Some 45 delegates at the annual forum, sponsored by Symantec, heard that info-security has become even more essential in today’s tough times. With the economy fighting to resist a deep downward spiral, the need for efficient security will be critical to counter likely increased internal employee discontent, growing cyber-terrorism, natural disasters and pandemics.
“Security should always be at the top of the list when it comes to the IT budget,” says Martin Gilliland, vice president—IT research, Asia Pacific, Frost & Sullivan. “It should never fall off the radar regardless of the times.” This is because security lapses can force departments or entire companies to shut down operations or face significant costly downtime.
The good news is that Asia Pacific companies seem to realise the importance of continued investment in security, in spite of declining budgets. According to the results of the MIS Asia’s IT Nation 2009 survey, almost half—48.4 per cent—of respondents pointed to shrinking budgets as the biggest IT worry, with some 47.5 per cent expecting budget cuts in the coming year.
“Other concerns of CIOs include information security, increasing complexity, shrinking resources and regulatory compliance,” says Ross O. Storey, managing editor, Fairfax Business Media Asia, and editor of MIS Asia and CIO Asia. “However, the most favoured area for extra funding is information security and risk management, for all sizes of companies.” The same survey found that nearly a third of respondents (32 per cent) believed that their spending on information security and risk management would rise this year.
This is hardly surprising given the spate of information security breaches that have occurred, with some high profile cases in Hong Kong, including HSBC’s Kwun Tong branch reportedly losing a server containing details of 159,000 accounts, and the fragrant harbour’s Prince of Wales Hospital, where a lost USB drive affected some 10,000 patients.
More security needed
The IT Nation 2009 report indicates, however, that even more needs to be done. “Researchers tend to agree that there is a dangerous IT security complacency still prevalent in the Asia-Pacific region,” said Storey. “Emerging countries, particularly China and India, are still premature in developing IT security measures.”
For example, satisfying compliance requirements such as Sarbanes-Oxley—or SOX—and the Payment Card Industry data security standard, known as PCI, does not go far enough.
“Too many enterprises are not making the necessary cultural changes to live and breathe their importance,” says Peter Hind, an independent IT analyst and researcher, who compiled the IT Nation 2009 report.
Alvin Ow, senior director, system engineer, Asia Pacific and Japan, for Symantec, notes that security is inherently complex and evolving given the general dynamism of business activity.
“One thing we continue to see is that end-user computing options are increasing, but at the same time, end-users are also demanding higher service levels, and for more applications and services to be available,” he says.
“The contact points today are no longer just the traditional notebooks or desktops. Users are bringing USB devices into the organisation, as well as PDAs and mobile phones. And it is not just hardware, but applications like instant messaging and Facebook. All these have to be managed to ensure that information exchange is secure with no leakage of sensitive information.”
As security evolves, Ow lists a number of issues that the technology has to address if it is to be effective.
“Security has to expand from protecting endpoints and networks to protecting information,” he says.
“Endpoint management will focus on identity management, rights management, and the ability to dynamically provision resources.”
He also thinks complexity will increase because of new technologies, requiring more governance.
“Archiving and back-up will converge in the form of continuous archival data protection which will require new data classification schemes,” he says.
“New cloud-based infrastructure models will evolve quickly, creating new computing environments where applications can be decomposed and assembled back together on demand.”
All this means that “a stronger emphasis on compliance and governance will be key to ensuring that information is not only secured, but also well-managed”.
Beyond security, another technology that is widely expected to experience significant growth is virtualisation.
According to research firm Gartner, global software revenue from virtualisation is expected to grow by 43 per cent to US$2.7 billion in 2009, with global penetration forecast to reach 20 per cent.
Virtual and green
The IT Nation 2009 survey shows that 33 per cent of CIOs from large companies—those with more than 1,000 staff—expect to increase their virtualisation expenditure this year.
The appeal of virtualisation is that it encourages resource-sharing and reduces the need for expensive hardware and software licences. However, one issue which may arise as a result is the ability to securely manage such environments. Ow notes it is important that virtualised environments be every bit as secure as physical ones.
“Virtualisation has taken off in a big way over the past year-and-a-half, and where it used to be for test environments, it has now moved to production,” he says. “However, there are challenges like ensuring the right business continuity process if something were to fail, and the need to ensure that current data protection schemes work there as well, because a single solution is preferred across all platforms.”
Virtualisation also gets brownie points for being environmentally-friendly with its focus on optimising hardware environments using software; and although green IT, per se, is not ranked highly by CIOs in the light of the difficult times, the associated idea of cost-cutting with reduced energy usage, and improved hardware efficiency is greatly welcomed.
However, green IT, as an initiative on its own, has delivered the least, according to the IT Nation survey with almost a quarter citing it as having less-than-expected return on investment.
“Overall, there is a lack of enthusiasm for green IT but some respondents believe that it may happen by default when they acquire new infrastructure for virtualisation,” notes Storey.
Gilliland points to green IT’s definition as the reason for this.
“What’s included in green IT is really the difficult part and what benefits the business gets from it is even harder when the CIO can’t work out what they’re actually buying and why they’re buying it,” he says. “Reducing the size of the data centre, reducing the cooling costs of the data centre, blade servers, smaller footprint, virtualisation—there are so many technologies that could have a green stamp on them if they’re used the right way, but there are very few technologies that are specifically green IT.”
He cited the case of energy star compliance on a PC.
“Does anyone know how to become energy star compliant? It’s about how much energy that PC uses when it’s in a sleep mode, that’s it,” he says. “If you’re running at full power, got the CPU and memory running on hard core and the fans running as fast as they can go, it’s got nothing to do with that energy star sticker, and it’s the same for servers.”
Intelligent business
After security and virtualisation, CIOs then plan to increase spending on business intelligence. According to the IT Nation 2009 survey, about one quarter of respondents plan to allocate more funds into this. Conversely, of all the technology areas in which CIOs plan to cut budget allocation, business intelligence fared best with less than 10 per cent planning to reduce spending on it.
The technology of business intelligence is closely aligned with improved operational processes as well as better strategies and plans.
It is unsurprising, therefore, that the need for better business intelligence has garnered such high interest, as the biggest companies expect IT to, in order of importance, automate more business processes, increase their competitive edge, and make the enterprise more agile.
“This shows that even in tough times, organisations face an increased need for business analytics for customer, information, risk and performance management,” says Storey.
David Brown, director, Biz Performance, however, cautions that technology alone will not solve these problems.
“The business strategy must come first, and then the aligning of the processes to that strategy,” he says. “Business intelligence on its own cannot work. It’s part of the planning process. In fact it’s monitoring the outcome of the plan itself.”
One increasingly important benefit that BI can help with is enterprise relationships, according to Brown.
“Enterprise relationships are very important,” he says. “Customers are probably worried about you as a supplier. Are you going to be around to supply them? You in turn are looking at your suppliers and asking if they are going to be around to support you and your customers.
“So, building relationships is extremely important, and business intelligence can help you in this area because it actually helps you understand your customers better, how they perform and help you understand your suppliers as well, and how they perform.”
Brown emphasises the importance of this knowledge, particularly in down times. “In today’s market place, it is very difficult to find new customers, so your focus has to be on your existing customer base,” he says. “Here, you have to understand that all these customers are actually performing, and paying their bills on time. If they don’t, it causes a problem in the cash chain.”
Manpower management
Beyond technology talk, the IT Nation Forum 2009 also touched on one particularly sensitive topic given the current environment—staffing and retrenchment. The survey found that some 18.9 per cent of companies plan to reduce IT staff while only 2.8 per cent need more manpower.
In Gilliland’s view, however, it is more important to retain staff even as outsourcing increases in popularity.
“It’s really important in a time like this to maintain the headcount and talent as much as you can because once you let them go, it’s very hard to get them back,” he says. “A key advantage of outsourcing is removing that fixed cost when your business is going down, but don’t outsource to reduce costs; that is not what outsourcing is about. As much as possible, maintain headcount while shifting some of your systems.”
In this regard, one positive development from the IT Nation 2009 survey is that organisations on average plan to more than double their IT budgets’ allocation to training from two per cent to almost five per cent.
“Our survey shows that people will be spending more on training the people they have, rather than retrenching,” says Storey. “This economic downturn is an ideal opportunity to provide increased training for employees.”
