International Data Corporation (IDC), a leading ICT market research and advisory firm revealed findings from a recent survey of Malaysian IT security that highlights healthy spend in network security, endpoint security and other basic security solutions, but very limited spend in more sophisticated solutions that represent critical gaps in the defense against today’s increasingly sophisticated threats. About 45% of the organisations across industries in Malaysia have very high concern on the increasing sophistication of security attacks. Some organisations from financial industry may have invested in advanced security solutions that are able to analyze, detect, and response in near real-time to sophisticated threats or any security incidents. Majority of the organisations in other industries are investing more in fundamental security such as network security and endpoint security. “Although Malaysian organisations recognise the threats are getting more sophisticated, the IT spending is still prioritized on the fundamental security products that are insufficient to address the sophisticated threats. The fundamental security has to integrate with advanced security technologies in order to tackle the increasing threats issues,” says Liew Siew Choon, Senior Market Analyst, Software Research, IDC Malaysia. The survey results from IDC’s Continuum Study 2014 showed the top three security issues Malaysian organisations most likely to address in the next twelve months: • 23% on data loss prevention – a combination of network, endpoint, messaging, web, and storage security that provides protection on data in motion, in use, and at rest. • 20.3% on network security – includes enterprise firewall software, network access control, virtual private network (VPN), and network intrusion detection and prevention software. • 15% on endpoint security – includes antivirus/ antimalware, personal firewall software, and file/ disk encryption. Only 9.3% of the organisations are concerned on security and vulnerability management that includes security policy management, risk assessment and vulnerability scanning as well as advanced security technologies such as security analytics, threat intelligence, and forensics. “The security model within the organisation has to be aligned with the changing business environment. Organisations will have to face with more security challenges during the transition to 3rd Platform – the next-generation compute platform characterized by mobile, cloud, big data, and social – if IT spending is still focused on fundamental security products,” adds Liew. Liew recommends that organisations have to understand their risk profile through continuous risk assessment and to adopt advanced security solutions to improve the risk posture. The spending on both fundamental and advanced security has to be balanced to mitigate the risk from changing threats. “Investment in advanced security is important on the journey to the 3rd Platform, where organisations will need to utilize more layers of security, as well as leverage new approaches and solutions born in the 3rd Platform, not forgetting to integrate them back into the existing security infrastructure,” says Chuang Shyne-Song, Program Director, Cross-Pillar, Security and Technology Advisory Service Research Group, IDC Asia/Pacific. With the 3rd Platform driving the security needs, IDC forecasts the overall security market in Malaysia to grow at 5-year compound annual growth rate (CAGR) of 13.0%, in which the security software to grow at 9.8% and the security appliance at 16.8%.