CEO Involvement in Security Decision-Making Reaches a High

A new survey finds that customer satisfaction has overtaken compliance requirements as the leading driver for security, while CEOs now have unprecedented involvement – in front of CFOs and even CIOs −  in security decision-making. The latter finding reflects management's realiaation of the business impact and value of IT security.


The survey, commissioned to Frost & Sullivan by Fortinet, also reveals an evolution of organisations' attitudes towards cloud computing, as growing adoption of private clouds − which result in data being centralised in the data centre − drive firms to consider making their data centres their new security operation centres (SOCs).


The survey found that customer satisfaction is now the main reason for firms across the region to adopt security, ahead of compliance and risk reduction. Customer satisfaction was rated particularly strongly in Malaysia and Thailand − it was listed as No. 1 in Malaysia and tied with compliance for the top spot in Thailand.


Regional business hub Singapore still ranked risk reduction as No. 1, with customer satisfaction a close second. Employee productivity concerns, on the other hand, took the pole position in Hong Kong, suggesting a relatively receptive attitude towards BYOD (bring-your-own-device) and telecommuting.


"The finding suggests that organisations in the region have moved from implementing IT security to comply with rules and policies to leveraging it in a more strategic manner," says Edison Yu, Associate Director, ICT Practice, Frost & Sullivan Asia Pacific. "This is a healthy development that bodes well for enterprises' long-term prospects."


Security now gets the CEO's Attention
According to the survey, IT security issues have found their way up to the C-suite. Overall, 69% of the respondents said that their CEO is a decision maker in IT security matters, with 40% saying he/she is a key decision maker. This is ahead of the 46% and 30% given for the CIO, and the 44% and 12% given for the CFO, respectively.


The role of the CEO in IT security is particularly pronounced in Malaysia and Thailand, where 45% of the respondents in each country said the CEO is the key decision maker.


Yu said: "More and more firms are realising that security is not the remit of the IT department alone. The impact of a security breach on business is real and broad, and management wants to be proactively involved in preventing it. As IT security starts to be treated as a business risk, we see it becoming an integral part of organisations' risk management strategies."


Respondents in the region generally cited virtualisation, resource consolidation and cloud computing as the requirements they are looking at for their data centre in the next 12 months. A substantial proportion (16%) also said they want their data centre to take on the role of a security command post.


This trend is stronger in Malaysia and Thailand, with 21% and 19% of the local respondents citing it, respectively.


Yu said: "This aspiration is consistent with organisations' rising adoption of private clouds to consolidate IT in the data centre. Using the data centre as their new security operation centre (SOC) is a logical extension of this move and a good way to maximise the value of their data centre investment. We expect this trend to gain wider traction in the coming years."


The majority of respondents consider DDoS prevention/Web application firewalls, application security and network security as critical technologies in a datacenter setup. Singapore and Hong Kong rated application security as No. 1, a result that may be driven by the Web-centricity of the multi-national corporations there. Thailand put network security in the top spot, while Malaysia prioritised network management, with application security and network security in joint second place.


Keep us Safe, but do it Cost-Effectively
The survey also revealed a widespread urge to maximise value from IT security investments.


Overwhelmingly, respondents opted for IT security solutions that consolidate multiple functionality into one device, citing greater protection, easier management and lower cost as the main reasons for such choice.


Malaysia and Thailand were the two countries most inclined towards such consolidated security platforms.


Over two-thirds of the respondents from these countries − 69% for Malaysia and 72% for Thailand − preferred such platforms over stand-alone security solutions.


Firms relying on external parties for their security needs also expect value for their money. More than one-third (36%) of the respondents in the region wanted their solution providers to deliver value-added services − such as visibility reports, forensics and risk profiling – in view of maximising the returns on their security investments.


This expectation was strongest in Malaysia (37%) and Thailand (45%). The desire for value-added services
ranked fourth, just after better support (#1), better performance (#2) and better pricing (#3).

Suggested Articles

Some of you might have already been aware of the news that Questex—with the aim to focus on event business—will shut down permanently all media brands in Asia…

Some advice for transitioning into an advisory role

Global risks are intensifying but the collective will to tackle them appears to be lacking. Check out this report for areas of concern