Photo - Liew Siew Choon, Senior Market Analyst, Software Research, IDC Malaysia.
A recent International Data Corporation [IDC] Malaysia study shows healthy IT security spending by Malaysian organisations in most basic security areas, such as network and endpoint security, but very little attention has been given to more sophisticated solutions that address critical gaps, said the IT market analyst.
IDC Malaysia senior market analyst, software research, Liew Siew Choon said that about 45 percent of the organizations across industries in Malaysia have 'very high concern on the increasing sophistication of security attacks. Some organisations from financial industry may have invested in advanced security solutions that are able to analyse, detect, and response in near real-time to sophisticated threats or any security incidents.
However, the majority of the organisations in other industries are investing more in fundamental security such as network security and endpoint security, said Liew.
"Although Malaysian organisations recognise the threats are getting more sophisticated, their IT spending is still prioritised on the fundamental security products that are insufficient to address the sophisticated threats," she said. "This fundamental security approach has to integrate with advanced security technologies in order to tackle the increasing threats issues."
Liew said the analysis was drawn from IDC's Continuum Study 2014, which showed the top three security issues Malaysian organisations said they would 'most likely to address in the next twelve months.'
- 23 percent on data loss prevention - a combination of network, endpoint, messaging, web, and storage security that provides protection on data in motion, in use, and at rest.
- 20.3 percent on network security - includes enterprise firewall software, network access control, virtual private network (VPN), and network intrusion detection and prevention software.
- 15 percent on endpoint security - includes antivirus/ antimalware, personal firewall software, and file/ disk encryption.
Graph - Security Priorities in Malaysia
Security model aligned to business
Liew said that only 9.3 percent of the organisations showed concern about security and vulnerability management that included security policy management, risk assessment and vulnerability scanning as well as advanced security technologies such as security analytics, threat intelligence, and forensics.
"The security model within the organisation has to be aligned with the changing business environment," she said. "Organisations will have to face up to more security challenges during the transition to 3rd Platform - the next-generation compute platform characterized by mobile, cloud, big data, and social - if IT spending is still focused on fundamental security products."
Liew said that organisations need to understand their risk profile through continuous risk assessment and to adopt advanced security solutions to improve their risk posture. "The spending on both fundamental and advanced security has to be balanced to mitigate the risk from changing threats."