Summary of Asia/Pacific (excluding Japan) IT Security Predictions for 2013

Tags: big data/analytics, cloud, compliance, identity, mobility, predictions, security, social, strategy

We released the 2013 IT Security report, IDC’s annual attempt to predict the course of security industry in this part of world in the coming year, in February. IDC expects security to continue to be a hot market in 2013. Major trends like Compliance, Threat Landscape, Cloud, Mobility, Social, and Big data/analytics will continue to shape IT security. The Asia/Pacific excluding Japan (APEJ) region has a very broad spectrum of capabilities, maturity and variations in its outlook and optimism. The following are the top 10 predictions for the IT security market in 2013. The document is also available on www.idc.com.

This document was co-authored by Poon Wei Ang, Vern-Harn Hue and Pei Wang.

1.     Chief Information Officers Will Become Extinct

The adoption of social, mobile, analytics/big data, and cloud by organizations to create agility and adapt to the changing environment has created a need to relook at the roles and responsibilities of the IT department. As a result, the role of the chief information officer is being phased out as the role of the chief innovation officer gets introduced. It is therefore important for IT security vendors to be able to identify organizations that have reorganized themselves and those who have not. IDC feels that this will allow IT security vendors to communicate the value of their products effectively to business leaders and also have a separate and technical discussion with the IT managers.   

 2.     The New Chief Innovation Officer (CIO) Will Be Either a Friend or a Foe

Chief innovation officers today are mandated to add value to organizations with less hesitation and interruption to the business. Having a better grasp of the organization's strategy, financial, and technological implications allows the CIO to do so in a more effective manner. The CIO, with the reference of the (senior) IT manager on technical issues, will still need to balance between benefits and costs, which will lead to delays — or rejection — of certain proposed initiatives by the LoBs.

3.     IT Security Will Be an Integral Part of Risk Management

3.     As organizations look to transform and adopt the four megatrends, it is vital to note that IT security, which has been traditionally viewed as cost, gets a better understanding. Every business decision has risks involved and IT risk decisions should be made within this same framework and stakeholders within the organization need to be aware that every initiative is a risk if proper IT security measures are not in place.

 4.     There Will Be the Next Wave of Governance and Compliance

As predicted last year, additional complexities and IT-related risks from adoption of the four megatrends continue to compel the governing bodies across APEJ to review and create new governance, risk, and compliance (GRC) policies. Majority of the new policies revolve around the regulation of the flow and ownership of data as majority of IT-related incidents that have happened over the past few years have been with regard to data loss.

 5.     IT Transformation Demands Will Update IT Security Policy Framework

Continuing from prediction #4 taking a risk management approach for IT security alone is not enough if IT security policies are not reviewed and updated. Many times, IT security policies within the organization only get appended and a review of existing policies only happens when it starts to break. Situations like these make it very hard for the organization to adopt any one of the four megatrends without complications. For an organization to be fully prepared with regard to IT security, a rigorous IT security policy framework that is both proactive as well as aligned to the business strategy needs to be in place.

6.     Identity Management Will Be Our IT Passport

One key solution that would help address the challenge of complexity that the four megatrends bring in will be Identity and Access Management (IAM). As organizations move to implement improved identity management processes through a better understanding of "who, when, what, where, and how," IDC believes that the fundamental philosophy of IAM needs to be realized, which is essentially "what identity management aims to achieve". Failure to do so will end up with an overly complex environment that is hard to maintain.

7.     Biometrics Will Be Revisited

IDC has noticed that increasing numbers of organizations are adopting biometric security as an additional layer to IAM, creating a multifactor authentication environment for stronger levels of security. It is also important to note that organizations within APEJ with such interests are from mature markets such as Australia. As near-field communication (NFC) begins to mature within the mobility space, vendors should also be looking to expand on both NFC and biometric technology as the third layer within the multifactor authentication environment.

 8.     Data Loss Prevention and Data Recovery Will Be Challenges to Organizations

Organizations that are looking to focus on analytics and big data will face the challenge of data loss and data recovery. While data integrity does not fall directly under IT security, IDC feels that the potential risk of losing sensitive data through accidental deletion and hardware or software failures poses a huge impact to organizations. IDC believes that DLP solutions vendors could integrate into DLP solutions would be a form of "lifestyle effect". This is because while majority of end users do not really understand DLP as a technology, the idea of a secure lifestyle.

 9.     Mergers and Acquisitions of Niche and Small IT Security Vendors Will Be Low- Hanging Fruits

The current economic climate puts budgets under the microscope. Even though this challenge would seem smaller for large IT security vendors, IDC believes that mergers and acquisitions of smaller or niche IT security players would be low-hanging fruits for 2013. However, as for smaller IT security vendors, mergers and acquisitions will not only contribute to their solutions portfolios but also provide strength in size. This is particularly useful if the vendor has goals to expand its reach into other markets. One example would be the acquisition of LeadSec by Venus Sec in China to become one of the largest local IT security vendors.

 10.  There Will Be Lack of Skilled IT Security Professionals

As organizations increase their pace to adopt the four megatrends, the lack of skilled professionals will only increase. As a result, not only will organizations be ill-equipped to implement business initiatives but also minimize IT security–related risks. Adding to this would be that the demand for skilled IT security professionals that comes from the entire market, business organizations, system integrators, channel partners, as well as IT security vendors themselves.

Parallels unveiled APS 2.0 with single sign-on

Tags:

Parallels, the hosting and cloud services enablement provider announced a major enhancement to the Application Packaging Standard (APS) including a number of new products at their annual Parallels Summit 2013, last month. Parallels has developed the open APS program, a technology standard, that gives ISVs a consistent way to package and syndicate their offerings for sale through the service provider channel. It can be applied to hundreds of commercial applications ranging from WordPress to Microsoft Office 365, Google Apps, and VMware Zimbra, which are already packaged and certified under the APS standard.

The firm claims that the APS 2.0 now includes a pluggable single sign-on (SSO), service bus architecture, and customizable user interface enabling service providers to offer differentiated bundles of cloud services with an easy purchase and activation experience. This will allow Parallels service provider customers/partners access to cloud-based services that they can offer to their end user customers.

Service providers prefer to automate the services by way of common single sign-on between the various services a customer may have purchased. However, there are many applications in reality and the end-user customers face the challenge of accessing them from a single-access window with reliability. As Parallels shifted the focus of its service provider business toward integrated automation and service delivery platforms for the cloud, customers and partners have demanded for a more reliable, secure platform through which they could access to hundreds of applications and services. With this major update to the APS 2.0, driven by the feedback that users have given, Parallel has addressed customer's big problem - access management across different applications to users with single sign-on.

The solution that Parallels chose was single sign-on from CertiVox, an authentication provider. The CertiVox/Parallels integration will enable the Parallels partners and end-users to log on and authenticate themselves using the SkyPin, a two-factor authentication solution from CertiVox. Service providers will use SkyPin to authenticate themselves in Parallels software for configuring service options and managing the storefronts and applications they deliver to their end customers.

With the improvement to APS 2.0, IDC is of the opinion that this is very important improvement from a customer perspective as they always look for a simple, secure, flexible and scalable solution. In the age of increasing IT security regulations, the use of SSO technologies allows organizations to enforce access control policies across multiple applications. It also positions Parallels to showcase its secure platform capability, laying the groundwork for a larger role in the emerging cloud services landscape, given the anticipated growth of cloud-based infrastructure and application solutions.

At the same time, service providers can also resell the authentication services to their hosting customers, to capitalize on the exploding demand for strong authentication across the verticals, thus can do more business.

APS 2.0 will be integrated in Parallels Automation 5.5, which is expected to ship later this year, and will include more than 30 back-office improvements and new services such as support for Microsoft Lync 2013 Hosting Pack. Parallels ability to deliver single sign-on for the APS providing customers with one consistent platform for infrastructure, applications, and data management cloud environments has a significant boost with several product launches including Parallels Automation 5.5 and Parallels Cloud Storage. As a result, Parallels partners and service provider customers will have the opportunity to more quickly and cost-effectively design, deploy, and implement complex, hybrid cloud environments. It also helps Parallels to competitively position as a one-stop cloud enablement source for service providers and channel partners to tap growing SMB cloud market.

CRO Survey: Investment Considerations and Top Enterprise Risk Initiatives: What's in Store for 2013?

Tags: investment, risk management, risk solution vendors

Changing global dynamics call for executives to astutely manage their risk profiles to ensure that their financial institutions not only survive but thrive in this "new normal" environment — an environment where bankers have to deal with a climate of protracted slow growth and hyper competition. With various forces converging to push risk management into the consciousness of senior bankers across Asia/Pacific, we conducted a CRO Survey polling 40 banking Chief Risk Officers (CROs) and their deputies from across 11 Asia/Pacific nations to shed light on core risk initiatives and the associated business drivers.

Herein, IDC Financial Insights found that despite the weak economic environment, purse strings continue to be somewhat loose when it comes to technology investments for risk, with only a negligible 2.7% of respondents expecting weaker risk budgets in 2013 (See Figure 1). On the contrary, 62.1% forecast rising technology budgets for risk management, with more than a third projecting at least a 7% increment in spending in 2013.

 Figure 1: Investment Growth in Risk Management Solution, 2013

Q.   Our institution's capex and opex on risk management implementation for 2013 will grow by:

Source: IDC Financial Insights' CRO Survey, January 2013

Our findings reveal that while capital remains precious, IT and risk offices at financial institutions are cognizant of the need to establish a fine balance between driving business strategies and enhancing risk management controls. In order of importance, banks in Asia/Pacific are investing on credit analytics, enterprise data management, and enterprise risk dashboards and reporting — and because all the tools are irrelevant without the right people to utilize and manage them — on skilled risk management staff, which is becoming a rare commodity in Asia/Pacific these days. This brings our forecast for total risk spending on risk technologies by Asian banks to US$7.65 billion in 2013.

Other nuggets of information uncovered from the interviews include the fact that as the region continues to reel from the aftereffects of the financial turmoil, all respondents' credit risk teams are continuously enhancing the quality of their portfolio by upgrading their credit risks infrastructure, processes, and risk management tools. Meanwhile, 53.8% of those surveyed claim to have instituted enterprise risk management (ERM) on a companywide level. (Although I would think this is subjective, depending on how they define ERM.) In any case, crossing lines of business with enterprise risk management strategies, talent, and technical infrastructure is a necessity to ensure that the full range of risk is being actively managed and resources are being applied as effectively as possible.

What I found surprising — and obviously good news for risk management vendors out there — is that a substantial 77.2% of respondents agreed that risk vendors could possibly (though not necessarily) provide a greater level of risk analytic ability than could be found internally and, as such, are increasingly open to outsourcing to risk management specialists. If so, are they transitioning toward the utilization of cloud-based risk solutions? While this trend is increasingly prevalent in other regions, only 30.8% of the surveyed are sufficiently comfortable to do so at the present moment, citing data privacy and security regulations as core inhibitors.

As banks across Asia/Pacific scramble to remain ahead of the risk management curve, plug gaps within their risk management framework, and exploit the disruptive third platform technologies of Big Data and analytics, cloud computing, social business, and mobility, 2013 will witness their CROs continuing to elevate risk management to a high strategic priority internally. Risk executives will further engage in new dialogues with the Chief Investment Officers to ensure that risk is integrated with all business technology decisions, seek out new tools for risk management to cope with the "new normal" environment, and invest in programs to ensure that risk management skills, code of ethics, and compliance obligations are developed and understood across all strata of the institution.

A lot seems to be on the plate of CROs at Asian banks for 2013, and we at IDC Financial Insights will continue tracking these developments — so watch this space!

For detailed survey findings covering the Asia/Pacific banks' CROs' investment considerations and process instituted for financial and enterprise risk management, opinions on the role of risk vendors, their top enterprise risk initiatives for 2013 and expectations around changes in risk budgets going forth the next 12 months, plus action items for risk executives and risk management vendors to consider, please refer to "Business Strategy: Asia/Pacific CRO Survey — Risk Management in the "New Normal" Environment" (Doc # FIN239279, February 2013).

Growing Local Regulatory Compliance in Asia-Pacific

Tags: asia/pacific, big data, cloud, compliance, datacenter, financial services, it governance, security, strategy

Security threats are evolving rapidly and the solutions that organizations implement to thwart such threats, play a major role in the success or failure of the organization's overall security strategy. The loss of data, threats to national security and protection for the same are receiving significant attention in Asia-Pacific (excluding Japan) (APEJ) countries.

As we mentioned in our security predictions earlier this year, the local regulatory compliance is receiving significant attention in APEJ. Many APEJ governments and enforcement institutions have initiated and are now regulating information flow and ownership issues by enacting laws and regulations or modifying to existing laws. These changes mandate the protection of data and industry-led cyber security standards. Our research shows that increased attention to sound IT-governance policies and compliance with regulatory requirements are driving overall IT security.

A few of these laws which have been implemented or proposed in various countries of APEJ are listed below (note - this is not a comprehensive list):

• Korea: Personal Information Protection Act (PIPA)
• Taiwan: Personal Data Protection Act which was just implemented from 1 October 2012
• India:

 Information Technology Act (ITA) 2000. The government of India made major amendments to ITA-2000 in form of the IT Amendment Act, 2008 and 2011.        
 Data Protection Act 2008
 RBI's 2-Factor Authentication

• Hong Kong: amendment to Personal Data Privacy Act
• Singapore: Personal Data Protection Act (PDPA) 2012
• Philippines: Data Privacy Act  
• China:

        Chinese information security laws and regulations
        The Regulations of PRC on Safety Protection of Computer Information Systems
        Regulations for the Protection of Information Network Transmission Right
        Regulations on the Commercial Passwords

• Malaysia:

 Communications and Multimedia Act (CMA) 1998
 The Personal Data Protection Act 2010 (PDPA)

The new law forces a number of organizations to make assessments, to take security seriously, and to make some positive changes in their security posture. It is certain that the security-solution providers, service providers, and end-users among others, will be engaged in the tedious job of interpreting regulatory compliance requirements. At the same time the sheer number of laws and regulations, conflicting requirements, cross-border applicability issues, unexpected additional regulations and the challenge of determining which compliances are applicable are tough decisions that organizations must make.

IDC believes that the starting point for any compliance exercise is to carry out a risk assessment to understand what information the business holds what its vulnerabilities are and what elements of the IT systems can be locked down.

As specified in a previous article on risk assessment, it is an aspect of security management that organizations can take up as a cost-effective security measure. This allows organizations to estimate potential damages and set a budget to fix these loopholes and avoid any major catastrophes in future. This process is advantageous because once these security loopholes are identified, companies can proactively determine and allocate necessary budget toward fixing the issues related to security. They can also realign their security policies to meet the required security goals. This approach also gives an organization sufficient time to educate its employees on the changes in its existing policies. In other words, it helps minimize the risks and maximizes return on investments. Further, the compliance mandate is now moving out from government agencies to large corporations. Many industries have their own codes of practice or other sets of rules. Organizations that have their security organized are demanding that those they do business with also comply or no longer willing to do business with those organizations that don't meet the standards.

As cyber-criminal activities continue to thrive and rise, the need for stricter compliance and regulatory acts will continue to grow. Many Asian countries seek to enact new laws or amendments, which supplement the Personal Data Privacy with specific focus on technological advancements and greater penalties for breaches. However, organizations need to realize that having a policy or being compliant is not enough to make an organization secure. It just means that they are following certain best practices while trying to be one step ahead of those who seek to attack them. It is important to carry out regular risk-assessment exercises and seek continuous improvements on their position on security.

Insurance Survey: What are their Strategies, Trends and Investment Priorities?

Tags: concerns, insurance, insurer, investment, strategies, survey

My colleague Hui-Long earlier blogged about our overwhelmingly successful Asian Insurance Congress (AIC) 2012. This Congroh oess revolved around the theme "The Insurer's New World Order: Adapting to Changing Times", a focus which I think, was very apt. Why so? As the cycles of uncertainties proceed, insurers have to face changing (and more stringent) regulatory standards, changing (and more complex) risk profiles, and evolving market share, yet need to penetrate new markets and introduce product innovation. Any typical CXO would be overwhelmed trying to navigate and emerge triumphant through this plethora of changes and challenges, and would be interested to know how their peers were coping.

As such, we took the opportunity to poll delegates at AIC 2012 on the strategic areas and technology initiatives they were championing, emerging industry trends they were keeping a close watch on and, conversely, the core challenges or pain points they were tackling. This onsite survey yielded 57 unique responses, with slightly more than half (50.9%) of the respondents having at least a designation of associate director or vice president - positions I feel, are sufficiently senior enough to be involved in (or at least have knowledge of) their organizations' strategic and technological initiatives. I wanted to take the opportunity to share some of these findings here.

Firstly, feedback showed that issues centering around distribution strategies piqued the highest interest, with bancassurance, the agency network, and alternative outreach all hogging the limelight. Respondents were focused on multiple channels to bring new efficiencies to the distribution framework and cater to divergent buying preferences of policyholders. Meanwhile, not surprisingly, regulatory compliance and risk management also drew plentiful attention, as compliance requirements escalate with authorities adjusting their rules and liquidity standards, introducing new regulations such as Solvency II, and ramping up interest in the investment activities of Asia's insurers.

On to the next question - the foremost concerns cited by executives were talent shortage (and issues around agency recruitment, retention, and development) plus an inability to source the specialist skills in managing new technological projects. (Labor-related concerns are obviously perennial issue for all industries, but interestingly moved up to the top of our insurance rankings based on how regularly they were cited by respondents this year.)

Meanwhile, trends that were on their watchlist to monitor mainly pertained to mobility initiatives (smartphone applications for insurance and investments in mobile devices, the bring your own device [BYOD] phenomenon and its corresponding benefits and challenges), social networking strategies, methods to effectively cater to the "customer of one" with customer-centric systems and processes, and how product portfolios were evolving.

Cloud Survey

Tags:

Great success at the 5th Annual Asian Insurance Congress 2012

Tags: asia/pacific, insurance

IDC Financial Insights kicked off its 5th Asian Insurance Congress (AIC) 2012 on the 28th August 2012, held in Singapore. Themed as the “The Insurer’s New World Order: Adapting to Changing Times”, the regional Insurance event attracts close to 200 delegates across the region, providing an excellent platform for practitioners to discuss and debate on some of the challenging issues facing the industry.

Besides receiving overwhelming registration, AIC also featured one of the best speakers’ line-up – we had the honor of hosting 18 visionary industry leaders in 1 event, sharing with us their thoughts, insights and experience on how the insurance sector should move ahead in the times of uncertainties.

Here are just a summary of some of the main themes discussed during the Congress:

• Global force: With global economic slowdown and euro zone crisis, insurers (especially players with huge customer pools on life insurance policies) are pressured to deliver the guaranteed return rates with the prolong low interest rates. How then do they tackle this conundrum?
• Regulatory intervention: Government bodies from developing markets will be adopting some of the best-practices from developed markets, tightening the rules around customer protection, distribution, risk management and reporting standards. Insurers have to be prepared to invest additional time and resources to ensure compliance.
• Connecting with new generation of consumers: The influx of social media has affected some of the purchasing behaviors of consumers who are social networking savvy. This new generation of consumers is comfortable with doing product research online as well as vocal about receiving poor services in their online networks. Insurers thus need to ensure that they are 'connecting' and appeasing this segment group.
• Distribution & partnership: Agency would still be the main force is distribution, but the model is changing to a multi-distribution by leveraging on technology and partners - herein, bancassurance is especially gaining more prominence. However, the challenges such as the availability and commitment of banking partners will hamper the growth rate the bank-insurer partnership.
• Technology transform: Two main issues were discussed at the Congress – regulations pertaining to technology risk assessment putting huge cost pressure on the insurers, and needing to deal  with legacy core systems to ensure competitiveness and lowering of TCO.
• Customer Centricity: With an increased in the amount of information available and a growth in big data, the corresponding maturity in technologies for data analytics has provided the tools for insurers to better understand their customers. Besides tools, integrated process and the internal culture are key ingredients to increases customer satisfaction and improve retention, cross-sell and referrals.
  

As the project manager for the AIC 2012, I am thankful to receive support from our partners & industry associations, pleased with the overwhelming registration from the industry, and humbled to be able to host some of the best speakers and leaders in this sector. For those who have joined us at the Congress, I hope it was a fruitful day for you – catching up with your friends as well as making new contacts. We look forward to meeting you again in 2013. 

Picture: Scott Ryrie, Guy Carpenter (left), Simon Machell, Aviva (centre), Owen Young, Stan Chart Bank (right)

Distribution of Insurance in the Disruptive Era

Tags: asia/pacific, bancassurance, distribution, financial services, insurance, online aggregator

A very cliché statement “Insurance is to be sold, not bought” highlights the eminent role of distribution channels in the growth strategy of insurance firms. The ability to utilize these channels to reach the firms’ target audience is often the key differentiator in a competitive landscape.

However, as new disruptive forces such as evolving customer preferences, maturation of modern technologies, changing regulatory standards and unpredictable global economic conditions become the new norm, the distribution channels of insurance firms must keep up to take on new challenges.

Bancassurance: From Alternative to Mainstream
With lower revenue expected from interest-based activities, banks will be keen to further explore this alternative revenue stream to derive a stable flow of commission income from distributing their insurance partners’ complementing financial solutions.

Supporting this statement, figures from Life Insurance Association (LIA) in Singapore indicate that the popularity of insurance solutions distributed through bank channels is rising. Between January to March 2012, tied agents contributed 42% of weighted new business sales, while the bancassurance channel was almost on par, accounting for 41% of all new sales. [Source: LIA Singapore press release, dated 7 May 2012, http://www.lia.org.sg/node/313]

With most banks entering into exclusive partnerships with insurance firms, bancassurance has matured and progressed as a mainstream distribution channel. However, the challenge would be to ensure a cohesive working relationship between the carrier and the bank. Aside from having a superior range of products, working out the commission structure, embarking on joint marketing promotion and providing dedicated middle office support, insurers need to be bold and creative in using technologies as a leverage to provide a more efficient support to their banking partners.

Similarly, the partnering banks need to be open to new communication links from their insurance partners – this will serve as the service differentiator which fits into the current customer-centricity movement.

Proliferation of Electronic Channels and Consumer’s New Buying Preferences
The changing customer demographic and proliferation in Internet connectivity have led to a shift in customer engagement models, affecting how information is being consumed. The next generation of customer is perfectly comfortable in scouring the Internet, forums and their social networks for advice on insurance solutions, hence leading to the rise of an emerging channel – the online aggregator.

The role of the aggregator fulfills the requirements of the customer, namely pricing transparency, ease of comparison between multiple providers and self-service transactions. While the aggregator provides another channel for insurers to distribute their solutions, it does pose other challenges such as impacting carriers’ branding, and potentially cannibalizing existing distribution channels (an example is the firm’s own e-commerce portal). Both parties - the insurer and the aggregator - also need to work on efficiently integrating data between their IT systems in order to provide real time, updated quotations on the aggregator site.

Striking the Right Balance and Mix
The advent of alterative channels such as the online aggregator is increasingly used to supplement traditional channels such as tied agents, bancassurance, financial advisors and international brokers. Hence, there really is no one-size-fits-all distribution strategy for carriers to address the disruptive conditions; they will need to adapt and harmonize the various distribution channels in order to ensure profitability.

For more insights on how insurance distribution is evolving in the current market environment, join us at the IDC Financial Insights’ Asian Insurance Congress 2012 on the 28th of August in Singapore as we hear from the industry’s leading thought leaders on this topic. Some of the speakers include:
Dr. Owen Young, Group Head, Insurance, Standard Chartered Bank

• Jeffrey Manuel, Head of Asia Bancassurance & Partnership Development, Manulife
• Calvin Foo, Asia Regional Head, Financial Advisory & High Net Worth Development, Manulife
• Douglas Hudson, Chief Partnership Distribution Officer, AIA
• Angie Tay, Operations Director, CompareXpress
  

For more information on the Asian Insurance Congress 2012, please visit our official website at http://to.idc.asia/aic2012

IBM Study: Changing Role of CISO, from Technical Officers to Business Strategy Leaders

Tags: business strategy, byod, ibm, security

Over the past several years, security has gained a lot of importance. Organizations now pay more attention to security than they did a couple of years ago. To make an organization secure, several factors must be in place. They include efficient collaboration between the security department and management, budget, creation of security awareness within the organization, technology and many more. Among the other factors, the role of the Chief Information Security Officer (CISO) of an organization is important in deciding a complete security solution. With the increasing demand and expansion of the global role of security, the role of a modern CISO is evolving from simply being a technical officer to a leader in business strategy.

IBM's Center for Applied Insights conducted its first study of senior security executives, and interviewed more than 130 security leaders globally. The study’s core concentration was on the role of CISOs and many interesting findings were laid out.

Changing role of CISO and Security in organizations

According to the IBM study, security leaders today are under intense pressure, faced with the protection of some of their firm's most valuable assets – customer data, intellectual property and brands.

Nearly two-thirds of the CISOs who were a part of the study said that their senior executives are paying more attention to security today than they were two years ago. This is due to a series of high-profile hacking and data breaches that convinced them of the key role that security plays in a modern enterprise. Rather than just reacting and responding to security incidents, a CISO's role is shifting more towards proactive–intelligent and holistic risk management–from fire-fighting to anticipating and mitigating fires before they start.

Although this change in role of a CISO is a positive sign that some of the organizations are already witnessing, there are a large number of organizations yet to implement some of the best security practices in Asia/Pacific region. Many organizations still continue to actively deploy security policies; however, a lot of organizations do not put a high enough priority. Some of our recent IDC Asia/Pacific studies show that in organizations in Asia/Pacific, CISO’s still lack the understanding of the significance of collaborating with management in devising business-strategy-driven security solutions.

Further, the role of CISOs has been changing with a growing demand for a new skill set. The responsibility of a CISO is not only to drive a strategy of security and ensure its proper implantation, but also drive a culture of security with the company at all levels. IDC sees this is an encouraging sign as IT security is a growing part of organization's risk management strategy.

Consumerization of BYOD  

In this assessment conducted by IBM, another interesting finding was that more than half of the respondents cited mobile security as a primary technological concern over the next two years.

There has been a major increase in the adoption of Bring-Your-Own-Device (BYOD) across several organizations. IDC expects that nearly 40% of the employees in Asia/Pacific will be mobile workers by 2015. We believe this trend will accelerate as more organizations are now inclined towards the BYOD trend keeping in view an employee's productivity, quick turnaround time, customer satisfaction etc. It is not surprising that mobile security will be a cause of concern for most of the CISOs in the coming years.  Organizations need to wake up to this trend that will hit them in the near future as even now, as data is scattered across within and without the walls of organizations in different forms.

With the advent of any new trend and its adoption in organizations, such as BYOD, there is a growing need for organizations to embrace some of the security practices to ensure there are no disruptions in business operations. IDC thinks that businesses will benefit from adopting some basic steps to ensure that the organization’s mobile security features are well deployed and maintained. These include the following:

• Using Risk Assessments to enable business decisions
• Having a mobile-security policy
• Educating its employees on security policies
• Implementing remote-device management systems

Overall the role of the CISO and IT security will need to evolve more. The changing security environment, where more and more businesses are demanding flexibility, is increasingly making the IT environment complex and diverse. Trends such as BYOD are driving IT infrastructure towards optimization and renewed flexibility. Organizations need to be more agile in dealing with change and understand the security implications that come with this agility.

Cyber Security Poll

Tags:

The objective of this poll is to understand the latest state of IT security in the region and the related levels of awareness.

The secondary objective is to gain insights in specific areas of IT security, like: the perceived regional threat levels, common defensive solutions (hardware,software and/or services), testing practices etc.

The holistic view this pre-event poll will provide key insights in Asia Pacific's (excluding Japan) awareness of its security landscape and its ability to defend itself against cyber threats.

Click here to launch this survey