IT Security untapped

A unique insight into the state of IT security in the Middle East with Madhulika Biswas of Frost & Sullivan.

Today, enterprises are not limited to just employees and stakeholders but represent suppliers, channel partners, and collaborators who need access to data related to products, contracts, movement in supply chain, and much more. In this extended enterprise, we find an increasing need for electronic information to support and manage inter-firm relationships. Moreover, with the increasing availability of broadband connections and decreasing subscription rates, the Middle East market will further witness the drive towards internet adoption. Hence, as a result of vanishing perimeters, increased need for collaboration and information sharing and growing business internet penetration, information technology now forms the backbone of enterprises' day-to-day activities. The increasing dependency on the internet, has amplified exposure towards IT-related threats.

The changing threat landscape

Enterprises have become more prone towards security risks both from an inbound and outbound perspective. This changing threat landscape has been caused by the rise in the number of security incidents, such as phishing attacks, generated from this region. In addition, with the increasing complexity of threats, many online users are becoming victims of cyber crime attacks and the incidences of successful attacks are escalating. In the region, Saudi Arabia, Egypt, the UAE and Qatar are the leading countries that are the target and source of malicious online activities. The growing frequency of fraudulent activity has led to an exponential rise in IT security investments, especially in areas such as data, web and network security, like anti hacking and anti spam. However, the region has been slightly relaxed in implementing sophisticated information storage and security solutions, as security is still seen as a technological issue by several companies. The region has registered a double-digit growth and sectors like banking are ahead in terms of having a better understanding of information, storage and security.

The integrated security market has witnessed good traction in 2009, and as a result brought many innovations into the integrated security segment. Customer preferences are slowly shifting to integrated security appliances, and hence secure routers and switches are likely see higher adoption levels. Adoption of data loss prevention (DLP) systems have also gradually improved in the past two years, due to awareness of data leakage. DLP protects data via a combination of processes and technology with the ultimate goal being the prevention of a data leak. With this, the adoption of DLP solutions has also increased.

Compliance

Companies are adopting DLP for a variety of reasons, with compliance being the strongest incentive. Compliance management is slowly becoming the centre of security decisions and spending. A worldwide trend for adoption of next generations integrated security appliances known as Unified Threat Management (UTM) devices is also developing as a means to increase the market participation of small and medium companies. SMB companies are interested in network security solutions, but have limited adoption of security solutions due to prices and investment capabilities. Unified threat management (UTM) has many features far more advanced and sophisticated than its predecessors, enabling better network management, security in centralised devices, services like real-time signature update and many more tools for administrators, making it easier to upgrade networks. UTM technology has particularly good traction in the Middle East countries where a large number of small and mid size organisations that use the internet-based business model, are adopting UTM to safeguard their IT infrastructure. Verticals such as Banking and telecom are the major adopters of the latest security technologies. Due to the growth of international banking and money laundering, there has been an alarming increase in the rate of fraud and organised crimes. While in the telecommunications sector, the ongoing capital expenditure is driving security spending. Governments in the region are taking many initiatives such as liberalisation and privatisation of the telecom industry, establishing technology parks, which further infuse growth into the ICT industry. In addition, with the healthcare sector realising the consequences of data loss, data security is gaining importance, with initiatives, such as creating a common ID for their clients.

The region lacks government regulatory guidelines and compliance mandates, but is witnessing increasing initiatives in the security arena. One problem is that initially ISPs in the region rapidly deployed broadband internet connections without implementing security solutions. However, with the cautious measures taken by governments, many ISPs were blocked and marked as a source of spam generation. Standards like BSI (British Standards Institution), ISO 27001 and PCI DSS (Payment Card Industry's Data Security Standard) developed by credit card companies to provide guidance in order to prevent credit fraud and other security mishaps, are gaining popularity amongst enterprises. Adoption levels of standards are increasing in the Middle East as numerous enterprises are working to get themselves certified with various international standards due to growing business needs while working with clients and partners spread across the globe. However, many enterprises in the region feel that certification programme is tedious and need lots of paper work, so the preference is to follow standards internally without certifications being opted for. Hence, enterprises are looking for partners who can provide proper guidance and make the certification process simpler.

Preparing for the future

Companies in the Middle East are looking for compliance technology, which simplify the choice and implementation of standards with a little effort and background information. However, this requires expertise in internal staff or resources. The existing need for IT security experts that can be readily absorbed by the enterprises without any extra efforts to train them, is also stimulating growth of the education sector. As an attempt to reduce this gap, educational institutions are taking various initiatives to create a trained work force for IT security. As a result of the economic meltdown, the region witnessed investments being made for enhancement of IT infrastructure not only from governments but also from private organisations. The steep decline in oil prices due to the economic slowdown is one of the major factors behind initiatives being taken to reduce the dependency of economies on oil. With this, the future holds massive growth in the field of mobile operations, internet/broadband services, and fixed line, which will further fuel investments in IT infrastructure, enabling IT security to penetrate the market faster.

Madhulika Biswas is Senior Research Analyst- Information and Communication Technology Practice- South Asia and Middle East at Frost & Sullivan. For feedback and enquiries contact tanu.chopra@frost.com.