Transformation in The Age of Increased Adversity
The year behind us was a year of continuous transformation. Starting from 2020 and continuing in 2021, we witnessed skyrocketing adoption of digital technologies across business verticals and government.
Investments in cybersecurity saw a noticeable increase across the verticals, with special focus on government, BFSI as well as energy and utilities. On the other side, aviation, logistics, construction, and hospitality verticals continued to have conservative budget spend on cybersecurity.
Help AG, as the largest cybersecurity solutions and services provider in the Middle East and Africa, has deep insights into cybersecurity spending patterns. We believe these insights would be valuable to our clients and partners, as a reflection of the market demand, adoption and trends for different areas of cybersecurity.
The most significant trends in 2021 that we observed in terms of investment patterns were:
- Rapid transformation into a service-based model
- Continuous adoption of cloud
- Significant increase in investments in locally hosted solutions and services, including SASE, private access, DDoS protection, and security platforms
- Hypergrowth in investments in managed cyber defense
- Hypergrowth in investments in OT and IoT security
- Significant increase in investments into IAM/PAM space
- Stabilization of investment into security infrastructure such as next generation firewalls, application security and DNS security, with little growth (after significant increases in 2021)
You will note that we are no longer talking about “work from home”. The new normal is a reality and the hybrid workspace models are fueling digital transformation and cloud adoption. What organizations need are secure solutions for their employees to work from anywhere and for their users to access services through omni-channel platforms, all with security built in as a paramount prerequisite.
1. Service-centric business evolution
Focus on core business, widening skill gap and CAPEX budget availability played a significant role in service-centric business evolution in 2021. This is an unstoppable process, further fueled by original equipment manufacturer (OEM) vendors moving away from perpetual licensing and transitioning into subscription models from the commercial aspect and into SaaS from technical and delivery aspects.
For Help AG, this has been a landmark year as our service revenues almost equaled our revenues from solutions reselling through project-based work, with some areas of services business having triple-digit growth.
Another trend we see is that ‘umbrella’ government departments and group companies are also significantly increasing their investments into building technical and people capabilities to serve their own end clients, wherein Help AG takes a leading role by providing best-of-breed solutions, local hosting, and in-country services.
Three years from now 90% of all cybersecurity requirements will be fulfilled through service model.
Help AG is well positioned to help our clients on this journey. We took a strategic decision to invest into service-centric business evolution five years ago and today we are at the forefront and already offering our clients several innovative services ranging from managed cyber defense (including digital risk protection) to DDoS, SSE, WAF and PKI all the way to strategic consulting and security analysis. Through this approach we ensure the highest quality of services for our clients, while leveraging the best-of-breed solutions in the backend, with reduced TOC.
2. Continuous adoption of cloud
Two years ago, the region had been relatively lagging in terms of cloud adoption. Today we are leading the pack, especially when it comes to the adoption of in-country cloud and private cloud. It is another area that was heavily driven by changes induced during the first year of the pandemic. Today organizations, both governmental and private, are investing into cloud migration projects and are increasingly using PaaS and SaaS.
The same reflects in the area of cybersecurity, where we have two streams that have been witnessing strong double-digit growth:
- Organizations now see clear benefits in using cloud-based cybersecurity solutions, including Help AG’s own locally hosted services and SaaS services offered by OEM vendors. Benefits come in the form of reduced TCO, subscription based/OPEX commercial models and increased reliability and availability of solutions. This is applicable even to clients who still run on-prem models for their own IT systems.
- The second stream is from securing IT systems which are based in the cloud. Solutions in this area range from “traditional” infrastructure solutions such as next-generation firewalls and web application firewalls to cloud-native solutions to provide assurance of cloud configurations and cloud security controls.
3. Locally hosted solutions and services
Accelerating digital transformation, service-centric evolution and adoption of cloud in combination with local regulations and requirements around data residency have created a need for investments into locally hosted cybersecurity solutions and services. Help AG has been at the forefront of these investments together with e& (formerly known as Etisalat) and leading global vendors. From DDoS and application security to SASE and Zero Trust access, Help AG brings best-in-class solutions to be delivered from in-country public/private cloud, paired with high quality local services. By doing this we enable our clients not to compromise between regulatory requirements and using the best technology there is. This segment of our portfolio has been well-adopted by our clients and is significantly growing for the past 5 years, with notable acceleration in 2021 and 2022.
4. Managed Cyber Defense
Managed cyber defense remains to be the fastest growing area of cybersecurity in our markets, and we can classify it as having a hypergrowth trajectory. This is driven by actual necessity because of the need to protect complex IT estates in times of increased adversity and the need to stay compliant with regulations and standards, while grappling with an ever-widening skills gap in this area. Specific areas of increased investment included services and solutions based on the following technologies:
- SIEM and SOAR
- Network detection and response
- Endpoint protection/detection and response solutions
- Digital risk protection solutions
With continuous triple-digit growth, this remains to be an area of extreme relevance. While very important, we are yet to see significant growth in investments in areas of threat intelligence platforms and UEBA. We believe these will take the lead in 2022, either as standalone solutions or as part of next-gen SIEM platforms.
5. OT and IoT
This has been yet another area where we witnessed hypergrowth. Digital transformation is making steady inroads into OT systems, starting with IT-OT connection and leading to IT-OT convergence. Industry 4.0 means IoT is becoming embedded into our lives, our lives and our cities, which comes with a pressing requirement to secure it. OT and IT networks are increasingly interconnected, and unconventional devices are plugged in and are capable of communicating. These expanding attack vectors are leading to an increase in cybersecurity threats.
Specific areas of increased investment included:
- Data diodes: These serve as important security controls for any traffic going in and out of OT environment, ensuring high security posture, while not interfering with business processes. They are a key element to enable IT-OT communication and ultimately convergence.
- Visibility solutions and other OT SOC solutions: Motivations for managed cyber defense, protecting systems and having visibility into vulnerabilities, incidents and anomalies are important for anyone running an OT system, especially in the area of critical infrastructure.
- File inspection solutions: Files remain to be the most common attack vector for OT systems and ensuring the safety of each file coming into the OT environment is a must.
6. IAM/PAM
We have seen strong double-digit growth in the areas of Identity and Access Management (including Identity Governance) and Privileged Access Management. We firmly believe, based on analytic reports, global market trends and our regional insights that this trend will only accelerate in 2022.
These areas are critical for a successful digital transformation and for creating a true digital workplace. Successful projects in IAM act as real business enablers, while the projects that introduce any friction or inconvenience to the end user can have detrimental effect on business processes and become counterproductive. The maintenance of privileges or entitlements is one of the most challenging aspects of IAM and the biggest source of risk.
Our clients are recognizing the importance and therefore boosting investments into proven technologies in these areas.
7. Email security
Email continues to be the most used attack vector. There has been a dramatic increase in the volume and proliferation of phishing attacks, attachment-based attacks, and ransomware attacks. Further, migration to cloud-based email requires a relook at email security. Email security is another area where we have seen double-digit growth in our clients’ investments, which is clearly showing that the market understands the threat and is willing to invest into these areas to ensure higher security posture and no business interruption.