Post on 08-Apr-2018
8/7/2019 Trends in Security 2010
1/24
Copyright 2010 IDC. Reproduction is forbidden unless authorized. All rights reserved.
Emerging Trends in IT SecurityEmerging Trends in IT Security
IDC IT Security Road Show 2010Nairobi
Francis Hook
Regional Manager
IDC
8/7/2019 Trends in Security 2010
2/24
Apr-10 IDC
Africa in Perspective
In Catch-up Phase
Africa in Perspective
In Catch-up Phase
$23 $75 $32 $22 $10 $8 $4 $2$55
$1,485
$127
$1,277
$781
$216
$1,108
0.5%
0.8%1.2%0.7%
0.9%1.4%
1.1%
4.2%
1.1%1.8%
2.8%
1.9%1.5%
3.6%
3.8%
$0
$200
$400
$600
$800
$1,000
$1,200
$1,400
$1,600
UK
Sing
apore
Cana
daUA
E
South
Afric
a
Russia
China
India
Mauritius
Moroc
co
Egypt
Keny
a
Nige
ria
Tanz
ania
Ethio
pia
ITSpendingPerCapita
0%
1%
1%
2%
2%
3%
3%
4%
4%
5%
ITasSh
areofGDP
IT Spending Per Capita 2009 IT as Share % of GDP
Source: EIU, IDC
8/7/2019 Trends in Security 2010
3/24
Apr-10 IDC
Worldwide IT Security SpendingWorldwide IT Security Spending
$48,732$55,254
$62,937$71,868
$81,778
13.8%14.2%
13.9%13.4%14.7%
3.6%
5.7%
5.5%2.9%
-1.8%
0
10,000
20,000
30,000
40,000
50,000
60,000
70,000
80,000
90,000
2008 2009 2010 2011 2012
US
$Millions
-4%
-2%
0%
2%4%
6%
8%
10%12%
14%
16%
Worldwide IT Security Products & Services Spending
Growth %
Worldwide IT Spending
8/7/2019 Trends in Security 2010
4/24
Apr-10 IDC
IT Security Spending - KenyaIT Security Spending - Kenya
0
2
4
6
8
10
12
14
2008 2009 2010 2011 2012 2013
IT Security Spending
Spending for appliances, software and security servicesSource IDC Kenya Security Study 2009
8/7/2019 Trends in Security 2010
5/24
Copyright 2010 IDC. Reproduction is forbidden unless authorized. All rights reserved.
Worldwide IT Security SpendingWorldwide IT Security Spending
As IT budgets undergo cut backs, security spending willNOT be one of the areas significantly affected by thiseconomic downturn.
Between 2009 - 2011, security products and services willremain stronger than other IT areas because ofcompliance and business requirements.
Many organizations will defer discretionary projects,freeze hiring, and actively look for savings fromvirtualization, hosted services, and automated security
management.
8/7/2019 Trends in Security 2010
6/24
Apr-10 IDC
Companies using more security
services.
Companies using more security
services.$44,130
$37,902
$32,308
$27,496
$23,453
$20,171
0
5,000
10,000
15,000
20,000
25,000
30,00035,000
40,000
45,000
50,000
2007 2008 2009 2010 2011 2012
US
$
M
illion
s
Source: Worldwide Security Services 2008-2012
CAGR 13.5%
The worldwide security services marketwas valued at $20.1 billion in 2007, andit is expected to increase at a slowercompound annual growth rate (CAGR)
of 13.5% over the 20082012 period
Security operation services andconsulting services will continue to bedriven by enterprise demand forsecurity management and security
architecture assessments.
Technologies such as identity andaccess management, unified threatmanagement, endpoint, messaging andWeb security will continue to drivesecurity services spending as
organizations are increasingly lookingto centralize their management andadministration as these technologiescan no longer function in a silo fashion.
8/7/2019 Trends in Security 2010
7/24
Apr-10 IDC
Security is a big challenge for CIOs in AfricaSecurity is a big challenge for CIOs in Africa
What are the biggestchallenges you face today?
N = 50; IDC Africa CIO Summit 2010
8/7/2019 Trends in Security 2010
8/24
Apr-10 IDC
Rise in threatsRise in threatsI2
8/7/2019 Trends in Security 2010
9/24
Slide 8
I2 Could you adapt this for Kenya?IDC, 4/5/2010
8/7/2019 Trends in Security 2010
10/24
Copyright 2010 IDC. Reproduction is forbidden unless authorized. All rights reserved.
Global IT Managers Security ConcernsGlobal IT Managers Security Concerns
COSTSCOMPLIANCE
THREATS
IT managers are forever trying to manage their costs, protect their businesses from
threats and adhere to compliance.
8/7/2019 Trends in Security 2010
11/24
Copyright 2010 IDC. Reproduction is forbidden unless authorized. All rights reserved.
Growing threat of data lossGrowing threat of data loss
0% 10% 20% 30% 40% 50% 60%
Corporate e-Mail
Lost/ Stolen Laptop
Web email or posting (board, blogs)
Lost/stolen mobile device
Instant Messaging
Media Devices
Others
0% 10% 20% 30% 40% 50% 60% 70%
Compliance related info(credit cards, social security nos)
Intellectual Property(designs, research)
Executive Communication
Confidential Financial Information
Others
Dont Know
Sources of Data LeakageTypes of information vulnerable to data leakage
Corporate data loss, deliberately or by accident, through employees, is a major securityconcernCorporate email and Web 2.0 programs are the most common sources for data loss withincompaniesIdentity and intellectual property information are most likely to be leaked
Source: IDCs Information Protection and Control Survey, 2007
8/7/2019 Trends in Security 2010
12/24
Apr-10 IDC
InternalThreats EducateYourCEOInternalThreats EducateYourCEO
11
Level of Spending on Internal Security Risks over the Next 12 Months by Company Size
Allocation of Budget Addressing Internal Security Risks by Company Size
Source: IDCs Insider Threat Survey, 2009 N = 400
8/7/2019 Trends in Security 2010
13/24
Apr-10 IDC
DLP riskmitigationsolutionDLP riskmitigationsolution
Importance of Monitoring for Data Loss Prevention by Device/Application
8/7/2019 Trends in Security 2010
14/24
Apr-10 IDC
NoDLPFundsinITBudget?AskLOB!NoDLPFundsinITBudget?AskLOB!
0.5%26.8%
25.2%19.5%
12.3%
15.7%
Other
Customeraccountand/orfinancialCorporateintellectualpropertyCompanyFinancialPersonalemployeeExecutivecommunications
Types of Information Organizations Are Most Concerned About
Source: IDCs Insider Threat Survey, 2009 N =
8/7/2019 Trends in Security 2010
15/24
Copyright 2010 IDC. Reproduction is forbidden unless authorized. All rights reserved.
Network perimeter becoming more difficult tocontrolNetwork perimeter becoming more difficult tocontrol
OS:s
Office Apps
Enterprise Apps
Web Apps
VoIP
IM
Mobile Phones &PDAs
Inc
reasedNetw
orkTraffic
Increased
Vulnerabilities
More Devices
More Applications
Viruses
SpywareSpam
Trojans
8/7/2019 Trends in Security 2010
16/24
Copyright 2010 IDC. Reproduction is forbidden unless authorized. All rights reserved.
Mobile Devices ProliferationMobile Devices Proliferation
0
50,000
100,000
150,000
200,000
250,000
300,000
350,000
2007 2008 2009 2010 2011 2012Worldwide
Worldwide Converged MobileDevice Forecast 2008-2012
0
5,000
10,000
15,000
20,000
25,000
2008 2009 2010
Consumer Business
Kenya Mobile Device Subscribers data2008-2010
CAGR: 10.1%
CAGR: 3.2%
NumberofMobileDeviceSh
ipments
NumberofMobileDeviceUs
ers
Increasing use of mobile devices for work
Kenya mobile subscriptions will exceed 20 million by end-2010.
Increased mobile device usage = increased threats and data leakage
Kenyan companies need to address policies & guidelines for mobile securityinstallation and device management.
8/7/2019 Trends in Security 2010
17/24
Copyright 2010 IDC. Reproduction is forbidden unless authorized. All rights reserved.
Network & Endpoint Security TrendsNetwork & Endpoint Security Trends
UTM (Unified threat management) appliances continue to be popular withsmall and medium-sized enterprises (SMEs) but are poised to perforate
larger businesses as they incorporate network, management, andadvanced security features.
Purchasing of multiple security point solutions (antivirus, antispyware,firewall, and intrusion detection) as a single solution is increasing rapidly.This trend will only continue as organizations search for comprehensive
security that is manageable as well.
As the network perimeter becomes more difficult to control, the usage ofendpoint security, that can provide security to mobile and remoteworkers and enforce security policies prior to a network connection, willincrease. This will require considerable enterprise management
capabilities associated with the endpoints.
8/7/2019 Trends in Security 2010
18/24
Copyright 2010 IDC. Reproduction is forbidden unless authorized. All rights reserved.
Emerging trends: Security virtualization& Security as a Service (SaaS)Emerging trends: Security virtualization& Security as a Service (SaaS)
Web security hosted services (Software as a Service (SaaS)) is becoming an attractiveplatform of choice, specifically in the small and medium-size business (SMB)environment.
A recent IDC survey found that Web security SaaS has the highest planned adoption
rate (14%) over the next 18 months in the 100999 employee size business environmentresources.
Virtualization of security will allow for ease of management and business continuity
Virtual Machine
Application
Operating System
Virtual Machine
Application
Operating System
Virtual Machine
Application
Operating System
Virtual Infrastructure
Virtual Infrastructure
Server
Consolidation(Applications)
HighAvailability
SafeTest/DevelopmentEnvironment
DisasterRecovery
Test and
PatchEnvironment
ApplicationIsolation
Forensics
Honey pots
SecuritySoftware
Appliance
8/7/2019 Trends in Security 2010
19/24
Copyright 2010 IDC. Reproduction is forbidden unless authorized. All rights reserved.
SummarySummary
More comprehensive Web security solutions are required tothwart the increasing sophistication of Web-based threats thatreach far beyond productivity, bandwidth, and liability issues.
In a time of economic slow down, companies are trying to savecosts by leveraging virtualization and software-as-a-service(SaaS) platforms. This is especially true for messaging security.Important not to sacrifice security effectiveness in exchange for
the benefits of virtualization or SaaS. Increase in purchase of multiple security tools (antivirus,
antispyware, firewall, and intrusion detection) as a single solution.
Web 2.0 and Crime 2.0 will require companies to consider
strengthening their web and messaging security solutions.
8/7/2019 Trends in Security 2010
20/24
8/7/2019 Trends in Security 2010
21/24
Copyright 2010 IDC. Reproduction is forbidden unless authorized. All rights reserved.
SimpleRiskManagementRecipeSimpleRiskManagementRecipe
Issues toconsider: Asset protection Safety IT Security Brand Integrity
Issues toconsider: Asset protection Safety IT Security Brand Integrity
Risks should be:
Identified
Prioritized
Remediated
Responded to based on Significance
and Value to business
Companies MUST:
Classify their data to determine its sensitivity
Determine who has the access to data
Determine how to protect it
8/7/2019 Trends in Security 2010
22/24
Copyright 2010 IDC. Reproduction is forbidden unless authorized. All rights reserved.
Security as a Business EnablerSecurity as a Business Enabler
The perception of security has evolved significantly over the years,from single-product perimeter-based security to an integrated
approach of security processes necessary to plan, assess, build,and manage secure network infrastructures and comprehensivesecurity programs.
IT Security has been elevated to the executive level as it has become abusiness decision for many companies in order to minimize theirrisk profile.
8/7/2019 Trends in Security 2010
23/24
Apr-10 IDC
EssentialGuidanceEssentialGuidance
Securitybudgetcutsshouldbemadewith
caution
PetitionLOBs andStakeholders
EducateCLevels
Evaluateandimplementyourownrisk
managementrecipe
8/7/2019 Trends in Security 2010
24/24
Copyright 2010 IDC. Reproduction is forbidden unless authorized. All rights reserved.
Thank YouThank You
For questions, pleasecontact:
Francis HookRegional Manager
IDC East Africa
fhook@idc.com