More see IT security as strategic to their business: Frost survey
By Digital News Asia November 15, 2013
- Senior execs cite customer satisfaction as top reason for security adoption
- CEO involvement in security decision-making reaches a new high
ORGANISATIONS are taking a more strategic approach towards IT security, according to a Frost & Sullivan survey of South-East Asia and Hong Kong, commissioned by network security solutions provider Fortinet.
Customer satisfaction has overtaken compliance requirements as the leading driver for security, while CEOs (chief executive officers) now have unprecedented involvement – in front of CFOs and even CIOs (chief financial and information officers) − in security decision-making, the survey found.
This reflects management's realisation of the business impact and value of IT security, Fortinet said in a statement.
The survey also reveals the evolution of organisations' attitudes towards cloud computing, as growing adoption − which results in data being centralised in the data centre – is driving firms to consider making data centres their new security operation centres (SOCs), the company added.
Conducted in October 2013 in Singapore, Malaysia, Thailand and Hong Kong, the survey polled 300 senior executives with positions like CIO, CTO (chief technology officer) and head of IT. The 75 respondents from each country came from various verticals, including the four key verticals of financial services, service provider, government and education, and hailed from organisations of all sizes.
The survey found that customer satisfaction is now the main reason for firms across the region to adopt security, ahead of compliance and risk reduction.
Customer satisfaction was rated particularly strongly in Malaysia and Thailand − it was listed as No 1 in Malaysia and tied with compliance for the top spot in Thailand.
Regional business hub Singapore still ranked risk reduction as No 1, with customer satisfaction a close second.
Employee productivity concerns, on the other hand, took the pole position in Hong Kong, suggesting a relatively receptive attitude towards BYOD (bring-your-own-device) and telecommuting.
“The finding suggests that organisations in the region have moved from implementing IT security to comply with rules and policies to leveraging it in a more strategic manner,” said Edison Yu, associate director of the ICT Practice at Frost & Sullivan Asia Pacific.
“This is a healthy development that bodes well for enterprises' long-term prospects,” he added.
CEO's attention
According to the survey, IT security issues have found their way up to the C-suite. Overall, 69% of the respondents said that their CEO is a decision-maker in IT security matters, with 40% saying he or she is a key decision-maker.
This is ahead of the 46% and 30% given for the CIO, and the 44% and 12% given for the CFO, respectively. The role of the CEO in IT security is particularly pronounced in Malaysia and Thailand, where 45% of the respondents in each country said the CEO is the key decision maker.
“More and more firms are realising that security is not the remit of the IT department alone,” said Yu.
“The impact of a security breach on business is real and broad, and management wants to be proactively involved in preventing it. As IT security starts to be treated as a business risk, we see it becoming an integral part of organisations’ risk management strategies,” he added.
The new security command post
Respondents in the region generally cited virtualisation, resource consolidation and cloud computing as the requirements they are looking at for their data centre in the next 12 months.
A substantial proportion (16%) also said they want their data centre to take on the role of a security command post. This trend is stronger in Malaysia and Thailand, with 21% and 19% of the local respondents citing it respectively.
“This aspiration is consistent with organisations' rising adoption of private clouds to consolidate IT in the data centre,” said Yu.
“Using the data centre as the new security operation centre (SOC) is a logical extension of this move and a good way to maximise the value of their data centre investment. We expect this trend to gain wider traction in the coming years,” he added.
The majority of respondents consider DDoS (Distributed Denial of Service) prevention/ Web application firewalls, application security and network security as critical technologies in a data centre setup.
Singapore and Hong Kong rated application security as No 1, result that may be driven by the ‘web-centricity’ of the multinational corporations there. Thailand put network security in the top spot, while Malaysia prioritised network management, with application security and network security in joint second place.
Cost-effective safety
The survey also revealed a widespread urge to maximise value from IT security investments. Overwhelmingly, respondents opted for IT security solutions that consolidate multiple functionality into one device, citing greater protection, easier management and lower cost as the main reasons for such a choice.
Malaysia and Thailand were the two countries most inclined towards such consolidated security platforms. Over two-thirds of the respondents from these countries − 69% for Malaysia and 72% for Thailand − preferred such platforms over standalone security solutions.
Firms relying on external parties for their security needs also expect value for their money. More than one-third (36%) of the respondents in the region wanted their solution providers to deliver value-added services − such as visibility reports, forensics and risk profiling – in view of maximising the returns on their security investments.
This expectation was strongest in Malaysia (37%) and Thailand (45%). The desire for value-added services ranked fourth, just after better support (No 1), better performance (No 2) and better pricing (No 3).
“We are glad to see that the survey results − consistent with our conversations with endusers − show that the C-suite are rethinking and reviewing their approach to IT security to better align with corporate's broader risk management objectives,” said Fortinet vice president for South-East Asia & Hong Kong George Chang.
“Their realisation that IT security is a business enabler rather than an infrastructure cost will pave the way for a more secure environment that will benefit both enterprises and consumers,” he added.
Related Stories:
Banks and compliance: Be nice to your CIO now
Policy framework a must for security today: IDC
Gen-Y ‘BYOD’ workers have low regard for corporate IT security
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.