Middle East and North Africa (MENA) spending on information security will reach US$1 billion in 2014, an increase of 8 percent over 2013, according to Gartner, Inc. Network security equipment and security services together will account for approximately 75 percent of enterprise spend in 2014, and this trend is expected to continue through 2018.
Eric Paulak, managing vice president research at Gartner, provided the latest outlook for the information security industry here today at the Gartner Security and Risk Management Summit, which is taking place through September 16.
“In response to the recent spate of security threats faced by organizations in the Middle East, a majority of the security projects currently underway and in the pipeline are focused on improving the security operations and incident response capabilities of enterprise infrastructure,” said Mr. Paulak.
The market segments that benefit from this trend are network security, security implementation and security consulting. Globally, managed security services (MSSP) forms around 35 percent of all security services spending, but in the MENA region this is much lower at 16 percent. Analysts said this indicates that MSSP as a deployment model is not as mature or sought after in the region compared to more developed IT markets.
“The lack of availability of skills in the market, coupled with the prevailing business scenario, means that the majority of enterprises rely on value added resellers (VARs) and system integrators (SIs) for their security requirements, thereby creating a lot of opportunity for those vendors that can align themselves with emerging buying segments,” added Mr. Paulak.
According to Gartner, the increasing adoption of mobile, cloud, social and information (often interacting together) will drive the use of new security technology and services through 2016. By 2020, 60 percent of digital businesses will suffer major service failures due to the inability of IT security teams to manage digital risk. Digital business, powered by the Internet of Things (IoT), will disrupt the security organization more than emergence of the Internet.
“This Nexus of Forces is impacting security in terms of new vulnerabilities,” said Sid Deshpande, principal research analyst at Gartner. “It is also creating new opportunities to improve effectiveness, particularly as a result of better understanding security threats by using contextual information and other security intelligence.”
The bigger trend that emerged in 2013 was the democratization of security threats, driven by the easy availability of malicious software (malware) and infrastructure (via the underground economy) that can be used to launch advanced targeted attacks.
“This has led to increased awareness among organizations that would have traditionally treated security as an IT function and a cost center,” said Mr. Deshpande.
Other trends in the information security market that form assumptions behind Gartner’s latest forecast include:
By 2015, roughly 10 percent of overall IT security enterprise product capabilities will be delivered in the cloud.
A significant number of security markets are being impacted by newly emerged delivery models. This is resulting in the growth of cloud-based security services, which are transforming, to different degrees, the way security is supplied and consumed by customers. While cloud-based services' competitive pricing puts pressure on the market, the cloud is also providing new growth opportunities, as some organizations switch from deploying on-premises products to cloud-based services or cloud-managed products. More than 30 percent of security controls deployed to the small or midsize business (SMB) segment will be cloud-based by 2015.
Regulatory pressure will increase in Western Europe and Asia/Pacific from 2014.
Regulatory compliance has been a major factor driving spending on security in the last three years, particularly in the U.S. Gartner expects this influence to accelerate from 2014. Broader data privacy legislation such as the Australian Privacy Act is expected to sustain spending on security this year. Other examples of intensifying regulatory pressure driving spending on compliance include the issue of guidelines regarding personal information protection in China in February 2013 (although they are not legally binding) and planned implementation of an addition to the EU Data Protection Directive. Other examples include personal data protection laws (introduced in 2013) in Singapore and Malaysia.
By year-end 2015, about 30 percent of infrastructure protection products will be purchased as part of a suite offering.
The presence of highly mature and commoditizing technologies, such as extensible provisioning protocol (EPP) and email security, will be contrasted by growth opportunities offered by segments such as security information and event management (SIEM), data loss prevention (DLP) and emerging technologies within the "other security" segment. Security providers in the more mature and consolidated segments are predicted to support sales through the addition of new security controls as part of broader suite offerings. This will be the case within the EPP segment, with the increasing availability of DLP, mobile device management, vulnerability assessment, hosted archiving and encryption for secure email gateway.
By 2018, more than half of organizations will use security services firms that specialize in data protection, security risk management and security infrastructure management to enhance their security postures.
Many organizations continue to lack the appropriate skills necessary to define, implement and operate appropriate levels of data protection and privacy-specific security controls. This lack of skills leads organizations to contract security consulting firms that specialize in data protection and security risk management to address regulatory compliance demands and enhance their security postures. A significant portion of organizations are shifting existing resources away from the operational aspects of security technologies, such as security device administration and monitoring, toward mitigation and incident response.
Mobile security will be a higher priority for consumers from 2017 onward.
There is a lack of penetration of security tools among users of new mobile platforms, and Gartner does not expect to see new demand for this type of capability to emerge before 2016. Most consumers do not recognize that antivirus is important on mobile devices and therefore have not yet established a consistent practice of buying mobile device endpoint protection software. This purchasing trend and market shift away from PCs will have significant repercussions on the consumer security market. However, as mobile devices gain in mass popularity, and as security is likely to be a higher priority from 2017 onward, new market opportunities are likely to emerge.
Gartner’s latest forecast for information security is available in the report ‘Forecast: Information Security, Worldwide, 2012-2018, 2Q14 Update’, available on Gartner’s website at: http://www.gartner.com/doc/2815822 and more details on the trends behind the forecast can be found in the report ‘Forecast Overview: Information Security, Worldwide, 2014 Update’, available at http://www.gartner.com/doc/2780717.
About Gartner Security & Risk Management Summit
Gartner analysts will take a deeper look at the outlook for security solutions at the Gartner Security & Risk Management Summits taking place September 15-16 in Dubai, UAE. More information on the Dubai Summit are at http://www.gartner.com/technology/summits/emea/security-dubai/.
Members of the media can register for press passes to the Summits by contacting firstname.lastname@example.org
Information from the Gartner Security & Risk Management Summits 2014 will be shared on Twitter at http://twitter.com/Gartner_inc using #GartnerSEC.