IT security attacks are not only growing in number across the Gulf region, they are also becoming increasingly more sophisticated and targeted. Consequently, organisations in each of the Gulf countries are battling to staff their internal IT departments with experienced and certified IT security professionals in order to ensure better security across increasingly complex IT infrastructures that range from packaged and custom applications to diversified networks and users.
The complexities of ICT environments have grown significantly over the past few years as organisations have increasingly turned to third platform technologies such as cloud, big data analytics, enterprise mobility, and social media in order to meet their business and IT objectives. And as the level of IT maturity within organisations is also growing, many of them are adopting hosting and other outsourcing services in an attempt to gain Capex and Opex savings. Indeed, IDC believes that the adoption of these technologies and solutions cannot be avoided for those organisations that wish to remain competitive, but this shift leaves them increasingly exposed to new security risks.
Further compounding the issue is the lack of governance, risk, and compliance frameworks within many organisations across the Gulf region countries, which has resulted in most in-house IT teams struggling to maintain adequately high security standards. IDC has seen numerous examples of IT teams at various organisations failing to identify areas where IT risks persist due to an inability to perform internal IT security audits. Meanwhile, the weakening integration between the three pillars of IT security — people, process, and technology — has exacerbated the already fragile IT security environment within many organisations. It is therefore no surprise to learn that CIOs across the Gulf region continue to cite IT security as their biggest challenge.
Organisations across the Gulf region have acknowledged the fact that security breaches can have a dreadful impact in the form of operational outages. Moving on from the previously perceived notion that security breaches lead just to downtime, organisations are now beginning to associate IT security breaches with the bigger picture of revenue loss, data loss, service delivery outages, customer attrition, reputational damage, and even lawsuits. Consequently, the need to put in place a robust IT security environment comprising a balanced mix of people, process, and technology has never been so pressing.
Recent attacks on the most mature and IT-savvy organisations in the Gulf region have shaken others into a period of introspection as they revisit their preparedness to counter such attacks themselves.
Organisations are also starting to realise that leveraging the capabilities of security services providers to identify security vulnerabilities, and subsequently deploying the required IT security products and solutions, is just the first step in ensuring that their IT environments are secure. Having a dedicated, vigilant team of security professionals that have experience in identifying and choking threats on an ongoing basis is the next progressive step to ensuring that the implemented IT security measures are meeting the necessary security policy requirements, while the deployment of corrective measures to address any new areas of concerns as and when they arise is also critical.
While many of the region’s organisations have the required budgets to implement various IT security products, software, and solutions, they are facing challenges when trying to staff their in-house IT teams with the high-quality, experienced, and certified IT security staff necessary to ensure that the implemented solutions meet their strict security requirements. It is therefore critical that organisations look to collaborate with security services providers rather than solely depend on the efforts of their own IT teams.
To this end, several global, regional, and local services providers, niche security services providers, and local telecommunications service providers have identified managed security services as a business growth area, and have invested in skilled and experienced IT security professionals to address the growing IT security concerns of organisations across the Gulf.
Over the past few years, many IT and telecommunications services providers have invested in creating SOCs to commercially provide 24/7 managed security services to their customers in the region. Since providing managed security services is core to their business, security services providers generally tend not to compromise on the quality of the IT security staff they recruit, meaning they are much better positioned to manage their clients’ IT security environments than the organisations themselves could ever hope to be.
Given this backdrop, IDC expects to see an increasing number of organisations in the Gulf region look to third-party managed security services providers over the coming years. The ability to effectively manage a whole range of constantly evolving IT security risks without having to deal with the challenge of recruiting and retaining experienced and highly skilled IT security professionals will serve as a considerable attraction, and as the maturity of managed security services providers continues to improve throughout the region, IDC expects the uptake of such services to drastically improve.
The columnist is group vice-president and regional managing director for the Middle East, Africa, and Turkey at global ICT market intelligence and advisory firm International Data Corporation (IDC).
