A significant number of organizations within the region are operating at what IDC believes to be the lowest states of IT security readiness and that fully 84% of the sample studies are within the first two stages of IDC’s five-stage maturity model, highlights the IDC IT Security MaturityScape report for Asia Pacific excluding Japan (APeJ) published by IDC Asia/Pacific.
"This level of capability with regards to IT security across the APeJ region is not hugely surprising, given the legislative environments that many organizations operate within. But as the threats are now surpassing the issues that legislation impacts, and businesses begin to experience direct financial loss as a result of malware or denial of service/ access, organizations need to take a closer look at what is at stake for them, beyond that which regulation encompasses," says Simon Piff, Vice President, Security Practice, IDC Asia Pacific.
The MaturityScape Benchmark is a global benchmark based upon the IDC MaturityScape: IT Security which identifies the stages, dimensions, outcomes, and actions required for companies to effectively foster the security maturity needed to compete in the new era of the 3rd Platform.
IDC's IT Security MaturityScape enables an organization to assess its architectural competency and maturity with respect to its leadership, organization, processes, deliverables, and technology.
The IDC MaturityScape provides CIOs, CEOs, line-of-business (LOB) leaders, functional leaders, and other senior leaders with insights that will help their organization mature and thrive in the new business environment ignited by the 3rd Platform.
Key areas the study highlighted as needing improved focus were those around People and Security Technologies. The People issue is a major challenge across the industry globally, but in the region the issues are simply having any degree of dedicated resource for this issue.
This lack of a focal points makes IT Security the partial responsibility of a number of people. Simply expecting the CIO to be able to defend the business sufficiently shows a lack of understanding of the problem and the threats. Similarly, the application of technology is still focused on protecting the perimeter, something the industry has acknowledged is almost impossible to achieve due to the change in architectures with the evolution of cloud and mobile computing.
"What is needed is a fresh look at what are the potential risks to an organization, a deeper understanding of the key digital assets that need protection and then a more targeted approach to protecting those assets, not assuming that the bad guys are always outside of the organization, and constantly monitoring this highly volatile environment,” says Piff.