Mr Khuong Ha, Market Analyst at IDC Vietnam, tells VET's Do Huong about investment by enterprises in Vietnam on information security in 2013 and what may be expected in the years to come.
How would you comment on investment by enterprises in Vietnam on information security (IS) over the 2012-2013 period? Was there any major change over the two years?
Security software revenue stood at $14.3 million in 2013, 6 per cent higher than in 2012. The Market Segment Endpoint market saw growth of 5.6 per cent, due to less spending by large buyers such as the banking, manufacturing and retail industries. Identity and Access Management saw growth of 5.9 per cent. Security and Vulnerability Management, meanwhile, saw robust growth of 24.1 per cent due to major demand for security analytics to study security attacks. Networking security also enjoyed healthy growth, of 12.5 per cent, with spending from the communications and media sector due to high DDos attacks on popular media such as Dantri, Vietnamnet or Tuoitre.
What levels of investment are being made by enterprises in IS?
In 2013 the government sector recorded healthy spending on security due to e-government projects, e-customs and e-taxation. Telecommunications and media also invested in security due to the need for secure networks. Manufacturing, retail, insurance and banking saw low spending due to low domestic consumption impacting on business performance, as well bad debt issues.
How big is this investment?
It depends on the size of the business. For companies with ten staff members, the budget for security may start at VND2.5 million ($116) for ten anti-virus licences. Investment in security also depends on which security solutions the company wishes to deploy. For example, HD Bank invested VND11.5 billion ($534,888) in McAfee’s Intrusion Prevention System (IPS).
Why does secure content and threat management account for the majority of the security solutions market?
Security content and threat management covers the majority of total security solutions (anti-malware, anti-spam, desktop firewalls, URL filtering, web anti-malware, unified threat management, SSL VNP, etc.), so spending on IS the largest among security solutions.
What types of enterprises need identity and access management, security and vulnerability management, and other security software?
Identity and access management provides authorisation solutions, where only the right person can access the network or service the company provides. The solution is used widely in banking, for internet and mobile banking. Government agencies and the manufacturing, telecommunications, insurance and resource industries also use identity and access management to control access by individuals.
How many information security solutions providers are there in Vietnam? Is there a difference between local providers and foreign providers?
IDC currently tracks 64 security vendors in Vietnam. Local security vendors focus only on the endpoint market, with security solutions such as internet security, anti-virus and anti-spam. Foreign security vendors dominate security solutions, from endpoint protection and networking to vulnerability management. Foreign vendors have recently provided security services in Vietnam that focus on providing consultation and support on security for end users.
What do you think about the efficiency of the IS solutions being provided to companies in Vietnam, especially in preventing hacking attacks?
It depends on the size of business and the type of industry the company is involved in. The demand for security in the banking industry will differ from that in other industries like manufacturing, healthcare or retail. In an emerging market like Vietnam, most chief information officers (CIOs), IT directors or chief security officers (CSOs) spend time fixing security issues. But they don’t have sufficient time to prepare security planning, in particular developing security policies that would help CIOs be more pro-active in regard to security attacks. They used to invest in or purchase security equipment or software when needed. CSOs, who obviously understand how the company needs to invest in IS, tend to have a weak voice in persuading management about security investment, while CIOs hold all the spending on the company’s ICT. Security attacks not only come from outside. They can also come from internal sources, which are much more dangerous.
|Mr Khuong Ha, Market Analyst at IDC Vietnam|
What do you foresee regarding growth in investment in Vietnam’s IS market this year and the next couple of years? What will impact on growth in IS investment by enterprises? What type of threats do enterprises need to prevent?
Demand for core banking, large data, mobility and increasing social trends will be the driver of growth in security spending from 2014 to 2016. Spending on software in Vietnam is expected to grow 14.9 per cent this year. Banking has invested more in security since the Heart Bleed security loopholes were revealed. Networking security, identity and access management, and vulnerability management are forecast to record double digit growth.
Do you think the number of enterprises not planning to invest in IS will decline in the future?
The number of enterprises not intending to invest in the IS will be zero in the future. Local enterprises will enhance their knowledge and awareness of IS spending and the trend of increasing awareness about security investment will continue. Enterprises will continue to invest in IS with greater awareness about database protection as the use of smart phones, tablets, social network sites and cloud services increase in Vietnam.
What would make these enterprises pay greater attention to IS investment?
There should be more briefing sessions for small enterprises about how they may be affected by security attacks. Not about viruses or malware, but about other matters like customer databases, commercial contracts, or sensitive information being accessed by employees for their own purposes.