APAC enterprises revising security strategies

New survey reveals Asia-Pacific organizations looking to improve security strategies and priorities in light of changing IT landscape and evolving security threats.
Written by Ellyne Phneah, Contributor

Asian enterprises are relooking their security strategies in light of cloud computing and mobility, and threats becoming more broad-based, according to findings of a new security survey by Fortinet.

Shedding more light on the survey results, George Chang, regional director of Fortinet Southeast Asia and Hong Kong, told ZDNet Asia that companies based in the region are aware of rapid IT consumerization and want to upgrade their security systems. They also see the rise of cloud computing as "unstoppable" and want to broaden their scope of security coverage, he said in his e-mail.

Conducted in August 2011, the study involved 350 IT decision makers in China, Hong Kong, India, Japan, Singapore, South Korea and Taiwan. They were asked to share their security strategies and priorities in a rapidly evolving IT landscape where businesses are trying to keep up with cloud computing and mobile device proliferation.

According to the findings, respondents believe that the top two areas of improvement by far are comprehensiveness of coverage and cost of IT security implementation. Specifically, they want coverage to be extended beyond the core network perimeter to areas such as mobile endpoints and processes, as well as security-related costs to be reduced.

Of the seven Asian markets surveyed, Singapore had the most respondents (71 percent) citing comprehensiveness of coverage as their top priority, while those in Hong Kong were most concerned with cost effectiveness--nearly six in 10, or 58 percent, indicated so.

In terms of the drivers for strategy changes, 36 percent of those surveyed pointed to cloud computing, while 16 percent virtualization. Other influences responsible for IT security strategy include the emergence of more sophisticated threats and attacks, user-led IT and mobility.

"The remarkable pace of cloud computing adoption and the growing trend of employees plugging their personal devices to the corporate network are posing serious challenges to traditionally secured networks," Patrice Perche, senior vice president international sales and support at Fortinet, said in a statement. "Organizations must evaluate their security posture in a timely manner, so that they can take immediate steps against new vulnerability points on the network, as well as secure new technologies that emerge."

Additionally, Fortinet found that 85 percent of respondents were concerned about their firms' ability to secure corporate data in the new user-led IT environment, where individual users rather than enterprises define the preferred IT practices and technologies they wish to use. South Korean and Indian organizations were the most worried by "IT consumerization" at 94 percent, and those from Japan the least, at 63 percent.

The unified threat management specialist also reiterated that current security threats are no longer port-based but can attack via the application layer. According to the vendor, 42 percent of respondents are using or plan to use a firewall with application control features and 45 percent are using or plan to use specialized Web applications and XML firewalls to secure Web-based applications.

Fortinet also reported that 59 percent of respondents named wireless networks as the most vulnerable element of their corporate IT infrastructure. They were rated the highest in terms of risk severity ahead of endpoints and databases.

Chang noted that the corporate network will witness the further breakdown of boundaries with the arrival of mobile and cloud computing, as networks will become "more porous" and the traditional approach of safeguarding the enterprise by keeping all external parties out is no longer effective.

Stepping up security
The study revealed that organizations assessed their IT security strategy frequently in line with fast evolving trends. Nearly three-quarters, or 74 percent, of respondents have conducted a full reappraisal of their information security strategy in the last 12 months.

Seventy-one percent of respondents have also consolidated security elements to take advantage of tighter security, simplified management and lower cost, and 90 percent of them indicated that they will continue to streamline their security technologies and processes over the next 12 months. Just over a quarter (26 percent) of those surveyed plan to embark on a network security consolidation exercise for the first time in the next 12 months and only 3 percent of respondents plan to continue abstaining from network security consolidation in the foreseeable future.

Asked on the trend of security strategies and priorities, Chang added that the near future will revolve around the security of private information in a public network--the cloud. Cloud computing and the proliferation of tablets and smartphones are moving into prime time with the widespread availability of bandwidth, he explained.

"Enterprises' focus in the next one to two years will be on allowing users to access corporate data at a higher speed with no compromise," he said.

Editorial standards