Sophos (LSE:SOPH), a global leader in network and endpoint security today released the findings of a regional study indicating that majority of organizations in Middle East & Africa (MEA) are recognizing the benefits of integrated security especially the concept of linking network firewall and endpoint security for better insights. However, the report revealed that although MEA organizations were unlikely to increase the number of vendors they interact with, they were likely to increase the number of products in use, which highlights that organizations in the region currently do not tend to follow an integrated strategy when it comes to security.
The Sophos-sponsored InfoBrief Synchronized Security Market Analysis – Middle East &Africa, developed by International Data Corporation (IDC), revealed that the MEA countries represented a total security solutions market potential of nearly $1.89 billion in 2015, which is expected to increase at a CAGR of 9.3% to a total of $2.94billion in 2020 as per the IDC Worldwide Security Spending Guide, H12016. Close to 42% of organizations in the MEA felt ‘highly confident’ of their security posture.
"IT security is a top priority for companies in this region as it can impact uptime and overall service levels. In terms of plans to deploy, there is a major focus on end-to-end coverage with advanced security systems, making it apparent that respondents want to simplify and improve control over securing their organization’s assets. This is followed by plans to deploy mobile device security and cloud-specific security solutions. MEA’s mobile device proliferation is among the highest in the world, making it important to secure devices and content on devices. Increased deployment of private and public cloud services makes it critical for organizations to integrate security as a part of their cloud strategy,” said Harish Chib, Vice President Middle East & Africa, Sophos.
“It is clear from the responses that, in addition to threat landscape complexity, organizations do not have a holistic strategy when it comes to deploying their security solutions. With the increase in sophisticated attacks across the region, companies are now looking for smarter and simpler IT security solutions. The majority of respondents across all four countries agreed with the concept of linking network firewall and endpoint security for better insights. The acceptance is higher among larger enterprise. Synchronized security is the new key for protection against cyber threats,” Mr. Chib added.
By far the biggest complexity factor found in the study was configuration and management. Respondents in Saudi Arabia and UAE rated this as their biggest concern when it comes to security complexity. In MEA, only 33% of the organizations have a single-vendor strategy with majority of them highlighted their multiple-vendor security environments, with some companies in UAE and KSA indicating in excess of nine vendors — indicative of the level of complexity within their environment. In addition organizations in MEA indicated having around 1–6 products, while a few were in excess of 13. This variance between the number of vendors and products deployed is indicative of a lack of an integrated view. However, this is likely to change in the future as the majority highlighted of organizations’ plan to invest in a centralized security management console over the next 1–2 years, with UAE organizations at the forefront, indicating their intention to invest in the next 12 months.
Data Loss Prevention (DLP) was ranked as the top information security priority in UAE and Saudi Arabia with Data Privacy Issues also being highlighted as a priority in UAE and cloud security and access management as priorities in Saudi Arabia. In the UAE, most organizations seem to have a similar level of investment, with lots of different solutions in place and plans to invest in additional security solutions. However, malware detection and prevention solutions were surprisingly low in the UAE. When referring to the size of organizations, DLP was a top priority for both SMBs and enterprises while security governance and management, business continuity, and, attack and penetration testing are higher priorities for larger organizations in the region.
In the MEA region, external threats were revealed to be a major concern with viruses highlighted as being extremely significant, alongside unintentional data leakage. Skills constraints across technologies also remained a major challenge in the MEA region while the lack of real-time protection and security complexity also create limitations to improving security programs.