Security strategies involving outsourced security management are set to grow, taking share from in-house and hybrid security models, according to the findings of IDC's recently released Australia and New Zealand Security Services report.
This shift comes as organisations in Australia and New Zealand (A/NZ) look to relieve themselves of the costly and inefficient pain points associated with security management, freeing up resources to focus on higher business value tasks. IDC is forecasting a five-year CAGR of 18.9% for security-related services revenue to 2023.
Hybrid security management represents a transition zone for organisations migrating towards third-party security partnerships.
"Organisations are now using successful partnering to enhance security beyond internal capabilities and alleviate compliance headaches", says Emily Lynch, associate market analyst at IDC Australia/New Zealand.
She made it clear however that the trend is not limited to ANZ but that its most pronounced in these two markets.
“In A/NZ, organisations and IT decision-makers indicated that their top investment priorities were effective sourcing of third parties/external security vendors, coupled with the desire to retain and re-skill their in-house security professionals wherever possible. The notorious A/NZ tech skills shortage is likely a factor in this trend. In other AP markets, the focus in terms of security leant towards investments in automation, Identity and Access Management (IAM), and a managing a hybrid security environment (a mix of outsourced and in-house security)," she elaborated.
Getting security sourcing and vendor selection right requires businesses to undertake a thorough evaluation of potential providers. Managed Service Providers (MSPs) should not only have strong security credentials and reputation but also be aligned with the business on the security process and longer-term security strategy.
Lynch warns that changing managed security providers can quickly become disruptive and expensive.
She suggests first evaluating the relevance and quality of a security provider's partner ecosystem. This way organisations can ensure they are getting the alignment right when they partner. Collaboration is key in the DX era, so taking a long-term view on security partnerships can help businesses enable stronger DX innovations with security embedded, rather than an afterthought.
Whatever the security model that is adopted by A/NZ organisations, they need to answer some key questions first:
- What are the functions that the security solution address and do you have the in-house capabilities?
- What is the degree of business risk averseness in the organisation – does it vary by BU?
- What are you protecting, i.e. data types, environments, customers, employee data, etc? Is the data passive (at rest) or in motion?
- How are they going to integrate security services with internal services — protocols, components, new tech platforms, or advanced technologies which present a new risk or security profile?
The report, Australia and New Zealand Security Services: Key Trends to Optimise Security, concludes that unifying an organisation's security posture requires equal investment across people, processes, and technology.
Companies are now investing across these interlinked areas in order to effectively manage security and stay ahead of evolving threats, including employee training, software-defined (SD) security solutions, and identity and access management (IAM) tools.
Australia and New Zealand technology buyers are now starting to map their organisation's current security posture and risk profile to evaluate where investment is most needed, and from which security management partners they will receive the most benefit. "Mapping your organisation's current security state can identify legacy concern areas but will also inform the future security state and roadmap. A resilient and forward-thinking strategy will be key as businesses weather the current storm and markets get a shake-up".
As COVID-19, and particularly the effects of New Zealand and Australia's measures to prevent its spread, negatively affects businesses and reduces cash flow, security is one thing that A/NZ tech buyers should not reduce investment in. Communication through the ecosystem and with services providers on security priorities in the face of COVID-19 disruptions will further strengthen partnerships and ensure that key business priorities are still being met during this turbulent period for local and global markets.