India Insights with Varun Haran

Advanced SOC Operations / CSOC , Governance & Risk Management , Professional Certifications & Continuous Training

Insights from Gartner India Security Summit 2016

Several Key Themes Emerge from Event in Mumbai
Insights from Gartner India Security Summit 2016

Gartner's second annual security and risk management summit, held Sept. 1 and 2 in Mumbai, offered a valuable opportunity to network with the security community and connect with Gartner's security analysts from around the world.

See Also: OnDemand Webinar | Measuring Your Data's Risk & The Cost of Unpreparedness

Most of the educational sessions were delivered by Gartner analysts, interspersed with sessions from sponsors. The exceptions to this were sessions featuring Bharat Panchal of the National Payments Corporation of India, cyberlaw expert Prashant Mali, and Aditya Menon, Citigroup's managing director of global digital strategy.

Menon touched on several hot trends, including use of big data analytics, blockchain in banking transactions, the evolution of identity and access management and other banking innovations.

I had plenty of opportunities to meet some old friends in security, attend some informative sessions and interview Gartner analysts, as well as security practioners. Here are some of my impressions.

Key Themes

Adaptive security, or context-aware security, was a key theme at this year's summit, starting with the opening keynote on the first day. Gartner believes this approach will prove essential to enabling organizations to react to continuous changes in business, technology and the threat environment.

The shift from prevention to detection and response was also a dominant theme. The analysts I spoke to believe that the evolving risk landscape is leading organizations to accept the inevitability of finally having to shed their longstanding focus on perimeter defense.

Other themes discussed in some detail included mobile security and the Internet of Things.

Trends in India

Gartner shared some revenue predictions for security for the Indian market, which I found to be particularly interesting. Gartner Principal Analyst Siddharth Deshpande said security spending in India is growing at an annual rate of about 10.6 percent, with spending for 2016 expected to total $1.12 billion. Spending is on a pace to hit $1.66 billion by 2020, he said. Security spending grew by 8.3 percent in 2015, Gartner had said last year (see: Gartner: Security Spending to Grow 8.3%).

The largest chunk of this investment pie is going to security services, including consulting, implementation, support and managed security services. Services accounted for 61 percent of spending in 2015, Gartner reported.

The growth of the services market is the result of Indian organizations' increasing dependence on third-party managed security service providers to keep pace with their digital transformation journey, Deshpande said (see: MSSPs, The Preferred Route to Skills Challenge).

The Indian market is responding to the industrialization of the cybercriminal underground and increasing volumes of cyberattacks. Organizations are increasing their security budgets to address the risks being brought on by the inexorable transition to a digital economy as well as new and evolving attack vectors.

Deshpande said organizations in India are now understanding that detection and response are increasingly more important than a focus on a defense-only strategy.

"I recommend that organizations shift their security budgets to have at least 60 percent to be spent on detection and response, up from the current 10 to 15 percent," he said.

Mature organizations that have begun to shift their focus to detection and response approaches are now looking to develop advanced capabilities, according to Gartner analysts. In addition, these organizations seem to be moving away from a technology-centric approach to security and paying more attention to people and processes.

While it's good to hear reports of progress in implementing appropriate security strategies in India, clearly most organizations still have a lot of work to do as the threat of cyberattacks continues to grow. I would wager that while vendors are pleased with the increased opportunity for business, practitioners are worried about the seemingly never-ending fight - or "security journey" as it's often put - in the months ahead.

About the Author

Varun Haran

Varun Haran

Managing Director, Asia & Middle East, ISMG

Haran has been a technology journalist in the Indian market for over six years, covering the enterprise technology segment and specializing in information security. He has driven multiple industry events such as the India Computer Security Conferences (ICSC) and the first edition of the Ground Zero Summit 2013 during his stint at UBM. Prior to joining ISMG, Haran was first a reporter with TechTarget writing for SearchSecurity and SearchCIO; and later, correspondent with InformationWeek, where he covered enterprise technology-related topics for the CIO and IT practitioner.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.