Trends in Security 2010

8/7/2019 Trends in Security 2010

1/24

Copyright 2010 IDC. Reproduction is forbidden unless authorized. All rights reserved.

Emerging Trends in IT SecurityEmerging Trends in IT Security

IDC IT Security Road Show 2010Nairobi

Francis Hook

Regional Manager

IDC


2/24

Apr-10 IDC

Africa in Perspective

In Catch-up Phase

Africa in Perspective

In Catch-up Phase

$23 $75 $32 $22 $10 $8 $4 $2$55

$1,485

$127

$1,277

$781

$216

$1,108

0.5%

0.8%1.2%0.7%

0.9%1.4%

1.1%

4.2%

1.1%1.8%

2.8%

1.9%1.5%

3.6%

3.8%

$0

$200

$400

$600

$800

$1,000

$1,200

$1,400

$1,600

UK

Sing

apore

Cana

daUA

E

South

Afric

a

Russia

China

India

Mauritius

Moroc

co

Egypt

Keny

a

Nige

ria

Tanz

ania

Ethio

pia

ITSpendingPerCapita

0%

1%

1%

2%

2%

3%

3%

4%

4%

5%

ITasSh

areofGDP

IT Spending Per Capita 2009 IT as Share % of GDP

Source: EIU, IDC


3/24

Apr-10 IDC

Worldwide IT Security SpendingWorldwide IT Security Spending

$48,732$55,254

$62,937$71,868

$81,778

13.8%14.2%

13.9%13.4%14.7%

3.6%

5.7%

5.5%2.9%

-1.8%

0

10,000

20,000

30,000

40,000

50,000

60,000

70,000

80,000

90,000

2008 2009 2010 2011 2012

US

$Millions

-4%

-2%

0%

2%4%

6%

8%

10%12%

14%

16%

Worldwide IT Security Products & Services Spending

Growth %

Worldwide IT Spending


4/24

Apr-10 IDC

IT Security Spending - KenyaIT Security Spending - Kenya

0

2

4

6

8

10

12

14

2008 2009 2010 2011 2012 2013

IT Security Spending

Spending for appliances, software and security servicesSource IDC Kenya Security Study 2009


5/24


Worldwide IT Security SpendingWorldwide IT Security Spending

As IT budgets undergo cut backs, security spending willNOT be one of the areas significantly affected by thiseconomic downturn.

Between 2009 - 2011, security products and services willremain stronger than other IT areas because ofcompliance and business requirements.

Many organizations will defer discretionary projects,freeze hiring, and actively look for savings fromvirtualization, hosted services, and automated security

management.


6/24

Apr-10 IDC

Companies using more security

services.

Companies using more security

services.$44,130

$37,902

$32,308

$27,496

$23,453

$20,171

0

5,000

10,000

15,000

20,000

25,000

30,00035,000

40,000

45,000

50,000

2007 2008 2009 2010 2011 2012

US

$

M

illion

s

Source: Worldwide Security Services 2008-2012

CAGR 13.5%

The worldwide security services marketwas valued at $20.1 billion in 2007, andit is expected to increase at a slowercompound annual growth rate (CAGR)

of 13.5% over the 20082012 period

Security operation services andconsulting services will continue to bedriven by enterprise demand forsecurity management and security

architecture assessments.

Technologies such as identity andaccess management, unified threatmanagement, endpoint, messaging andWeb security will continue to drivesecurity services spending as

organizations are increasingly lookingto centralize their management andadministration as these technologiescan no longer function in a silo fashion.


7/24

Apr-10 IDC

Security is a big challenge for CIOs in AfricaSecurity is a big challenge for CIOs in Africa

What are the biggestchallenges you face today?

N = 50; IDC Africa CIO Summit 2010


8/24

Apr-10 IDC

Rise in threatsRise in threatsI2


9/24

Slide 8

I2 Could you adapt this for Kenya?IDC, 4/5/2010


10/24


Global IT Managers Security ConcernsGlobal IT Managers Security Concerns

COSTSCOMPLIANCE

THREATS

IT managers are forever trying to manage their costs, protect their businesses from

threats and adhere to compliance.


11/24


Growing threat of data lossGrowing threat of data loss

0% 10% 20% 30% 40% 50% 60%

Corporate e-Mail

Lost/ Stolen Laptop

Web email or posting (board, blogs)

Lost/stolen mobile device

Instant Messaging

Media Devices

Others

0% 10% 20% 30% 40% 50% 60% 70%

Compliance related info(credit cards, social security nos)

Intellectual Property(designs, research)

Executive Communication

Confidential Financial Information

Others

Dont Know

Sources of Data LeakageTypes of information vulnerable to data leakage

Corporate data loss, deliberately or by accident, through employees, is a major securityconcernCorporate email and Web 2.0 programs are the most common sources for data loss withincompaniesIdentity and intellectual property information are most likely to be leaked

Source: IDCs Information Protection and Control Survey, 2007


12/24

Apr-10 IDC

InternalThreats EducateYourCEOInternalThreats EducateYourCEO

11

Level of Spending on Internal Security Risks over the Next 12 Months by Company Size

Allocation of Budget Addressing Internal Security Risks by Company Size

Source: IDCs Insider Threat Survey, 2009 N = 400


13/24

Apr-10 IDC

DLP riskmitigationsolutionDLP riskmitigationsolution

Importance of Monitoring for Data Loss Prevention by Device/Application


14/24

Apr-10 IDC

NoDLPFundsinITBudget?AskLOB!NoDLPFundsinITBudget?AskLOB!

0.5%26.8%

25.2%19.5%

12.3%

15.7%

Other

Customeraccountand/orfinancialCorporateintellectualpropertyCompanyFinancialPersonalemployeeExecutivecommunications

Types of Information Organizations Are Most Concerned About

Source: IDCs Insider Threat Survey, 2009 N =


15/24


Network perimeter becoming more difficult tocontrolNetwork perimeter becoming more difficult tocontrol

OS:s

Office Apps

Enterprise Apps

Web Apps

VoIP

IM

Mobile Phones &PDAs

email

Inc

reasedNetw

orkTraffic

Increased

Vulnerabilities

More Devices

More Applications

Viruses

SpywareSpam

Trojans


16/24


Mobile Devices ProliferationMobile Devices Proliferation

0

50,000

100,000

150,000

200,000

250,000

300,000

350,000

2007 2008 2009 2010 2011 2012Worldwide

Worldwide Converged MobileDevice Forecast 2008-2012

0

5,000

10,000

15,000

20,000

25,000

2008 2009 2010

Consumer Business

Kenya Mobile Device Subscribers data2008-2010

CAGR: 10.1%

CAGR: 3.2%

NumberofMobileDeviceSh

ipments

NumberofMobileDeviceUs

ers

Increasing use of mobile devices for work

Kenya mobile subscriptions will exceed 20 million by end-2010.

Increased mobile device usage = increased threats and data leakage

Kenyan companies need to address policies & guidelines for mobile securityinstallation and device management.


17/24


Network & Endpoint Security TrendsNetwork & Endpoint Security Trends

UTM (Unified threat management) appliances continue to be popular withsmall and medium-sized enterprises (SMEs) but are poised to perforate

larger businesses as they incorporate network, management, andadvanced security features.

Purchasing of multiple security point solutions (antivirus, antispyware,firewall, and intrusion detection) as a single solution is increasing rapidly.This trend will only continue as organizations search for comprehensive

security that is manageable as well.

As the network perimeter becomes more difficult to control, the usage ofendpoint security, that can provide security to mobile and remoteworkers and enforce security policies prior to a network connection, willincrease. This will require considerable enterprise management

capabilities associated with the endpoints.


18/24


Emerging trends: Security virtualization& Security as a Service (SaaS)Emerging trends: Security virtualization& Security as a Service (SaaS)

Web security hosted services (Software as a Service (SaaS)) is becoming an attractiveplatform of choice, specifically in the small and medium-size business (SMB)environment.

A recent IDC survey found that Web security SaaS has the highest planned adoption

rate (14%) over the next 18 months in the 100999 employee size business environmentresources.

Virtualization of security will allow for ease of management and business continuity

Virtual Machine

Application

Operating System

Virtual Machine

Application

Operating System

Virtual Machine

Application

Operating System

Virtual Infrastructure

Virtual Infrastructure

Server

Consolidation(Applications)

HighAvailability

SafeTest/DevelopmentEnvironment

DisasterRecovery

Test and

PatchEnvironment

ApplicationIsolation

Forensics

Honey pots

SecuritySoftware

Appliance


19/24


SummarySummary

More comprehensive Web security solutions are required tothwart the increasing sophistication of Web-based threats thatreach far beyond productivity, bandwidth, and liability issues.

In a time of economic slow down, companies are trying to savecosts by leveraging virtualization and software-as-a-service(SaaS) platforms. This is especially true for messaging security.Important not to sacrifice security effectiveness in exchange for

the benefits of virtualization or SaaS. Increase in purchase of multiple security tools (antivirus,

antispyware, firewall, and intrusion detection) as a single solution.

Web 2.0 and Crime 2.0 will require companies to consider

strengthening their web and messaging security solutions.


20/24


21/24


SimpleRiskManagementRecipeSimpleRiskManagementRecipe

Issues toconsider: Asset protection Safety IT Security Brand Integrity

Issues toconsider: Asset protection Safety IT Security Brand Integrity

Risks should be:

Identified

Prioritized

Remediated

Responded to based on Significance

and Value to business

Companies MUST:

Classify their data to determine its sensitivity

Determine who has the access to data

Determine how to protect it


22/24


Security as a Business EnablerSecurity as a Business Enabler

The perception of security has evolved significantly over the years,from single-product perimeter-based security to an integrated

approach of security processes necessary to plan, assess, build,and manage secure network infrastructures and comprehensivesecurity programs.

IT Security has been elevated to the executive level as it has become abusiness decision for many companies in order to minimize theirrisk profile.


23/24

Apr-10 IDC

EssentialGuidanceEssentialGuidance

Securitybudgetcutsshouldbemadewith

caution

PetitionLOBs andStakeholders

EducateCLevels

Evaluateandimplementyourownrisk

managementrecipe


24/24


Thank YouThank You

For questions, pleasecontact:

Francis HookRegional Manager

IDC East Africa

[email protected]

Trends in Security 2010

Documents

Transcript of Trends in Security 2010