Sophos today released the findings of a regional study carried out in South Africa and the Middle East, indicating that the majority of organisations in Middle East & Africa (MEA) are recognising the benefits of integrated security especially the concept of linking network firewall and endpoint security for better insights. However, the report revealed that although MEA organisations were unlikely to increase the number of vendors they interact with, they were likely to increase the number of products in use, which highlights that organisations in the region currently do not tend to follow an integrated strategy when it comes to security. 

The Sophos-sponsored InfoBrief Synchronized Security Market Analysis – Middle East & Africa, developed by International Data Corporation (IDC), revealed that the MEA countries represented a total security solutions market potential of nearly $1.89 billion in 2015, which is expected to increase at a CAGR of 8.1 percent to a total of $1.94 billion in 2020, with the largest market is South Africa with 23.9 percent share of the total in 2015. It is expected to grow from $451 million to $634 million between 2015 and 2020 as per the IDC Worldwide Security Spending Guide.

Key South African findings:

·         In terms of IT priorities, IT security ranked highest in South Africa, followed by reduction in overall IT costs

·         In South Africa, mobile device security is the highest priority with 35 percent of companies. It is followed by DLP and security governance and management (28 percent each). While DLP is a top priority for both SMBs and enterprises, security governance and management, business continuity, and attack and penetration testing are higher priorities for larger organizations in the region.

·         Malware detection and prevention were the next most prevalent solutions, being more widespread in Turkey (85 percent) and South Africa (78 percent) while it was surprisingly low in the UAE (40 percent).

·         In terms of security appliance penetration, almost half (40 percent) of South African respondents stated they planned to invest in unified threat management appliances.

·         While 42 percent of MEA companies have high confidence about their security posture, some companies especially in KSA (3 percent) and South Africa (5 percent) are not confident at all.

“IT security is a top priority for companies in this region as it can impact uptime and overall service levels. In terms of plans to deploy, there is a major focus on end-to-end coverage with advanced security systems, making it apparent that respondents want to simplify and improve control over securing their organization’s assets. This is followed by plans to deploy mobile device security and cloud-specific security solutions. MEA’s mobile device proliferation is among the highest in the world, making it important to secure devices and content on devices. Increased deployment of private and public cloud services makes it critical for organizations to integrate security as a part of their cloud strategy,” said Harish Chib, vice president Middle East & Africa, Sophos.

“It is clear from the responses that, in addition to threat landscape complexity, organisations do not have a holistic strategy when it comes to deploying their security solutions. With the increase in sophisticated attacks across the region, companies are now looking for smarter and simpler IT security solutions. The majority of respondents across all four countries agreed with the concept of linking network firewall and endpoint security for better insights. The acceptance is higher among larger enterprise. Synchronized security is the new key for protection against cyber threats,” Mr. Chib added.

By far the biggest complexity factor found in the study was configuration and management, while security policies add to the increased complexity. In UAE, KSA and South Africa, the number of vendors and products were highlighted as factors contributing to the complexity. In MEA, only 33 percent of the organisations have a single-vendor strategy with majority of them highlighted their multiple-vendor security environments. In addition, organisations in MEA indicated having around 1–6 products, while a few were in excess of 13. This variance between the number of vendors and products deployed is indicative of a lack of an integrated view. However, this is likely to change in the future as the majority highlighted of organisations’ plan to invest in a centralised security management console over the next 1–2 years, with UAE organisations at the forefront, indicating their intention to invest in the next 12 months.

In the MEA region, external threats were revealed to be a major concern with viruses highlighted as being extremely significant, alongside unintentional data leakage. Skills constraints across technologies also remained a major challenge in the MEA region while the lack of real-time protection and security complexity also create limitations to improving security programs.