“IT security investments in the Middle East are fast shifting from intrusion protection technology to more database protection solutions, although most organisations are still missing the stringent application of these security measures,” said Rob Lamb, worldwide VP for IBM ‘s security product sales. Lamb, who visited the Middle East recently, spoke exclusively to CNME on the changing face of security investments in the region and the worldover.
In Lamb’s opinion, investments in IT security within organisations go through multiple stages based on the maturity of the organisation and its security awareness. Stage one comprises of basic measures – including firewall and anti-virus programmes. This is then followed by the second stage, where organisations implement more preventive and predictive measures, including intrusion protection techniques. The next stage is when organisations begin investing in protecting their data, and implementing solutions that help them understand the element of insider threat better. Once organisations have finished the transition to stage three, they are inclined towards applying identity management techniques and streamlining the processes associated with risk and security.
“In that regard,” he stated, “the MENA region currently lies on the threshold between stage two and three. Organisations in this region are beginning to feel the pressure associated with competition, and realise that the most vital detail is securing data from all possible threats.”
Lamb added that considering organisational maturity in the region, enterprises will likely move to the next stage and onwards within the next two years time. He also stated that the region reacts to security much in the same way that other developed nations does, and named three key drives for investments – protection from external threats, growing internal data breaches and the requirements associated with regulatory compliance.
“The Middle East region is a very exciting prospect for IBM’s security solutions in terms of growth across all sectors, particularly in the areas of banking and utilities. Clients in this region have witnessed an exponential increase in threats, and are very interested in being proactive and protecting themselves against these threats,” said Lamb.
As a security solutions vendor, IBM prides itself on bringing out a regular threat document – called the XForce report. Last year, the report noted a 27% increase in the number of disclosed security vulnerabilities globally. Around half of these risks were associated with web applications. “From a hacking standpoint, breaking into a web application brings the hacker closer to something of value like data bases as opposed to breaking into a network with labyrinthine rows of information. Today’s web attacks are very carefully planned and executed – in stark contrast to attacks of yesterday. Information is targeted and the hacker most often knows exactly what he/she wants when breaking into a web application.”
The report also highlighted a significant growth in risks associated with virtualised hypervisors.
Speaking on the growing importance of the cloud in the region, Lamb stated, “More organisations in the region will move towards private and hybrid cloud solutions. Enterprises in the region understand now that the cloud is another variant of computing that offers competitive advantages, while depending a different skill-set.” He also pointed out the importance of establishing precise SLAs with vendors offering cloud solutions to ensure that enterprise data remains confidential.
IBM currently employs over 15000 people within the security products division, with over 3000 patents across the security services and solutions sector.
“We are now working on developing solutions that enable more efficient classification and management of roles; integrating intrusion protection techniques with other technologies, and developing technology that allows real time automation of information relating to security threats to add to our existing portfolio spanning data and application security, threat management, physical security and identity management, ” concluded Lamb.