Middle East and North Africa spending on information security technology and services is on pace to reach $1.8 billion in 2017, an increase of 11% over 2016, according to Gartner. Security services will continue to be the fastest growing segment in line with global trends, especially IT outsourcing, consulting and implementation services. The growth for security services will be driven by ongoing skills shortages in the information security domain as well as increased awareness of threats.
In a region where the oil and gas industry is critical to many local economies converging of operational technology, Internet of Things, and IT is pushing many organisations to start considering how to handle the potential new security vulnerabilities created. This will result in additional interest to invest in security products and services to mitigate these new risks that traditional information security practices are not accustomed to.
Rising awareness among chief executive officers, and boards of directors about the business impact of security incidents, and an evolving regulatory landscape, have led to continued spending on security products and services not to mention increased accountability at the board level when it comes to security implications making metrics and executive communication a hot topic for leaders.
“The region is also fixated on check box compliance, a hallmark of immaturity when it comes to security. In essence, there is a false sense of security in the GCC”
“However, improving security is not just about spending on new technologies. As seen in the recent spate of global security incidents, doing the basics right has never been more important. Organisations can improve their security posture significantly just by addressing basic security and risk related hygiene processes like patch management, regular and scalable vulnerability scanning, centralised log management, internal network segmentation, backups and system hardening. Do not buy a tool just because a tool exists, invest in people and process to maintain and operate these tools,” said Sam Olyaei, Senior Research Analyst at Gartner.
“The region is also fixated on check box compliance, a hallmark of immaturity when it comes to security. In essence, there is a false sense of security in the GCC. Digital business is transforming the region and it is all about managing risk; managing risk is about understanding the major perils a business will face, and prioritising controls and investments in security to achieve business outcomes.”
Other key security trends include:
- GDPR-related consulting and implementation services are expected to drive at least 10% of the overall security spend on security services through 2019.
The GDPR goes into effect in May 2018. However, Gartner expects the implementation, assessment and audit of the business processes, technology implementations and data protection mandates related to the GDPR to be the core focus of spending in the security services market for organisations doing business with or in the European Union.
Gartner believes this will drive at least 10% of market demand for security services through to 2019. Organisations will need to prepare for, and augment, their security stance to accommodate these new data protection regulatory mandates.
- By 2020, security skill management programs that include experimental recruitment and talent retention practices will rise to 20%, up from less than 1% today.
Persistent shortfalls in information security talent prevent organisations from implementing their information security programs, leaving gaps in coverage, stalled projects and increased risk of breaches due to the lack of information security on new business projects. New strategic developments, such as securing IoT, applications and services for digital businesses, will create new challenges, because the required skills simply do not exist.
To effectively address the increasing security talent shortage, organisations need to experiment with new recruiting practices. They should also actively manage security skill and talent retention, because talent and skill management are competitive advantages.
- By 2020, 40% of all managed security service contracts will be bundled with other security services and broader IT outsourcing ITO projects, up from 20% today.
To deal with the complexity of designing, building and operating a mature security program in a short space of time, many large organisations are looking to security consulting and ITO providers that offer customisable delivery components that are sold with the MSS. As ITO providers and security consulting firms improve the maturity of the MSS they offer, customers will have a much broader range of bundling and service packaging options through which to consume MSS offerings.
The large contract sizes associated with ITO and security outsourcing deals will drive significant growth for the MSS market through 2020.
- Through 2020, public cloud IaaS workloads will suffer at least 60% fewer security incidents than those in traditional datacentres.
Gartner has concluded that the security posture of major cloud providers is as good as or better than most enterprise datacentres, and that security should no longer be considered a primary inhibitor to the adoption of public cloud services. However, simply moving on-premises workloads to a public cloud does not automatically make these workloads more secure.
New approaches are needed that exploit the programmatic infrastructure of public cloud IaaS providers. If these capabilities are properly leveraged, the workloads will be better protected than those in most traditional enterprise datacentres. Successful attacks typically result from misconfiguration, mismanagement, missing patches and mistakes; thus, the more automation is used to remove and reduce human error and to tackle the patching problem, the more secure services will be.
Click below to share this article
