Security spending has seen a steady rise in the Indian and Southeast Asian markets for the past several years with the increase in technology adoption and the cloud-first strategy being adopted by organizations. The rate of growth seems to be peaking this year as a result of a number of breach incidents and increased awareness, and spending growth should continue for the next five years, says Singapore-based Siddharth Deshpande, principal analyst at Gartner.
Organizations in the region are steadily shifting to a security strategy that's focused more on detection and response, he confirms (see: Gartner: Asia Security Spending Rising).
"Organizations have understood that the focus needs to be on measuring security in the terms of detection and response, and how good their organization is in that respect is the way forward," Deshpande says. "Gartner is now recommending to companies that they shift their security spending to have at least 60 percent of their security budget to be spent on detection and response, up from 10- to-15 percent today."
Many organizations are also looking at orchestration and automation of low-level functions so that they can focus on some of the more advanced capabilities in house, he adds. Meanwhile, regulators are moving away from prescriptive mandates and enforcements to more risk-based regulations and guidelines, he says.
The vendor landscape is also evolving as many new players enter the market, he notes. For instance, many cloud providers have started providing customer-facing security solutions, competing directly with the existing technology and service-provider segments. This changing landscape is also raising questions around the challenge of managing a heterogeneous environment of different types of technologies and vendors, he says.
The attacker landscape is changing as well. Until recently, highly skilled attackers or amateurs prevailed. But the commoditization of hacking has enabled a mid-market segment of attackers who are able to use commercially available technologies to opportunistically compromise organizations that have poor security practices. The current ransomware problem is a case in point, he says (see: Insights from Gartner India Security Summit 2016).
In this interview with Information Security Media Group (see player link below image), Deshpande highlights some of the key trends in the Asian security landscape in the last year and shares his insights on the implications. He discusses:
- The overall developments in the security landscape in 2016;
- The impact of the newer generation of security vendors and technologies;
- How the shift from prevention to detection and response is progressing in the region.
At Gartner, Deshpande advises technology providers and buyers on security-related topics. He also conducts research and is a frequent speaker at Gartner events and client events and workshops. His primary areas of focus are security market opportunity and growth projections, managed security services, cloud access security brokers, security sales and go-to-market strategies. Secondary areas of focus include SIEM, CIO strategic priorities, distributed denial-of-service attack mitigation and digital risk management.