APAC firms look to improve security

Security remains high on the corporate agenda this year with companies looking to further beef up data protection and networks, a new ZDNet Asia study has revealed.

Conducted in November 2009, the online survey of 438 IT decision makers across the Asia-Pacific region found that 81.4 percent saw improving security of data and IT systems as a major consideration, second only to the need to enhance applications to better fit business processes.

This was especially evident in the government and retail and logistics sectors, where 94.1 percent and 90.9 percent of respondents, respectively, said data and systems security was a key consideration when making IT improvements. By organization size, midsize businesses with between 100 and 500 employees felt the strongest need to beef up their company's security well-being.

Queried about their interest in various IT strategies and technologies, two-thirds (66.8 percent) of those surveyed indicated the most interest in security enhancement. This area of focus edged out technologies such as virtualization, mobile working solutions, unified communications and software-as-a-service, in terms of mindshare gained from the survey respondents.

Eric Hoh, Asia South vice president at Symantec, said the company expects its customers to look more closely at reputation management in order to enhance their security posture. Organizations typically must choose to implement either a highly locked-down environment--usually by using a whitelist--that leads to user frustration and work inefficiencies, or an environment where users have complete freedom with their machines, but will then expose the entire organization to greater risks.

"It is a challenge finding the right balance between the two and reputation management helps bridge this gap [because] it provides real-time data to enable IT administrators to practically deploy policies to control what software has access to their environment," Hoh explained in an e-mail. "Such policies can inexpensively restrict access to all but well-known and well-trusted applications."

Another technology that will be tapped is data loss prevention (DLP), he said. Given the statistics on insider threat, DLP is essential to ensure "critical information is kept safely within the organization".

No dent from recession
A key challenge survey respondents said they face was reduction in IT budgets, but industry watchers indicate that security may not be too badly affected.

According to Edison Yu, Asia-Pacific industry analyst for Frost & Sullivan's ICT practice, security has been more "recession-proof" than other IT markets due to the maturing security mindset that enterprises in the region now possess.

He noted that more enterprises today rely on IT to be more competitive during the downturn, and this in turn motivates them to spend more on strengthening their existing security posture.

Over the last year, technologies such as integrated security offerings including unified threat management (UTM) and managed security services, have increased in adoption. Yu said: "Whilst the UTM solutions have been key in driving security adoption at the branch-office level in light of rapid branch expansion undertaken by enterprises in the region, we have also seen a gradual take-up of UTM appliances at the data center, particularly with more enterprises moving onto a layered defense approach."

At the same time, the emphasis on Opex, or operating expenditure, during the uncertain times in the past year led to a "resurgence" of the services model, he noted. "We have definitely seen demand for the services model ramping up in markets such as Australia and New Zealand, India and even Asean, as enterprises began to sway toward the lower costs and greater security expertise offered by the managed security service providers in the region.

"Moreover, with cloud computing emerging on the horizon, the cloud-based security services are likely to become more prevalent in the near future," Yu added.

He noted that the economic slowdown over the last year had caused many enterprises to "rethink" their existing strategy toward IT security. Going forward, as technology becomes more intimately built into the enterprise, organizations will view security more from a business perspective, he pointed out.

"IT security is likely to become a risk management issue for enterprises in the next couple of years, beyond the current scope of threat management," said Yu. "The concept of risk management will also mean that enterprises will be forced to review their security strategy from a technology, process and people standpoint."

Corporates aiming dollars at network security
The ZDNet Asia survey further found that 39.4 percent of respondents planned to implement network security within the next six months, while 38.3 percent indicated they would roll out antivirus software, antispyware or systems to handle malware. Over one-third (35.3 percent) were also looking at core infrastructure technologies in networking and security.

Another quarter of the executives surveyed said they were planning to implement these options within the next six to 12 months. Also frequently highlighted for implementation within the next 12 months were authentication, e-mail messaging and physical security technologies.

Smaller midsize organizations with between 50 and 100 employees were the most likely to implement networking security as well as antivirus, antispyware or systems to tackle malware in the short term.