InfoBrief, sponsored by Fortinet

JULY 2023

REGION FOCUS: ASIA /PACIFIC

Addressing the Imperative of a

Secure Digital Business
Best Practices and Priorities for CIOs and CISOs
Simon Piff
Research Vice President,
IDC Asia/Pacific
Executive Summary
Building Strategic Cybersecurity
The digital-first business is creating new digital business opportunities, with expectations
that digital revenue will be upwards of 40% of total revenue by 2027.1 This transformation
requires a well-equipped and highly motivated workforce that can securely deliver on the
needs of business today.

The ability to deliver seamless remote productivity and collaboration tools to employees
regardless of where they perform the work is vital to CEOs. The establishment of hybrid
working models is proving to be a critical game changer in how successful digital business
will be. Based on IDC research, businesses that fail to strategically embrace the hybrid
work model will see a 20% revenue loss in 2024 due to job attrition and underperformance.2

However, delivering a hybrid working model brings a range of security issues when
connecting remote employees to an on- and off-premises hybrid cloud infrastructure.
This has been observed in a recent IDC Asia/Pacific SASE survey, sponsored by
Fortinet: Incidents have increased across the board, with negative impacts to both
security and productivity.
This IDC InfoBrief will provide details on the
Productivity loss, such as breaches, data loss, and ransomware has been observed priorities of business cybersecurity and challenges
across organizations. But such potential havoc can be remediated with the right type of they face and offer solutions to address the
security approach. pressing business initiatives.

Sources: 1) IDC CEO Survey 2022, n = 346

2) IDC FutureScape: Future of Work Worldwide and Asia/Pacific Excluding Japan (APEJ) Implications, Dec 2022

IDC InfoBrief Addressing the Imperative of a Secure Digital Business IDC Doc. #AP241436IB Sponsored by Fortinet 2
Top 5 Priorities for CEOs
Growth, in today’s environment, invariably means embracing new technologies such as cloud to better connect with customers and partners in this highly
connected business world. Simultaneously, companies will be supporting the hybrid work mode, both of which will bring with them new security challenges.

Focus on technology enabled sustainable growth1 Technology priorities1

Growth . . . . . . . . . . . . 39.3% Security, risk, and compliance . . . . . . . . 43.9%

Sustainability . . . . . . 39.3% Hybrid infrastructure . . . . . . . . . . . . . . . . 41.1%

Technology. . . . . . . . 35.5% Customer experience . . . . . . . . . . . . . . . 36.4%

Innovation . . . . . . . . . . 29.0% Workplace solutions . . . . . . . . . . . . . . . 29.9%

Productivity . . . . . . . . 24.3% Automation technologies . . . . . . . . . . 28.0%

Despite ongoing economic challenges, Asia/Pacific (AP) CEOs have
been focused on sustainable growth empowered by technology, largely
buoyed by successful management of the pandemic, where AP
organizations emerged stronger and faster than their counterparts
elsewhere in the world.
At the same time, security is a top concern of the C-suite in enabling
the hybrid workforce to drive sustainable growth, leveraging the latest
innovations technology can provide.

Source: 1) IDC CEO Sentiment Survey 2023, APeJ, n = 101

IDC InfoBrief Addressing the Imperative of a Secure Digital Business IDC Doc. #AP241436IB Sponsored by Fortinet 3
Top 3 Technologies that Drive the Success of Hybrid Work
89% of regional organizations have established a hybrid working model Technological shifts companies are adopting
which is driving the use of cloud, remote security, and demand for remote as a result of hybrid work
IT support and collaboration tools.1 All these are creating pressure in the
IT security space which needs to be considered moving forward.
Moving to the cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40.7%

Security for remote-user access . . . . . . . . . . . . . . . . 37.1%

On demand remote IT support . . . . . . . . . . . . . . . . . . 29.8%

Collaboration tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29.6%

Virtual desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28.7%

Content sharing solutions . . . . . . . . . . . . . . . . . . . . . . 27.1%

5G connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25.6%

Connectivity/broadband solutions . . . . . . . . . . . . . . 23.1%

Increased monitoring of user activity . . . . . . . . . . . . 20.7%

Granular application control for all users . . . . . . . . 19.8%

Increased monitoring of critical roles . . . . . . . . . . . . 18.0%

Source: 1) IDC SASE Survey 2023, n = 450

IDC InfoBrief Addressing the Imperative of a Secure Digital Business IDC Doc. #AP241436IB Sponsored by Fortinet 4
Vulnerability Self-Assessments Indicate Traditional as Well as New Concerns
The "perimeter" concept is one that is becoming irrelevant in this hybrid Most vulnerable to a serious security breach1
world, since connections in and out of the organization are significant and
are set to grow in the future. Whilst “edge” has re-emerging as another Network firewalls/Secure edge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13.9%
computing domain, it is in reality another connection external to the main
datacenter, which may often be connected to cloud before anything else. Cloud security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13.2%
Again, a fresh approach is required to address this.
Data loss and privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12.8%
Whilst remote devices may
provide the concept of a Web content security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.6%

perimeter, interconnects and

Network: DDoS/WAF/Internet defense/Bot management . . . . . . . . 9.7%
multicloud architectures stretch
this approach to breaking point. Email messaging security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.4%
IDC survey data indicates that
Identity management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.4%
most AP organizations have
had at least 5 “reportable” Endpoint security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.0%
breaches in the past 12 months1.
Supply chain/third-party suppliers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.7%

Container security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.2%

API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.1%

Source: 1) IDC Asia/Pacific Enterprise Services & Security Sourcing Study 2022, n = 869

IDC InfoBrief Addressing the Imperative of a Secure Digital Business IDC Doc. #AP241436IB Sponsored by Fortinet 5
External Connections Drive a Connected Economy, But Can Also Bring
Increased Risk if Not Correctly Managed
Connecting digitally to customers and partners is proving to be the most effective way to engage in commerce. Concurrently, a growth in demand for data is
driving deployment of sensors across organizations, to be able to more effectively manage remote locations, devices, and systems.

Unmanaged connection growth Connections Managed connection growth

40%
35% 35%
30% 30%
25% 35% 25%
20% 20%
15% 15%
10% 65% 10%
5% 5%
0% 0%
Less 50% 100% 200% 400% >5X Less 50% 100% 200% 400% >5X
than than
50% 50%
■ Unmanaged ■ Managed

Only 65% of these devices connected to a corporate network are managed and with growth expected in the 100–200% range, the incremental threat vectors
are set to multiply — this excludes the IoT connections that are rapidly growing.

Whilst providing access to valuable new data sources, this will further stretch the already limited resources of the IT security team.

Source: IDC SASE Survey 2023, n = 450, sponsored by Fortinet

IDC InfoBrief Addressing the Imperative of a Secure Digital Business IDC Doc. #AP241436IB Sponsored by Fortinet 6
Adding to the Challenge: Lack of Focused Security Resources

Security team leadership in AP1 AP IT security team resourcing1

Total 100%
1.8%
52%
don’t have a The cybersecurity team is split between operations and
28.4% 19.8% threat hunting, with full time employees in both roles
dedicated
security lead

50%

We have a dedicated team of full-time employees who

19.8% 34.4%
address most of our needs

■ We have a dedicated Chief Security Officer reporting outside of IT

■ A cybersecurity head, who reports to the CIO 24.7%
We have a few full-time dedicated leads, who manage a
matrix of other multifunctional roles outside of security
■ The head of IT (CIOs, etc)
■ We don’t have a dedicated lead, it’s just part of what IT does
Our security team have other non-security, IT-related
21.1%
tasks they need to manage as well

Source: 1) IDC SASE Survey 2023, n = 450, sponsored by Fortinet

IDC InfoBrief Addressing the Imperative of a Secure Digital Business IDC Doc. #AP241436IB Sponsored by Fortinet 7
Hybrid Work Leads to Increases in Network Breaches
Connecting externally is unavoidable as more cloud and external applications are implemented, but these external connections result in increased negative
impact on work, unless sufficiently managed and secured.

Most employees connect to an average of 33 external connections (cloud-based Productivity is most hit, both at the IT and the employee level, but an
apps, mobile apps, third-party hosted systems beyond the corporate firewall) alarming increase in malicious attacks also puts the entire organization
during a day to complete their jobs, in some cases this is in excess of 100, and it at risk. Ransomware often inserts itself due to phishing, and the
is set to grow.1 outcome is now costing millions of dollars to remediate.1

Increased password reset requests . . . . . . . . . . . . . 39.3%

Breach growth caused by hybrid work
Decreased IT security team productivity . . . . . . . . 36.0%
Less than 50% increase . . . . . . . 21.1%
Network performance challenges . . . . . . . . . . . . . . . 34.2%
21.1% More than double
the number of incidents . . . . . . . 25.1%
Phishing attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32.2%

3 times . . . . . . . . . . . . . . . . . . . . . . . 33.1%
Denial of service or denial of access . . . . . . . . . . . . 29.8%

5 times . . . . . . . . . . . . . . . . . . . . . . . 13.8% Decreased employee productivity . . . . . . . . . . . . . . 29.6%

78.9%

6–10 times . . . . . . . . . . . . . . . . . . . 5.1% Performance issues for employees . . . . . . . . . . . . . 28.7%

■ Less than 50% increase
More than 10 times . . . . . . . . . . . . 1.8% Data theft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26.4%
■ 2X - 10X increase
Identity theft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24.4%

Data loss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22.9%

Source: 1) IDC SASE Survey 2023, n = 450, sponsored by Fortinet
Ransomware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22.0%

IDC InfoBrief Addressing the Imperative of a Secure Digital Business IDC Doc. #AP241436IB Sponsored by Fortinet 8
Cyber-skills Challenges Are Not the Only Issues Impacting the CIO
Poorly resourced IT security teams are further Factors significantly limiting your organization’s ability
disadvantaged by operational silos and to improve its IT security capabilities1
operational challenges, and misalignment with
business priorities. Typically, “IT security” has Insufficient integration between
security & infrastructure teams . . . . . . . . . . . . . . . . . .
been seen as a department unto itself,
operating in isolation and often poorly. This Time spent maintaining & managing security
versus performing security investigations . . . . . . .
needs to change as IT security today is a
function almost every employee has to Balancing security priorities with
business/productivity priorities . . . . . . . . . . . . . . . . .
consider; more deeply connecting security to
business and IT operations is a clear starting Complexity working across
multiple security dashboards . . . . . . . . . . . . . . . . . . .
point to being more effective in this area.
Fragmentation or lack of integration
Security is embedded in of security product portfolio . . . . . . . . . . . . . . . . . . . .

all aspects of IT, but none Management's lack of understanding . . . . . . . . . . .

more so than in the hybrid
cloud architectures of today. Skills shortages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
But tools are complicated
and don’t interoperate, Coping with unsanctioned IT/shadow IT . . . . . . . . .

creating friction and

Budget constraints . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
impeding productivity.
Number of legacy systems . . . . . . . . . . . . . . . . . . . . .

Source: 1) IDC SASE Survey 2023, n = 450, sponsored by Fortinet 0% 10% 20% 30% 40% 50%

IDC InfoBrief Addressing the Imperative of a Secure Digital Business IDC Doc. #AP241436IB Sponsored by Fortinet 9
Addressing the Security Needs of 3 Distinct Stakeholders
To fully align organizational priorities, companies need to breach operational and communication silos.

C-Suite and the Board Hybrid-Enabled Employees
Technology-enabled sustainable growth from Frictionless, secure access to a broad range of
innovation that can also drive productivity. productivity tools regardless of employee or
solution location.
Overstretched IT & IT Security Teams
• Convergence of solution offerings with key
networking capabilities
• Reduced footprint of management consoles
• Inherent and embedded automation to
improve productivity

The concept of zero trust has emerged as an approach to ensure that the demands of different stakeholders, across the hugely increased and distributed
footprint that hybrid cloud brings, can be met. This has also brought about new solution offerings that address both the technical and resourcing challenges
faced by IT security teams.

IDC InfoBrief Addressing the Imperative of a Secure Digital Business IDC Doc. #AP241436IB Sponsored by Fortinet 10
The Importance of Trust in Business and Security
IDC's Future of Trust research illustrates how risk and security are foundations of a trust-enabled commerce hierarchy.

Hierarchy of Trust1 How zero trust enables digital trust2

Actualized
Trust

Privacy
Strategic
Ethics and
social responsibility

Compliance
Compulsory
Security

Risk Foundational

IDC’s Hierarchy of Trust is built on research that states “all economic The zero trust model ensures that the technical environment is protected at
activity is enabled by Trust.” The hierarchy shows how risk management its broadest to its most granular levels. Wider digital trust is re-established
and security contribute to the business outcomes. by limiting technical trust. No level of trust is automatically granted to
end-users or to any computing network resources.

Source: 1) IDC, 2019;

2) Getting Your Organization to Zero Trust and Beyond: Future Enterprise Planning Guide, November 2021, US#48401021

IDC InfoBrief Addressing the Imperative of a Secure Digital Business IDC Doc. #AP241436IB Sponsored by Fortinet 11
Top Benefits of SASE: Visibility and Secure Networks
Companies will reap a mix of business and technical benefits to be obtained from implementing SASE.

Business and technical benefits of SASE1

Increased visibility
into edge security . . . . . . . . . . . . . . . . . . . . . . . . . 41.1%

Allows the enterprise to create cost

effective secure internal networks . . . . . . . . . . 40.4%

Improved network performance

for remote employees . . . . . . . . . . . . . . . . . . . . . 38.7%

Reduction in security alerts associated

with the hybrid working model . . . . . . . . . . . . . 38.2%

Increased efficiency
of security team . . . . . . . . . . . . . . . . . . . . . . . . . . . 37.1%

Zero trust network access (ZTNA), however, is not the full story here. A critical Overall enhanced security posture
component of ZTNA and the hybrid business model is that Secure access service across the organization . . . . . . . . . . . . . . . . . . . . 35.8%
edge (SASE) that can further enhance the capabilities of an organization in a similar
Allowing the organization to deliver a
manner. For those that have already adopted SASE, the benefits cover a range of distributed organization more easily . . . . . . . . 34.9%
business and technical requirements. Whilst increased visibility, cost efficiency, and
performance top the benefits list, other benefits include the critical demand of
improving the efficiency of and not overwhelming IT security teams.

Source: 1) IDC SASE Survey 2023, n = 450, sponsored by Fortinet

IDC InfoBrief Addressing the Imperative of a Secure Digital Business IDC Doc. #AP241436IB Sponsored by Fortinet 12
Complexity is the Enemy of Security: Most Are Consolidating Security Vendors
The surveyed organizations know that consolidating security vendors is the way forward. Most have already completed the consolidation process or are in the
process of doing so.

IT security vendor consolidation plans1 Do you agree that networking and security
capabilities should be delivered by a single vendor?1

1/3 of organizations 82% of regional organizations

have completed agree that networking and
IT security vendor security should be delivered
consolidation by a single vendor1
programs1
50% 60%
50%
By 2023, 40% of
40% 43.1% 50% APEJ organizations
30% 33.3%
will allocate half of
40%
their security budgets
32%
20% to cross technology
30%
16.9% ecosystems/platforms
10%
20% 14% designed for rapid
6.7%
0%
No Not at the Our We have consumption and
10%
moment consolidation completed our 4% unified security
0%
but we are program is IT security
planning for it underway vendor
0% capabilities to drive
Strongly Disagree Neutral Agree Strongly
consolidation disagree agree agile innovation2
program

■ Total ■ Malaysia ■ All countries in APEJ

Source: 1) IDC SASE Survey 2023, n = 450, sponsored by Fortinet
2) IDC FutureScape: Future of Trust Worldwide & Asia/Pacific (excluding Japan) Implications 2022

IDC InfoBrief Addressing the Imperative of a Secure Digital Business IDC Doc. #AP241436IB Sponsored by Fortinet 13
Simplify Security and Reduce Complexity
The need of the hour is for security to be simplified by rethinking security strategies
to respond to evolving threats and challenges. The focus must be to converge
security and network to the cloud by ensuring integration with current architecture
to reduce complexity. This should help in the following:
Security Team

Ease of Lower total cost Reduced Global

management of ownership (TCO) financial burden accessibility Workloads

Disadvantages of Advantages of
multivendor offerings: single-vendor solution:
Cloud Endpoints
♦ Legacy architecture ♦ Ease of deployment
♦ Lack of communication between ♦ Proper visibility of internal
security and networking teams and external threats Cloud & End User
Security Strategy
Infra Teams

Automate security functions for security-at-scale . . . . . . . 28.4%

Network Access

Align security with digital transformation . . . . . . . . . . . . . . . 28.2%

Prioritize security activities for highest benefit . . . . . . . . . 27.6%

Networking
Teams
Source: IDC SASE Survey 2023, n = 450, sponsored by Fortinet

IDC InfoBrief Addressing the Imperative of a Secure Digital Business IDC Doc. #AP241436IB Sponsored by Fortinet 14
Essential Guidance
Steps to ensure secure IT infrastructure and environment for the new future of hybrid work:

Security has never been more in-focus for the C-suite than today as, in the near
future, 42% of revenues are anticipated to be digitally derived1: This changes the
imperative of IT security from protecting productivity to the protection of income.

The digital-first and hybrid business models are creating a new wave of threat
vectors that threaten to overwhelm an under-resourced IT security team if new
approaches are not taken.

Applying ZTNA is the first step, and tactically deployed SASE in convergence
with a software-defined wide area network solution can immensely support the
needs of the three key stakeholders — the C-suite, the workforce, and the IT
security team.

Reducing complexity for IT security can also be gained from an IT security

vendor consolidation program. Seek out vendors that can offer holistic yet
integrated solutions that meet the demands of the organization. Establish this
as the “key” security platform and ensure other security offerings can integrate
with your platform.

Sources: IDC FutureScape: Future of Digital Infrastructure Worldwide and Asia/Pacific Excluding Japan (APEJ) Implications, Dec 2022

IDC InfoBrief Addressing the Imperative of a Secure Digital Business IDC Doc. #AP241436IB Sponsored by Fortinet 15
 MESSAGE FROM THE SPONSOR
Securing People, Devices, and Data Everywhere

security solutions are among the most deployed, most patented, and
cybersecurity and the convergence of networking and security. Our
mission is to secure people, devices, and data everywhere, and today
we deliver cybersecurity everywhere you need it with the largest
integrated portfolio of over 50 enterprise-grade products. Well over
half a million customers trust Fortinet’s solutions, which are among the
most deployed, most patented, and most validated in the industry.

Global Customer Base 2022 Billings Market Capitalization programs in the industry, is dedicated to making cybersecurity training
660,000+ $5.59B+ $52.1B
Customers (as of Dec 31, 2022) (as of March 31, 2023) FortiGuard Labs, Fortinet’s elite threat intelligence and research

and AI technologies to provide customers with timely and consistently

top-rated protection and actionable threat intelligence.

About Fortinet
Broad, Integrated Portfolio of Strong Analyst Validation Vertical Integration

50+ 37 $1B+
Enterprise Cybersecurity Enterprise Analyst Report Fortinet SASE Solutions
Products Inclusions

Work From Anywhere

This publication was produced by IDC Custom Solutions. As a premier global provider of market
intelligence, advisory services, and events for the information technology, telecommunications,
and consumer technology markets, IDC’s Custom Solutions group helps clients plan, market, sell,
and succeed in the global marketplace. We create actionable market intelligence and influential
content marketing programs that yield measurable results.

IDC Asia/Pacific
83 Clemenceau Avenue, #17-01 UE Square, West Wing, Singapore 239920
T 65.6226.0330

@idc @idc idc.com

© 2023 IDC Research, Inc. IDC materials are licensed for external use, and in no way does the use or publication
of IDC research indicate IDC’s endorsement of the sponsor’s or licensee’s products or strategies.
Privacy Policy | CCPA