According to new research by IDC.
The Turkish security technology market is expected to grow from $247.43 million in 2020 to $344.89 million in 2025 driven by strong activity across the three major market segments – security software, IT services and security appliances , according to a recently published IDC report.
Among these markets, software has the largest share, according to the report by Yesim Arac Ozturk, IDC research manager for computer security in Turkey. Turkey’s security software market represents 43.2% of the overall security solutions market and grew 6.4% year-over-year in 2020 to $106.97 million, according to IDC.
IT security services was the second largest segment in 2020, with a market value of $73.19 million for a 29.6% share of the overall cybersecurity market. The security appliance segment — thanks in part to growing investment in unified threat management appliances to serve as gateways to the network perimeter — rounds out the top three segments with a 27.2% share, according to the report.
Like most countries, Turkey faced security challenges when the onset of the pandemic in 2020 spurred hasty government policies that forced people working in offices to do their jobs from home if possible. This led to security setups for remote workers that didn’t have the same standards they would typically find in the office, Ozturk said.
The pandemic affects cybersecurity standards
“With the outbreak of COVID-19, companies that were focused on getting their employees working remotely quickly couldn’t attach the necessary importance to security,” she told the CIO in an interview by e. -mail.
CSOs prioritized ensuring employees and customers had secure access to the apps and services they needed to do their specific jobs, she said. However, proper attention to perimeter security – an ever-changing landscape due to the “rapid rise of endpoints” – as well as identity and access management using technologies such as authentication multifactor could not be properly addressed, Ozturk said.
Investments in cloud technologies have also increased during the pandemic, and the cloud environment has become many companies’ second or third choice for disaster recovery, according to the report.
However, in the security landscape, the use of cloud-based security software is growing very slowly, and primarily among enterprises with hybrid IT environments. Much of the interest in cloud technologies is seen primarily in the rapid move of endpoint software to the cloud, Ozturk said.
Still, according to data from a recent IDC survey, the majority of organizations using cloud services are planning to increase their use of cloud security to some degree in 2022, she added.
Turkey’s focus on security going forward reflects this evolving security landscape, which not only the pandemic but also other factors like the “disappearing perimeter” have introduced, she said.
Spending on identity and access management is growing
This is especially true in terms of security software, where investment in identity and access management has accelerated, Ozturk said.
“In particular, interest in privileged access management solutions is growing,” she said. It also means some older security markets, like security information and event management (SIEM), are taking a financial hit, Ozturk said.
“We don’t see the traditional million-dollar SIEM investments anymore,” she told us. “Investments in the SIEM domain are mainly focused on security services.”
According to IDC, security services involve a holistic view of all activities necessary to plan, design, build, and manage secure network infrastructures and comprehensive security programs. These services can be purchased separately or bundled with other services.
Turkey’s current growth is that security services have been influenced by the lack of expert human resources and general knowledge within companies on how to secure a new generation of technology investments – such as cloud computing and hybrid computing environments — as well as protecting against increasingly sophisticated cybersecurity threats, Ozturk said.
At the same time, organizations struggle to retain valuable and qualified security professionals within the organization – perhaps the biggest headache for Turkish CIOs and CSOs, she said. .
“Turnaround times are getting shorter every day, so a limited number of security teams have to take on a huge workload,” Ozturk said.
This not only leads to more outsourcing of security services, but demonstrates that “there is a need for a reformist approach in training security experts in Turkey”, she said.
In the meantime, security services that enterprises are “increasingly evaluating” to meet the overall security needs of organizations include managed security services, security operations center, managed detection and response, as well as than endpoint detection and response, Ozturk told the IOC.
Companies are taking a zero-trust approach
Another notion driving the growth of security solutions in Turkey is the idea of taking a zero-trust approach to enterprise security, Ozturk told the CIO. Indeed, half of respondents told IDC they plan to modernize their IT infrastructure in the next 12 months using this approach, she said.
This idea is based on the basic principle of “trust nothing,” but it goes deeper than that and has its roots in historical enterprise security implementations, Ozturk said.
Traditionally, enterprises have been relatively lax in securing applications and networks inside the corporate network perimeter, assuming that anyone with access to the corporate network is a trusted entity.
This has changed over the past decade, not only due to the rise of insider threats, but also due to the increased sophistication of threat actors gaining access to the corporate network using intelligence information. stolen credentials and other means then maintain persistence – which often persists undetected. for months to engage in nefarious activities.
“In Turkey, CISOs and security managers frequently discussed the zero-trust approach in 2021 and updated their strategies in accordance with this approach,” Ozturk said.
That, in turn, means companies often have to modernize legacy solutions, which drives more investment in overall security solutions, she said. “In this direction, institutions plan to renew their IT infrastructure, old security software and hardware in 2022,” Ozturk said.