, not interoperable, and thus providing only limited visibility into threats and compromises
- A traditional security mindset that focuses on event-driven and reactive actions
- A limited and siloed implementation of cloud computing security and identity and access management
- A severe shortage of skilled information security professionals with the capabilities to deal with sophisticated cyber attacks
This last challenge is especially relevant for Value Added Resellers and System Integrators. According to a global infrastructure security study conducted by Arbor Networks, less than 40% enterprises are looking at developing in-house capabilities for incident preparedness and response. Due to the lack of skills and expertise, half the enterprises interviewed have opted for managed services in this area. This is especially true for the Middle East and Africa area, creating a very specific market opportunity for resellers with the right skill portfolio.
Following are some of the key security related trends in the current scenario:
- Identity and access management (IAM) remains a critical piece of the cloud security puzzle, but it needs to evolve to become a seamless enabler for business users without affecting agility. Enterprises are looking for IAM solutions that leverage context and analytics to enable adaptive access to employees, customers and partners. A single view of users across legacy, cloud and mobile applications is a key feature of such a solution.
- Cloud security continues to be at the center of the security debate with almost all experts predicting that attackers will now use the cloud to attack enterprises. Although large platform providers like Microsoft and Amazon take the ownership of securing the platform itself, customers do have to look at specific areas including enterprise integration, governance, and architectural views. In fact, according to research from Gartner, “Through 2020, 80% of cloud breaches will be due to customer misconfiguration, mismanaged credentials or insider theft, not cloud provider vulnerabilities.” Cloud platform providers are thus focusing on enhancing security related features in areas that are the responsibility of customers to help enhance overall cloud security experience. Organizations are also looking at using the probe feature on the cloud to simulate attacks from the outside to evaluate their own as well as their partners’ and vendors’ security.
- Enterprises are fast learning that they need move away from the event-driven and reactive approach to security. According to Arbor Networks, over 57% of enterprises interviewed are looking at speeding up their incident response processes, and majority of service providers are focusing on drastically reducing their turnaround times in detecting Advanced Persistent Threats (APTs) and the discovery-to-containment times. Security Information and Event Management (SIEM) is a game changer in this area; it uses rules-based automation and analytics-based intelligence to deliver real-time alerts, identify patterns, prompt timely actions, and eventually help define proactive security policies.
- Enterprises will look for consolidation of security solutions across their assets to achieve better management of their security policies and processes. Security as a Service (SECaaS) is a growing model wherein service providers deliver security applications and services through the cloud to protect enterprise data and assets on premises as well as in the cloud. Predicted by Market and Market research to grow to a more than USD 8 billion market by 2019, SECaaS offers enterprises significant cost benefits while provisioning cutting edge security software and expertise.
Key Reseller Takeaways:
- The security market in Middle East and Africa will grow to USD 13 billion by 2019.
- According to IDC, the hot areas for growth are security analytics / SIEM (10%); threat intelligence (10%+); mobile security (18%); and cloud security (50%).
- The competition point for resellers will be the cyber security skills and expertise they are able to offer to the MEA market.