New Zealand businesses are moving managed security to the cloud even if there will be no immediate savings, according to latest IDC findings.
Consequently, the research analyst firm believes this is a “clear reflection” of New Zealand organisations’ maturing understanding of the security governance approach required when undertaking a digital journey.
IDC's latest New Zealand Managed Security Services research shows that managed security (off-premises) is going to be the land of opportunity for the next 12-24 months.
Over this time, IDC expects the amount of businesses that use hosted security services to rise multi-fold: usage of traditional hosted security services will jump from roughly 28 percent up to 79 percent while usage of advanced security will increase from around 17 percent up to 69 percent.
The report claims that only a quarter of New Zealand firms have no plans of shifting either traditional security (e.g. firewall, DDoS, secure web gateway) or advanced security (e.g. APT, incident response services) from CPE-based (customer-premises equipment) to hosted-based environments.
As a result, IDC believes this is in “stark contrast” with the current rate of security outsourcing in the country - only 35 percent of organisations engage 3rd parties to manage their security - one of the lowest rates in Asia-Pacific region.
Underlying these trends, the prevailing business theme in New Zealand continues to be to shift away from capital expenditure to leasing and “X as a Service” consumption models.
Following the pressure from CEO and CFO offices, IT executives are compelled to place higher focus on measurable business outcomes of IT investment.
“CIO objectives include not only a dollar-value cost reduction, but also the quantifiable and time-bounded impact of IT on productivity, R&D, and communication between staff and external parties," says Donnie Krassiyenko, Security Analyst, IDC New Zealand.
“This is where IT buyers should work with their IT partners to create security adoption roadmaps that their organisation can be assessed against over time.
“The roadmap further assists in identifying the next step toward security maturity and to build a strong business case for justification of IT budgets.
“Interestingly, government agencies act as a spearhead for security adoption, showing one of the highest interests in managed security and business continuity/disaster recovery (BCDR) as desired business outcomes.”
In light of cost management and cash preservation sentiments, Krassiyenko claims that it is interesting that roughly every second company, which engage in managed security services, did not experience significant annual savings in the last 12 months.
While almost 30% did not realise any savings at all and 24 percent ended up with an increase in cost, only 46 percent actually managed to reduce costs.
Despite such discouraging results, Krassiyenko observes, a vast majority (77 percent) expects future savings of up to 20 percent per annum.
“IDC believes that every New Zealand organisation’s leadership team and board should be considering the risk associated to the business during the digital transformation journey,” adds Adam Dodds, Cloud Research Director, IDC New Zealand.
“The opportunities are great, but the risk can sometimes be greater and assessing that risk is critical.
“First, how do we value our data and how will it change the value of our business (leading to where it should reside), and, secondly, how protected is our information for tomorrow's world (leading to are we capable of doing it ourselves).
“We have no doubt that the intent to invest with external providers is a reflection of this process and the cost benefits are a reflection of underinvestment to date.”