Region's banks still spending on MSS

Despite current economic climate, spending on managed security services by financial institutions in Asia will continue, say industry watchers.
Written by Vivian Yeo on

Financial institutions in the region will continue to spend on managed security services (MSS) in spite of the economic slowdown, even though spending on external consultants could be affected.

Andrew Walls, research director for security, risk and privacy at Gartner, told ZDNet Asia in an e-mail interview that the MSS market is still growing in the Southeast Asian region. Financial centers in the Asia-Pacific region--Singapore, Hong Kong and Sydney--are also key targets for domestic and multinational MSS providers (MSSPs).

Across the region, the take-up for MSS will not differ too much from pre-crisis days, Walls said. "Gartner does not expect a sudden change in adoption rates for MSSPs in 2009 as the operational changes required to either adopt or pull back from MSS [call for] capital investments that will be difficult to justify during a period of economic stress," he explained.

Market research data from Gartner in June this year, indicated that the MSS market in the Asia-Pacific region will grow at a compound annual growth rate of 12 percent between 2006 and 2011. The report, co-authored by Walls and Gartner's principal research analyst Kelly M. Kavanagh, said: "Providers with the capability to guide and support client efforts to demonstrate compliance with local and international regulatory requirements, were more successful in all Asia-Pacific countries."

Walls, however, noted that like companies in other industries, financial service institutions in Singapore may reduce expenditure for consultants and contractors in 2009. This could lead to a slowdown in security projects that are highly dependent on external resources.

"Banks should closely inspect business cases for major changes to security operations, to assure that the investment [has merit] in terms of risk reduction, cost containment and development of long-term capabilities," he pointed out. "This critical review process includes an examination of the stability and expected longevity of the vendors being considered."

The trend, added Walls, "will not have a detrimental impact" on established MSSPs but could create higher barriers to entry for new MSSPs and multinational MSSPs attempting to enter new geographical markets.

Richard Knott, vice president for enterprise sales and managed services at Tata Communications, told ZDNet Asia in a phone interview that the demand for MSS will increase over time.

"The banks have always been…keen on making sure that they manage risk [well]. The fact that there's a financial crisis going on at the moment, doesn't change the importance for those banking and finance companies to manage their network and security risk issues," he said.

"More and more customers are reaching the point where developments in the security field are moving so quickly, that if a customer wants to manage all the security requirements in-house they need to develop a lot of expertise, [constantly] monitor market developments and spend quite a lot of money in resources, skills and infrastructure to adapt to future requirements," added Knott. "More customers are looking to partners, suppliers [and] vendors who can take that [responsibility of the] overall management of the security issue, from them."

Tata Communications eyes S'pore banks' spend
Tata Communications' optimism is reflected in a recent initiative the company developed in Singapore. In October, it announced a security compliance consortium to address revised Internet Banking and Technology Risk Management (IBTRM) guidelines by industry regulator, the Monetary Authority of Singapore (MAS).

"We had some discussions with our customers and we found that a simple solution with one vendor was probably not going to meet all the requirements the banks need to fulfill," said Knott. "So we reached out to specialists in other areas that expanded our overall capabilities and joined forces to create an overall solution where our partners could meet certain requirements, and we could meet others."

Banks in the island-state are "very interested" in Tata's proposition, he reported, without revealing names.

According to Knott, Singapore is the first country in which Tata Communications has established such a consortium, and there are "synergies and possibilities" that make the partnership a viable model for other countries. "We expect other countries within the Asia-Pacific region will be taking similar measures in future, and we'll be looking to see how we can meet those requirements, perhaps working with some of the partners we have now or reaching out to others depending on the geographies that we're addressing," he explained.

Abhishek Kumar, senior research analyst at IDC's Financial Insights, noted in an e-mail, the usefulness of the consortium in providing a single point of contact to banks. However, he pointed out that Tata Communications and its appointed partners could face some challenges working with the local financial institutions.

"Many banks have already made investments with other security vendors [that] are not necessarily part of the security compliance consortium, and questions of technology compatibility and integration may arise with [the current usage of] proprietary solutions from multiple vendors," he said.

Gartner's Walls, warned that banks should not assume that engagement of the consortium will satisfy their obligations under the MAS regulations. "Security managers in the financial services industry must understand their obligations under the IBTRM--and other regulations such as PCI DSS (Payment Card Industry Data Security Standard)--and determine how to satisfy those obligations and demonstrate an appropriate level of regulatory compliance.

"Regardless of the vendors involved in assisting a bank to comply with the IBTRM, at the end of the day, the Bank is responsible for compliance," Walls pointed out. "If a bank fails to comply with the IBTRM, the bank has failed, not the vendors.

"Compliance with regulations such as the IBTRM is relatively simple, and less expensive, when a comprehensive security strategy has been implemented," he added.


Apple politely explains why iPhone cases are a waste of money
Apple iPhone 13 Pro Max

Apple politely explains why iPhone cases are a waste of money

The 8 best iPhone models of 2022

The 8 best iPhone models of 2022

Delta Air Lines just made a callous admission that customers may find galling

Delta Air Lines just made a callous admission that customers may find galling