Sophos study finds complexity driving need for integrated security in ME
Sophos, a global leader in network and endpoint security, has released the findings of a regional study indicating that the majority of organisations in the Middle East and Africa (MEA) are recognising the benefits of integrated security, especially the concept of linking network firewall and endpoint security for better insights. However, the report revealed that although MEA organisations were unlikely to increase the number of vendors they interact with, they were likely to increase the number of products in use, which highlights that organisations in the region currently do not tend to follow an integrated strategy when it comes to security.
The Sophos-sponsored InfoBrief Synchronized Security Market Analysis – Middle East & Africa, developed by International Data Corporation (IDC), revealed that MEA countries represented a total security solutions market potential of nearly $1.89 billion in 2015, which is expected to increase at a CAGR of 9.3 per cent to a total of $2.94 billion in 2020 as per the IDC Worldwide Security Spending Guide, H12016. Close to 42 per cent of organisations in the MEA felt ‘highly confident’ of their security posture.
“IT security is a top priority for companies in this region as it can impact uptime and overall service levels. In terms of plans to deploy, there is a major focus on end-to-end coverage with advanced security systems, making it apparent that respondents want to simplify and improve control over securing their organisation’s assets. This is followed by plans to deploy mobile device security and cloud-specific security solutions. MEA’s mobile device proliferation is among the highest in the world, making it important to secure devices and content on devices. Increased deployment of private and public cloud services makes it critical for organisations to integrate security as a part of their cloud strategy,” said Harish Chib, Vice President Middle East & Africa, Sophos.
“It is clear from the responses that, in addition to threat landscape complexity, organisations do not have a holistic strategy when it comes to deploying their security solutions. With the increase in sophisticated attacks across the region, companies are now looking for smarter and simpler IT security solutions. The majority of respondents across all four countries agreed with the concept of linking network firewall and endpoint security for better insights. The acceptance is higher among larger enterprise. Synchronised security is the new key for protection against cyber threats,” Mr Chib added.
By far the biggest complexity factor found in the study was configuration and management. Respondents in Saudi Arabia and the UAE rated this as their biggest concern when it comes to security complexity. In MEA, only 33 per cent of organisations have a single-vendor strategy, with the majority of them highlighting their multiple-vendor security environments, with some companies in the UAE and KSA indicating in excess of nine vendors, indicative of the level of complexity within their environment. In addition, organisations in MEA indicated having around 1–6 products, while a few were in excess of 13. This variance between the number of vendors and products deployed is indicative of a lack of an integrated view. However, this is likely to change in the future as the majority highlighted organisations’ plan to invest in a centralised security management console over the next one to two years, with UAE organisations at the forefront, indicating their intention to invest in the next 12 months.
Data Loss Prevention (DLP) was ranked as the top information security priority in the UAE and Saudi Arabia, with Data Privacy Issues also being highlighted as a priority in the UAE, and cloud security and access management as priorities in Saudi Arabia. In the UAE, most organisations seem to have a similar level of investment, with lots of different solutions in place and plans to invest in additional security solutions. However, malware detection and prevention solutions were surprisingly low in the UAE. When referring to the size of organisations, DLP was a top priority for both SMBs and enterprises, while security governance and management, business continuity and attack and penetration testing are higher priorities for larger organisations in the region.
In the MEA region, external threats were revealed to be a major concern with viruses highlighted as being extremely significant, alongside unintentional data leakage. Skills constraints across technologies also remained a major challenge in the MEA region, while the lack of real-time protection and security complexity also create limitations to improving security programs.