We released the 2013 IT Security report, IDC’s annual attempt to predict the course of security industry in this part of world in the coming year, in February. IDC expects security to continue to be a hot market in 2013. Major trends like Compliance, Threat Landscape, Cloud, Mobility, Social, and Big data/analytics will continue to shape IT security. The Asia/Pacific excluding Japan (APEJ) region has a very broad spectrum of capabilities, maturity and variations in its outlook and optimism.
The following are the top 10 predictions for the IT security market in 2013. The document is also available on www.idc.com
This document was co-authored by Poon Wei Ang, Vern-Harn Hue and Pei Wang.
1. Chief Information Officers Will Become Extinct
The adoption of social, mobile, analytics/big data, and cloud by organizations to create agility and adapt to the changing environment has created a need to relook at the roles and responsibilities of the IT department. As a result, the role of the chief information officer is being phased out as the role of the chief innovation officer gets introduced. It is therefore important for IT security vendors to be able to identify organizations that have reorganized themselves and those who have not. IDC feels that this will allow IT security vendors to communicate the value of their products effectively to business leaders and also have a separate and technical discussion with the IT managers.
2. The New Chief Innovation Officer (CIO) Will Be Either a Friend or a Foe
Chief innovation officers today are mandated to add value to organizations with less hesitation and interruption to the business. Having a better grasp of the organization's strategy, financial, and technological implications allows the CIO to do so in a more effective manner. The CIO, with the reference of the (senior) IT manager on technical issues, will still need to balance between benefits and costs, which will lead to delays - or rejection - of certain proposed initiatives by the LoBs.
3. IT Security Will Be an Integral Part of Risk Management
As organizations look to transform and adopt the four megatrends, it is vital to note that IT security, which has been traditionally viewed as cost, gets a better understanding. Every business decision has risks involved and IT risk decisions should be made within this same framework and stakeholders within the organization need to be aware that every initiative is a risk if proper IT security measures are not in place.
4. There Will Be the Next Wave of Governance and Compliance
As predicted last year, additional complexities and IT-related risks from adoption of the four megatrends continue to compel the governing bodies across APEJ to review and create new governance, risk, and compliance (GRC) policies. Majority of the new policies revolve around the regulation of the flow and ownership of data as majority of IT-related incidents that have happened over the past few years have been with regard to data loss.
5. IT Transformation Demands Will Update IT Security Policy Framework
Continuing from prediction #4 taking a risk management approach for IT security alone is not enough if IT security policies are not reviewed and updated. Many times, IT security policies within the organization only get appended and a review of existing policies only happens when it starts to break. Situations like these make it very hard for the organization to adopt any one of the four megatrends without complications. For an organization to be fully prepared with regard to IT security, a rigorous IT security policy framework that is both proactive as well as aligned to the business strategy needs to be in place.
6. Identity Management Will Be Our IT Passport
One key solution that would help address the challenge of complexity that the four megatrends bring in will be Identity and Access Management (IAM). As organizations move to implement improved identity management processes through a better understanding of "who, when, what, where, and how," IDC believes that the fundamental philosophy of IAM needs to be realized, which is essentially "what identity management aims to achieve". Failure to do so will end up with an overly complex environment that is hard to maintain.
7. Biometrics Will Be Revisited
IDC has noticed that increasing numbers of organizations are adopting biometric security as an additional layer to IAM, creating a multifactor authentication environment for stronger levels of security. It is also important to note that organizations within APEJ with such interests are from mature markets such as Australia. As near-field communication (NFC) begins to mature within the mobility space, vendors should also be looking to expand on both NFC and biometric technology as the third layer within the multifactor authentication environment.
8. Data Loss Prevention and Data Recovery Will Be Challenges to Organizations
Organizations that are looking to focus on analytics and big data will face the challenge of data loss and data recovery. While data integrity does not fall directly under IT security, IDC feels that the potential risk of losing sensitive data through accidental deletion and hardware or software failures poses a huge impact to organizations. IDC believes that DLP solutions vendors could integrate into DLP solutions would be a form of "lifestyle effect". This is because while majority of end users do not really understand DLP as a technology, the idea of a secure lifestyle.
9. Mergers and Acquisitions of Niche and Small IT Security Vendors Will Be Low- Hanging Fruits
The current economic climate puts budgets under the microscope. Even though this challenge would seem smaller for large IT security vendors, IDC believes that mergers and acquisitions of smaller or niche IT security players would be low-hanging fruits for 2013. However, as for smaller IT security vendors, mergers and acquisitions will not only contribute to their solutions portfolios but also provide strength in size. This is particularly useful if the vendor has goals to expand its reach into other markets. One example would be the acquisition of LeadSec by Venus Sec in China to become one of the largest local IT security vendors.
10. There Will Be Lack of Skilled IT Security Professionals
As organizations increase their pace to adopt the four megatrends, the lack of skilled professionals will only increase. As a result, not only will organizations be ill-equipped to implement business initiatives but also minimize IT security-related risks. Adding to this would be that the demand for skilled IT security professionals that comes from the entire market, business organizations, system integrators, channel partners, as well as IT security vendors themselves.