I am fresh off of spending a week in Singapore teaching a security workshop. The attendees were from Singapore and the surrounding areas of Malaysia, Indonesia, Brunei, Cambodia, Vietnam, Papua New Guinea and other surrounding countries. They represented a good mix of midmarket companies from the financial, govt and educational sectors. In speaking to these attendees some general trends were evident to me:
1. Like midmarket companies everywhere, security represents a challenge for their organizations. They have neither the in house expertise nor the budget to fully engage a comprehensive security strategy.
2. SE Asia has less compliance mandates to deal with then the US, but many of ours are overlapping. The same types of common sense security that is mandated in many US statutes, rules and regulations, apply to SE Asian countries as well. Overall PCI remains “compliance with no borders” as at the very least PCI applies to everyone in the payment card food chain the world over.
3. The attitude towards vendors is biased towards big vendors. Unlike here in the US, it seems in SE Asia the “bigger is better” mantra is still in full effect. Many companies in the region are afraid that smaller companies not based in the region don’t have the resources to adequately support companies there.
Also, from what I was told, IT departments and personnel are very stretched. They prefer to outsource where possible and generally want solutions that if something isn’t working they pick up the phone and get immediate help. The idea of trying to “tinker” or develop in house solutions is just not part of their mission.
This means that if you want to succeed in servicing this dynamic and growing market you probably need in region support and must show your customers that not only is your solution capable of solving their security needs, but that your organization is capable of servicing them as a customer as well.
In terms of the technology in demand for security at the mid-market, it is the same sort of things we see here in the US. Starting with basics like firewall and endpoint security, anti-spam is very much a high need. BYOD security is now also becoming a big issue, as many are bringing their own smartphones and tablets to work.
A unique challenge was the multi-cultural nature of the area. It is not unusual to have several different languages and alphabets supported. This poses yet another stress on security solutions they choose. They have to work in these multi-cultural environments.
But some things are just universal in security. For instance almost all of the attendees said one of their biggest challenges was how to get their organizations to allocate more budgets towards security. Their users don’t like all of the requirements that security mandates (strong password, etc.). Changing corporate views towards the security team and its mission is a challenge.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.