Sid Deshpande, principal research analyst at GartnerGreater China's info-security spending is likely to reach US$2,796 million by the end of 2014, with the highest info-sec spending growth in the APac region at 14.9%
On 25 August, research firm Gartner announced that it forecast worldwide spending on information security to reach US$71.1 billion in 2014, thanks to the increasing adoption of mobile, cloud, social and information -- the mega trends that will likely dominate the tech scene through 2016.
According to Gartner's forecast report, titled "Forecast: Information security, worldwide, 2012-2018, 2Q14 Update," the info-sec spending this year is likely to surpass that of 2013 by 7.9 percent, with the data loss prevention being the fastest growth segment at 18.9%. Total information security spending will grow a further 8.2 percent in 2015 to reach US$76.9 billion.
While Gartner did not have country breakdowns for its IT spend data, it provided a glimpse into the region-specific data tabulated below.
Table 1. Info-security spending by region, 2014 (millions of US dollars)
Source: Gartner (August 2014)
From Table 1 above, Gartner has drawn up three regions in the Asia Pacific: Mature Asia/Pacific, Greater China, and Emerging Asia/Pacific. In 2014, the Mature APac region will take the lion's share of info-security spending at US$11,418 million, and is likely to exceed that of Emerging APac (US$1,811 million) by over six times. As for Greater China, whose info-security spending is likely to reach US$2,796 million by the end of 2014, will record the highest info-sec spending growth at 14.9%, compared to just 7.0% in Mature APac and 9.8% in Emerging APac.
According to Sid Deshpande, principal research analyst at Gartner, a key driver of Greater China's huge info-sec spending growth has been "the increased adoption of mobile, cloud, social and information."
Increased cloud-based delivery
Gartner also forecast by 2015, roughly 10% of overall IT security enterprise product capabilities will be delivered in the cloud.
A significant number of security markets are being impacted by newly emerged delivery models, said Gartner research director Lawrence Pingree. "This will result in the growth of cloud-based security services, which are transforming, to different degrees, the way security is supplied and consumed by customers."
While cloud-based services' competitive pricing puts pressure on the market, the cloud is also providing new growth opportunities, as some organizations switch from deploying on-premises products, to cloud-based services or cloud-managed products.
"Through 2015, the top areas for growth for cloud-based security in the region will be from email security, web security services, identity and access management, anti-DDOS services and Web Application Firewalls," added Deshpande.
As for the small or midsize business (SMB) segment, Gartner forecast more than 30% of SMB-targeted security controls deployed will be cloud-based by 2015.
How are cloud-based services putting pressure on the market? By how much are cloud-based ones cheaper than traditional ones?
The cost effectiveness of cloud-based security services depends on the scale of the deployment and also the types of cloud services being secured. According to Deshpande, cloud-based security services have a more flexible licensing model than on premise software/hardware deployments and therefore can result in significant capital expenditure savings for adopters (for example, doing away with the need to purchase hardware and software on premise and manage it in house) and free them from the hassles of upgrade cycles.
"In cases where the cloud-based security offering is contributing to the security of a cloud application, e.g., email, it becomes easier for the buying center to embed security spending in the overall cloud application budget," Deshpande said.
Mobile security gains higher priority
Concerning mobile security, Gartner noticed a lack of penetration of security tools among users of new mobile platforms. But the analyst firm does not expect to see new demand for this type of capability to emerge before 2016.
"Most consumers do not recognize that antivirus is important on mobile devices, and therefore have not yet established a consistent practice of buying mobile device endpoint protection software," said Pingree.
"This purchasing trend and market shift away from PCs will have significant repercussions on the consumer security market. However, as mobile devices gain in mass popularity and as security is likely to be a higher priority from 2017 onward, then new market opportunities are likely to emerge."
Cloud security for mobile devices?
Will we see cloud-based security services targeting at mobile devices soon in Asia? Will cloud-based security services open a new form of security loophole in corporate IT infrastructure and via the proliferation of BYOD?
"Increased adoption of mobility initiatives, particularly BYOD, is a driver for the growth of cloud-based security services," Deshpande told Computerworld Hong Kong. "Cloud-based security offerings, when applied to unmanaged mobile devices (i.e. those that are not controlled by enterprise IT), are a viable way for IT security teams to regain visibility and control over user behavior."
As per Gartner's 2014 CIO survey, cloud and mobility are the top two new investment areas for CIO's in Asia/Pacific -- "therefore the time is ripe for cloud-based security offerings to provide security for these new modes of IT deployment," Deshpande said.
"Large enterprises (particularly those in highly regulated industries) often adopt a conservative approach towards cloud-based security services," he added. "However, for organizations that are using a lot of cloud-based applications already -- such as email, collaboration, internet facing web applications, etc., cloud-based security services may actually be a better and more scalable way to secure their online assets."