IBM has pointed to new technology such as virtualization, cloud computing and SaaS (software as a service) as new vectors for security attacks, together helping to drive the security market in Thailand to around one billion baht (US$28 million) this year.
Over the next two to five years, emerging technologies ranging from virtualized environments, cloud-enabled services and SaaS will lead to an explosion in digital identities that need to be managed while the proliferation of mobile phones and PDAs as access points to the Internet will have a profound effect on enterprise security, according the IBM's GRC market manager, Marne E. Gordon.
Today's disruptive technologies increase complexity for organizations in terms of security management because they are moving targets. The situation is getting more complicated through the high number of mergers and acquisitions and outsourcing contracts that make businesses inter-dependable. Moreover, during the economic downturn, criminals will more aggressively pursue data crimes that can make a lot more money than traditional crimes. Today, there are more removable media and unstructured data which creates the chance for data leakage. There is also the rise of the trusted insider threat, especially in banking. However, before businesses invest in new technology, they should look back at basic, fundamental security infrastructure, Gordan said.
She added that regulation compliance is another force driving security trends, such as the Payment Card Industry (PCI) data standards, Sarbanes-Oxley which involves disclosure of financial accounting as well as the Health Insurance Portability and Accountability Act (HIPAA).
She cited Harley-Davidson as an example that has a variety of businesses that all have to comply with many regulations. More and more big enterprises are now implementing a single compliance policy that combines these different siloed compliance projects into one to provide a holistic view to executives and reduce redundancy.
Last year, IBM globally spent US$1.5 billion on security and created its security framework that identifies five key security areas: People and identity, data and information, application and process, network, server and end-point and physical infrastructure. The company approach is to strategically manage this risk end to end across the organization.
This will allow businesses to better understand and prioritize risks and vulnerabilities based on their potential to disrupt critical business processes.
For Thailand, security is a growing area made up of good governance, identity management, business continuity and managed security services. In particular, Thai-based businesses, even SMEs, need to comply with the Computer Misuse Act, which will bring the market to around one billion baht (US$28 million) this year, IBM Thailand GTS country executive Dhanawat Suthumpun added.