The security burden of moving to remote work during the COVID-19 pandemic, an ever-evolving technology and threat landscape, and no confidence An approach to corporate security will significantly boost overall cybersecurity technology spending in Turkey over the next several years, according to new research by IDC.
Turkey’s security technology market is expected to grow from $247.43 million in 2020 to $344.89 million in 2025 on the back of strong activity in the top three sectors of the market – security software, IT services and security devices, according to a recent IDC report.
Among these markets, software holds the largest share, according to a report by Yesim Arac Ozturk, IDC Research Director for IT Security in Turkey. Turkey’s security software market holds 43.2 percent of the total security solutions market and grew by 6.4 percent year-on-year in 2020 to reach $106.97 million, according to IDC.
IT Security Services was the second largest segment in 2020, with a market capitalization of US$73.19 million with a share of 29.6% of the total cybersecurity market. According to the report, the Security Appliance segment – thanks to increased investment in unified threat management devices to serve as gateways into the network perimeter – has rounded out the top three segments with a share of 27.2%.
Like most countries, Turkey faced security complications when the outbreak of the pandemic in 2020 led to hasty government policies that forced office workers to do their jobs from home if at all possible. Öztürk said this led to security configurations for remote workers that did not have the same standards they would normally find in the office.
Pandemic affects cybersecurity standards
“With the outbreak of COVID-19, companies focusing on the rapid work of their remote employees have been unable to attach the necessary importance to security,” she told the CIO in an email interview.
She said civil society organizations have prioritized safe access for employees and customers to the applications and services they need to perform their specific jobs. However, proper concern for perimeter security – an ever-changing landscape due to the “rapid increase in endpoints” – as well as identity and access management using technologies such as multi-factor authentication cannot be properly addressed, Öztürk said.
Investment in cloud technologies has also increased during the pandemic, and the cloud environment has become the second or third choice for many companies to recover from disasters, according to the report.
However, in the security landscape, the use of cloud-based security software is rising very slowly, mainly among companies with mixed IT environments. Öztürk said the majority of the interest in cloud technologies is primarily seen in the rapid shift of endpoint software to the cloud.
However, she added, according to recent IDC survey data, the majority of organizations that use cloud services to some extent plan to increase their use of cloud security in 2022.
She said Turkey’s focus on moving forward with security reflects this evolving security landscape, which has been introduced not only by the pandemic, but also by other factors such as the “disappearing ocean”.
Increase spending on identity and access management
This is particularly true of security software, Öztürk said, where investments in identity and access management have accelerated.
“In particular, interest in premium access management solutions is growing,” she said. This also means that some legacy security markets – such as security information and event management (SIEM) –Ozturk said they are taking a financial hit.
“We no longer see SIEM’s traditional $1 million investment,” she told us. “Investments in SIEM are mostly focused on security services.”
Security services include a comprehensive view of all activities needed to plan, design, build and manage secure network infrastructures and comprehensive security programs, according to the International Data Center. These services can either be purchased separately or bundled with other services.
The current growth in Turkey is that security services have been affected by a lack of expert human resources and general knowledge within companies on how to secure a new generation of technology investments — such as cloud computing and hybrid IT environments — as well as protection from increasingly complex cybersecurity threats, Özturk said.
At the same time, organizations have difficulty retaining qualified and valuable security professionals within the organization – perhaps the biggest problem facing CSOs and CSOs in Turkey, she said.
“Rotation times are getting shorter every day, so a limited number of security teams have to take on a huge workload,” Öztürk said.
This not only leads to more outsourcing of security services, she said, but demonstrates that “a reform approach is needed in training security experts in Turkey.”
Meanwhile, the security services that companies are “more and more assessing” to meet the overall security needs of organizations include managed security services, security operations center, managed detection and response, and endpoint discovery and response, Öztürk told CIO.
Companies adopt a mistrust approach
Another idea driving the growth of security solutions in Turkey is the idea of taking a no-trust approach to corporate security, Özturk told CIO. In fact, half of IDC’s survey respondents said they aim to modernize their IT infrastructure over the next 12 months using this approach, she said.
Öztürk said that this idea is based on the basic principle of “trust nothing,” but it goes deeper than that and has its roots in the applications of historical corporate security.
Traditionally, companies have been relatively lenient in securing applications and networks within the perimeter of a corporate network, assuming that anyone with access to the corporate network is a trusted entity.
This has changed over the past decade or so not only due to the emergence of insider threats, but also because of the increasing complexity among threat actors who can gain access to a corporate network using stolen credentials and other means and then maintain persistence – often without Being caught for months engaging in nefarious activities.
“In Turkey, CISOs and security managers have repeatedly discussed the approach of mistrust in 2021 and have updated their strategies in line with this approach,” Öztürk said.
This, in turn, means that companies often have to update legacy solutions, leading to greater investment in comprehensive security solutions, she said. “In this direction, organizations plan to renovate their legacy IT infrastructures, software and hardware in 2022,” Öztürk said.