Sophos has released the findings of a regional study indicating that majority of organisations in Middle East and Africa (MEA) are recognising the benefits of integrated security especially the concept of linking network firewall and endpoint security for better insights.
However, the report revealed that although MEA organisations were unlikely to increase the number of vendors they interact with, they were likely to increase the number of products in use, which highlights that organisations in the region currently do not tend to follow an integrated strategy when it comes to security.
The Sophos-sponsored InfoBrief Synchronised Security Market Analysis – Middle East and Africa, developed by International Data Corporation (IDC), revealed that the MEA countries represented a total security solutions market potential of nearly $1.89 billion in 2015, which is expected to increase at a CAGR of 9.3 percent to a total of $2.94billion in 2020 as per the IDC Worldwide Security Spending Guide, H12016. Close to 42 percent of organisations in the MEA felt ‘highly confident’ of their security posture.
“IT security is a top priority for companies in this region as it can impact uptime and overall service levels. In terms of plans to deploy, there is a major focus on end-to-end coverage with advanced security systems, making it apparent that respondents want to simplify and improve control over securing their organisation’s assets. This is followed by plans to deploy mobile device security and cloud-specific security solutions. MEA’s mobile device proliferation is among the highest in the world, making it important to secure devices and content on devices. Increased deployment of private and public cloud services makes it critical for organisations to integrate security as a part of their cloud strategy,” said Harish Chib, Vice President Middle East and Africa, Sophos.
“It is clear from the responses that, in addition to threat landscape complexity, organisations do not have a holistic strategy when it comes to deploying their security solutions. With the increase in sophisticated attacks across the region, companies are now looking for smarter and simpler IT security solutions. The majority of respondents across all four countries agreed with the concept of linking network firewall and endpoint security for better insights. The acceptance is higher among larger enterprise. Synchronised security is the new key for protection against cyber threats,” Chib added.
By far the biggest complexity factor found in the study was configuration and management. Respondents in Saudi Arabia and UAE rated this as their biggest concern when it comes to security complexity.
In MEA, only 33% of the organisations have a single-vendor strategy with majority of them highlighted their multiple-vendor security environments, with some companies in UAE and KSA indicating in excess of nine vendors — indicative of the level of complexity within their environment. In addition, organisations in MEA indicated having around 1–6 products, while a few were in excess of 13. This variance between the number of vendors and products deployed is indicative of a lack of an integrated view. However, this is likely to change in the future as the majority highlighted of organisations’ plan to invest in a centralised security management console over the next 1–2 years, with UAE organisations at the forefront, indicating their intention to invest in the next 12 months.
Dtata Loss Prevenion (DLP) was ranked as the top information security priority in UAE and Saudi Arabia with Data Privacy Issues also being highlighted as a priority in UAE and cloud security and access management as priorities in Saudi Arabia. In the UAE, most organisations seem to have a similar level of investment, with lots of different solutions in place and plans to invest in additional security solutions. However, malware detection and prevention solutions were surprisingly low in the UAE. When referring to the size of organisations, DLP was a top priority for both SMBs and enterprises while security governance and management, business continuity, and, attack and penetration testing are higher priorities for larger organisations in the region.