Points of View

Make security spending a priority during COVID-19: Enlist security service providers to secure your surface area and prepare for cloud adoption

Apr 25, 2020 Callum Moore

HFS compiled its first COVID-19 survey data, which a sample size of 600 respondents, including 100 enterprise executives. COVID-19 is a fluid topic, and we expect to repeat this survey. The data revealed that spending on security and cloud came out on top. COVID-19 has caused chaos for enterprises, creating unprecedented challenges with the increase in employees working from home. These challenges have raised security concerns and sent enterprises into a frenzy trying to manage their surface area. Enterprises must turn to security service providers for assistance with securing their organization as they add devices to their systems and increase cloud adoption to meet the demands of the growing number of people working at home. They need to take security seriously and support it with significant investment; if they fail to rise to the challenge of securing an enterprise during COVID-19, financial loss and or reputational damage could result.

 

 Exhibit 1: Laptops, collaboration software, and security sit high on the new IT shopping list

 

 

 

COVID-19 has increased enterprises’ surface area—enterprises must meet this challenge with further investments in security

 

COVID-19 has led to isolation and social distancing measures implemented across the globe; ultimately, enterprises have largely resorted to sending staff to work from home. The increased number of staff members working from home has increased the challenge employers face while supporting staff with secure equipment and software that enables them to continue their day-to-day business. Exhibit 1 shows us that 52% of enterprise respondents and 70% of provider respondents predict an increase in spending on personal equipment such as laptops. Laptops, collaboration software, and security sit high on the new IT shopping list, and 56% of enterprise respondents and 78% of provider respondents predict a rise in security spending.

 

One enterprise told us that it views getting the majority of its staff suitably set up to work from home in response to COVID-19 like a military operation—taking the hill. The enterprise understood the importance of not only taking the hill but also supplying it and reinforcing its security. Its security reinforcement included measures such as supplying modern equipment with up-to-date software, VPNs, and online training in how to operate safely in their home environment. As we explained in previous HFS work and a recent webinar with Microsoft, cybercriminals are exploiting the human factor and increased device surface area that now lumber enterprises. It’s clear that some enterprises are taking COVID-19 seriously, although it is evident they must do more. HFS data showed that only 56% of enterprises expect to increase their security spending. This is worrying. Seventy-eight percent (78%) of security services providers expect this increase; the onus seems to be on the providers to proactively reach out to enterprises to communicate the increased potential threats.

 

 

Exhibit 2: HFS data has revealed large spending increases in cybersecurity to combat the challenges faced by COVID-19

 

 

 

Source: HFS Research April 6, 2020

Sample: Coping with COVID-19 study, 631 major enterprises

 

 

Exhibit 2 highlights  expected increased spending as a result of COVID-19. The biggest increase comes from IT and business process services providers, which predict they will increase spending by 9.0%. Software companies plan to increase their spending by 6.4%, enterprise clients by 5.4%, and he advisors and consultant category by 5.3%. Enterprises don’t seem to expect to increase their security spending much—this is concerning. It is paramount that enterprises consult security services provider to ensure their security policies, processes, technologies, and monitoring activity can effectively protect them in the COVID-19 working environment. Enterprises doesn’t need to big sums of money, but they must cooperate with a service provider to not be caught out. Enterprises must be vigilant for security service providers that might use the current situation’s uncertainty to push services that enterprises may not require.

 

Enterprises must seek service expert providers to bolster security—a growing security surface area can be difficult to manage at the best of times, let alone during COVID-19

 

Separate HFS analyst interviews reveal that COVID-19 has paralyzed some industries’ retail or business process outsourcing services (BPO) due to their failure to adequately supply their staff with equipment and infrastructure needed to safely and securely operate remotely.

 

Security services providers have multiple solutions to offer; it’s up to enterprises to find a provider that aligns to their needs

 

Security services providers have vast knowledge about securing their customers; enterprises must lean on incumbent service providers during COVID-19 to see what security offerings they have available. Failure to do so leaves enterprises’ networks vulnerable to exploitation by cyber threats because of the increased risk from the complex knot of new infrastructure and devices they hastily adopted to maintain serviceable normality. Recent HFS work covered different provider solutions, including IBM’s X-Force Threat Management Services, Secureworks‘ Counter Threat Platform, and Accenture’s end-to-end managed security services and Elastic Digital Workplace solution, which enables companies to rapidly scale up as needed to adapt to changing business needs. Moreover, security service providers also have experience in securing the cloud. Exhibit 3 predicts that hybrid-cloud and multi-cloud spending will increase. For example, IBM and Secureworks both have experience in securing cloud environments. IBM’s Guardium Data Protection for Databases provides automated real-time data activity monitoring and analytics to search for unusual activity. Secureworks offers hybrid IT security solutions and multi-cloud deployments for popular platforms such as Amazon Web Services and Microsoft Azure. Further to this, its Security Configuration Management solution helps clients to identify and prevent security gaps in the cloud.

 

 

Exhibit 3: Significant growth in cloud and cybersecurity to support and secure accessibility

 

How do you expect COVID-19 to impact your, or your clients, spending on any of the following?

 

 

 

 

The Bottom Line: Enterprises must look to security services providers to secure their web of devices and cloud infrastructure, or they risk opening the flood gates to cybercriminals to inflict financial and reputational damage.

 

COVID-19 has made it unclear when normal day-to-day office life will continue; not since the 9/11 attacks has there been uncertainty on this scale about when employees will return to their offices. Enterprises must invest in cloud infrastructure and remote working devices to continue operating but lean on security services providers to secure their new devices and infrastructure. Failure to secure the increased surface area that enterprises find themselves with could open enterprises to exploitation by cyber-criminals.