• Security leaders are ready to reinvest in cybersecurity with a renewed and refreshed rigour.
• Enterprise information security and risk management end-user spending in India is expected to increase by 9.5% to $2.08b this year, from $1.9b last year.
• India is at an early stage of cloud adoption and the pandemic only accelerated this shift as organisations moved to the cloud to achieve cost efficiency and business continuity.

Enterprises’ rapid shift to the cloud is driving triple-digit spending across all segments of security and risk management in India this year.

Prateek Bhajanka, Senior Principal Research Analyst at Gartner, said that the overnight move to remote-working in reaction to the pandemic exposed organisations’ vulnerabilities.

“While security leaders had to cut down on their security spending in 2020 because of IT budget-cuts, in 2021, this trend is reversing. A secure digital environment is now foundational to organisations’ growth and in preparation for another crisis that may arise. Security leaders are ready to reinvest in cybersecurity with a renewed and refreshed rigour,” he said.

According to the research firm, enterprise information security and risk management end-user spending in India is expected to increase by 9.5 per cent to $2.08 billion this year, from $1.9 billion last year.

Pandemic revs up cloud adoption

Continuing the trend from last year, cloud security and integrated risk management will experience the highest growth in 2021, up 251 per cent and 27.8 per cent, respectively.

Bhajanka said that India is at an early stage of cloud adoption and the pandemic only accelerated this shift as organisations moved to the cloud to achieve cost efficiency and business continuity.

 “In 2020, hyperscalers, such as Amazon Web Services, Microsoft Azure and Google Cloud, increased their investment in data centres in India, further catalysing Indian organisations’ move to cloud during the pandemic.”

Moreover, he said that CISOs and security leaders are aware of the risks and vulnerabilities that their organisations can be exposed to while migrating to the cloud from legacy systems.

Mohammed Al-Moneer, Regional Director for the Middle East, Turkey and Africa at Infoblox, said that the existing enterprise security stack, including security controls such as data loss protection, cannot scale to the cloud and new controls to secure container-based workloads, lockdown cloud configurations and encrypt data in the cloud are still being deployed.

As of the end of 2020, he said that many organisations have still not implemented necessary cybersecurity to protect this far more distributed user base. 

New security controls needed

“Proprietary business information is at risk when workers use personal and business instances of applications such as Office 365 on the same machines, collaborate within clouds and connect to an ever-increasing number of SaaS clouds that are not work-related and not sanctioned by their IT department,” Al-Moneer said.

The on-premises legacy enterprise security stack will not work for remote workers without significant redesign, planning and a move to new security controls to support distributed infrastructure and cloud deployments, he said and added that Domain Name System (DNS) security can be configured to protect teleworkers but many organisations don’t yet have the additional protections and visibility that DNS security deployment would provide. 

However, he said that many cybersecurity procedures and security controls used within enterprise facilities cannot provide the same level of security for remote locations.

Gartner said that cloud access security brokers (CASB) and cloud workload protection platform (CWPP) will be some of the major technologies that CISOs in India will increase their spending on within the cloud security segment in 2021.

In addition, Bhajanka said that Indian CISOs and security leaders will focus on establishing and deploying threat detection and response programs and capabilities, such as endpoint detection and response (EDR), and move to cloud-delivered security capabilities to have consistent security coverage whether working from the office, home or off-site.

Related stories:

• Board directors rate cybersecurity as the second-highest source of risk for enterprises
• Vulnerabilities in Microsoft products mark biggest jump in 2020
• Cybercriminals turn to bots and automation to make their attacks avoid detection