While regulation and compliance drive the vulnerability assessment market in many countries, the service is still considered a "company luxury" in SA.
This is according to CEO and founder of Telspace Systems Dino Covotsos, responding to research published by Frost & Sullivan yesterday. "SA is still quite far behind international trends in terms of companies getting vulnerability assessments done and completed," he adds.
While the technologies and methods for vulnerability assessments and penetration testing are on par with international standards, many local companies are not investing in having their networks tested.
He says regulations have forced many countries to perform regular assessments and most of those companies set an annual budget for testing, since it is "considered a necessity".
"South African companies should be paying more attention to these assessments and should be following international trends. We are still finding many large corporate companies in SA that have never had an assessment done. Some of them still think there is no requirement for them."
Covotsos adds it is a frightening local trend, since much of the information carried across networks can be sensitive.
Frost & Sullivan's new research shows the global market for the service is booming, earning $297.5 million in revenue in 2007. The research firm estimates this will more than triple by 2014, creeping in at just under $1 billion.
However, the local market has only recently started discussing and implementing regulations around vulnerability checks. Most notable is the Protection of Personal Information Bill (colloquially known as the Privacy Bill), which aims to promote the protection of personal information processed by private and public bodies.
The Bill is expected to impact the way companies acquire, use, store and protect personal information, which may show an increased interest in vulnerability assessment and penetration testing.
"Growth in this market has traditionally been driven by the fear of penalty, and will be further spurred by renewed focus on existing laws and passed deadlines," says Frost & Sullivan analyst Chris Rodriguez.
Related stories:
Security assessment gains traction
MS not the culprit
Four MS patches 'critical'
Bluetooth opens vulnerability window
Share