Digitally empowered customers are disrupting every industry; the age of the customer brings with it some inherent risks that will push organizations to increase spending on security software. In Asia Pacific, security software has leapfrogged other software categories and leads the region in terms of expected software spending growth in 2014 (see figure below).

We believe that the high growth in security software spending in Asia Pacific is primarily due to the following risks related to the age of the customer:

  • Migration to public cloud services. In a recent survey, 41% of Asia Pacific firms identified public cloud and other as-a-service offerings as a high or critical priority for 2014. Increased adoption of public cloud-based services like storage and disaster recovery is stretching the attack surface, exposing enterprises to a variety of security issues related to confidentiality, integrity, availability, and accountability. In response, firms must strengthen their security infrastructure.
  • Increased mobility. Nearly 45% of the Asian organizations in our survey identified mobility as a high or critical priority for 2014.  As enterprises introduce mobility into their environment and add devices to support the initiative, the footprint of their infrastructure increases. The new access points attached to the network create opportunities for attackers to break into the infrastructure directly or via mobile application portals that provide gateways to protected, sensitive data.
  • Increased social media adoption. The rising use of social media tools by employees in their work environments exposes businesses to risk by using uncertified software that might contain malware that could damage the existing IT landscape. Cybercriminals frequently embed malware in social media websites or third-party applications. Infected users can then spread the malware to other devices by unknowingly sharing malicious links and files with their contacts.

With digital disruption gaining momentum in the age of the customer, the CISO and other security and risk leaders no longer have the authority to block or significantly inhibit business adoption of any new service or technology. Instead, they must focus on mitigating the most egregious security concerns and help develop solutions — including identity and access management, encryption, key management, two-factor authentication, next-generation firewall, security information management, VPN, security modules for mobile device management, mobile application management, and mobile content management technologies — that address these risks as much as possible without compromising business functionality, ease of use, or the pace of adoption.