More Firms See IT Security as Strategic to their Business According to Fortinet-Commissioned Frost & Sullivan Survey

Nov 12, 2013 (Tue): Fortinet – a global leader in high-performance network security – today announced the main findings of a survey commissioned to Frost & Sullivan in Southeast Asia and Hong Kong, revealing a more strategic approach by organizations towards IT security. Customer satisfaction has overtaken compliance requirements as the leading driver for security, while CEOs now have unprecedented involvement – in front of CFOs and even CIOs − in security decision-making. The latter finding reflects management’s realization of the business impact and value of IT security.

The survey also reveals an evolution of organizations’ attitudes towards cloud computing, as growing adoption of private clouds − which result in data being centralized in the data centre − drive firms to consider making their data centres their new security operation centres (SOCs).

Conducted in October 2013 in Singapore, Malaysia, Thailand and Hong Kong, the survey polled 300 senior executives with positions like CIO, CTO and Head of IT. The 75 respondents from each country came from various verticals, including the four key verticals of financial services, service provider, government and education, and hailed from organizations of all sizes.

Customer Satisfaction the Leading Cause of IT Security Adoption

The survey found that customer satisfaction is now the main reason for firms across the region to adopt security, ahead of compliance and risk reduction. Customer satisfaction was rated particularly strongly in Malaysia and Thailand − it was listed as No. 1 in Malaysia and tied with compliance for the top spot in Thailand. Regional business hub Singapore still ranked risk reduction as No. 1, with customer satisfaction a close second. Employee productivity concerns, on the other hand, took the pole position in Hong Kong, suggesting a relatively receptive attitude towards BYOD (bring-your-own-device) and telecommuting.

Edison Yu, Associate Director, ICT Practice, Frost & Sullivan Asia Pacific, said: “The finding suggests that organizations in the region have moved from implementing IT security to comply with rules and policies to leveraging it in a more strategic manner. This is a healthy development that bodes well for enterprises’ long-term prospects.”

Security now gets the CEO’s Attention

According to the survey, IT security issues have found their way up to the C-suite. Overall, 69% of the respondents said that their CEO is a decision maker in IT security matters, with 40% saying he/she is a key decision maker. This is ahead of the 46% and 30% given for the CIO, and the 44% and 12% given for the CFO, respectively. The role of the CEO in IT security is particularly pronounced in Malaysia and Thailand, where 45% of the respondents in each country said the CEO is the key decision maker.

Yu said: “More and more firms are realizing that security is not the remit of the IT department alone. The impact of a security breach on business is real and broad, and management wants to be proactively involved in preventing it. As IT security starts to be treated as a business risk, we see it becoming an integral part of organizations’ risk management strategies.”

Private Cloud Adoption Drives Data Centre to Become the New Security Command Post

Respondents in the region generally cited virtualization, resource consolidation and cloud computing as the requirements they are looking at for their data centre in the next 12 months. A substantial proportion (16%) also said they want their data centre to take on the role of a security command post. This trend is stronger in Malaysia and Thailand, with 21% and 19% of the local respondents citing it, respectively.

Yu said: “This aspiration is consistent with organizations’ rising adoption of private clouds to consolidate IT in the data centre. Using the data centre as their new security operation centre (SOC) is a logical extension of this move and a good way to maximize the value of their data centre investment. We expect this trend to gain wider traction in the coming years.”

The majority of respondents consider DDoS prevention/Web application firewalls, application security and network security as critical technologies in a data center setup. Singapore and Hong Kong rated application security as No. 1, result that may be driven by the Web-centricity of the multi-national corporations there. Thailand put network security in the top spot, while Malaysia prioritized network management, with application security and network security in joint second place.

Keep us Safe, but do it Cost-Effectively

The survey also revealed a widespread urge to maximize value from IT security investments. Overwhelmingly, respondents opted for IT security solutions that consolidate multiple functionality into one device, citing greater protection, easier management and lower cost as the main reasons for such choice. Malaysia and Thailand were the two countries most inclined towards such consolidated security platforms. Over two-thirds of the respondents from these countries − 69% for Malaysia and 72% for Thailand − preferred such platforms over stand-alone security solutions.

Firms relying on external parties for their security needs also expect value for their money. More than one-third (36%) of the respondents in the region wanted their solution providers to deliver value-added services − such as visibility reports, forensics and risk profiling – in view of maximizing the returns on their security investments. This expectation was strongest in Malaysia (37%) and Thailand (45%). The desire for value-added services ranked fourth, just after better support (#1), better performance (#2) and better pricing (#3).

Dato’ Seri George Chang, Fortinet’s Vice President for Southeast Asia & Hong Kong, said: “We are glad to see that the survey results − consistent with our conversations with end-users − show that the C-suite are rethinking and reviewing their approach to IT security to better align with corporate’s broader risk management objectives. Their realization that IT security is a business enabler rather than an infrastructure cost will pave the way for a more secure environment that will benefit both enterprises and consumers.”

Author: Terry KS

Share This Post On