The security burden of moving to remote working during the COVID-19 pandemic, an ever-evolving technology and threat landscape, and a zero trust approach to corporate security will significantly boost overall spending on cybersecurity technology in Turkey over the next several years, according to new research by IDC.\n\nTurkey\u2019s security technology market is forecast to grow from $247.43 million in 2020 to $344.89 million in 2025 on the back of strong activity in the top three segments of the market \u2014 security software, IT services and security appliances, according to a recently released IDC report.\n\nOf those markets, software has the largest share, according to the report by Yesim Arac Ozturk, IDC research manager for IT security in Turkey. The security software market in Turkey has 43.2 percent of the overall security solutions market and grew 6.4% year over year in 2020 to reach US$106.97 million, according to IDC.\n\nIT security services was the second-largest segment in 2020, with a market value of $73.19 million for a 29.6% share of the overall cybersecurity market. The security appliance segment \u2014 thanks in part to a growing investment in unified threat management appliances to act as gateways at the network perimeter \u2014 rounded out the top three segments with a 27.2% share, according to the report.\n\nLike most countries, Turkey faced security complexities when the start of the pandemic in 2020 spurred hasty government policies that forced people working in offices to do their jobs from home if it was possible. This led to security configurations for remote workers that did not have the same standards as ones they would typically find at the office, Ozturk said.\n\nPandemic affects cybersecurity standards\n\n\u201cWith the COVID-19 outbreak, companies that focused on quickly working their employees remotely could not attach the necessary importance to security,\u201d she told CIO in an email interview.\n\nCSOs prioritized employees\u2019 and customers\u2019 secure access to applications and services they needed to do their specific jobs, she said. However, proper attention to perimeter security \u2014 an ever-changing landscape due to the \u201crapid increase in endpoints\u201d \u2014 as well as identity and access management using technologies such as multi-factor authentication could not be properly addressed, Ozturk said.\n\nInvestment in cloud technologies also increased during the pandemic, and the cloud environment has become many companies' second or third choice for disaster recovery, according to the report.\n\nHowever, in the security landscape, the use of cloud-based security software is rising only very slowly, and mainly among companies with hybrid IT environments. The majority of interest in cloud technologies is exhibited primarily in the rapid shift of endpoint software to the cloud, Ozturk said.\n\nStill, according to recent IDC survey data, the majority of organisations using cloud services to some extent plan to increase their use of cloud security in 2022, she added.\n\nTurkey\u2019s focus on security going forward reflects this evolving security landscape, which not only the pandemic but also other factors like the \u201cdisappearance of perimeter\u201d have introduced, she said.\n\nSpending on identity and access management rises\n\nThis is especially true in terms of security software, in which investments in identity and access management have accelerated, Ozturk said.\n\n\u201cParticularly, interest in privileged access management solutions is increasing,\u201d she said. This also means that some more legacy security markets\u2014like security information and event management (SIEM)\u2014are taking a financial hit, Ozturk said.\n\n\u201cWe do not see the million-dollar traditional SIEM investments anymore,\u201d she told us. \u201cInvestments in the SIEM field are mostly concentrated on security services.\u201d\n\nSecurity services involve a holistic view of all activities necessary to plan, design, build and manage secure network infrastructures and comprehensive security programs, according to IDC. These services can be either purchased discretely or bundled with other services.\n\nTurkey\u2019s current growth is security services has been influenced by the lack of expert human resources and general knowledge within companies about how to secure a new generation of technology investments \u2014 such as cloud computing and hybrid IT environments \u2014 as well as protect against increasingly sophisticated cybersecurity threats, Ozturk said.\n\nAt the same time, organizations are having a hard time retaining valuable and qualified security professionals within the organisation \u2014perhaps the biggest headache for Turkey\u2019s CIOs and CSOs, she said.\n\n\u201cThe turnover times are getting shorter every day, so a limited number of security teams have to take on a huge workload,\u201d Ozturk said.\n\nThis not only is leading to more outsourcing of security services, but demonstrates that \u201cthere is a need for a reformist approach in training security experts in Turkey,\u201d she said.\n\nIn the meantime, security services that companies are \u201cevaluating more and more\u201d to meet organizations\u2019 overall security needs include managed security services, security operations center, managed detection and response, and endpoint detection and response, Ozturk told CIO.\n\nCompanies embrace zero-trust approach\n\nAnother notion driving the growth of security solutions in Turkey is the idea of taking a zero trust approach to corporate security, Ozturk told CIO. Indeed, half of survey respondents told IDC that they are aiming to modernize their IT infrastructure over the next 12 months using this approach, she said.\n\nThis idea is based on the basic principle of \u201ctrust nothing,\u201d but it goes deeper than that and has its roots in historical corporate security implementations, Ozturk said.\n\nTraditionally, companies used to be relatively lax at securing applications and networks inside the corporate network perimeter, assuming that anyone who had access to the corporate network was a trusted entity.\n\nThat\u2019s changed over the last decade or so not just because of the rise of insider threats, but also because of the increased sophistication among threat actors that gain access to the corporate network using stolen credentials and other means and then maintain persistence- \u2014 often lingering undetected for months to engage in nefarious activities.\n\n\u201cIn Turkey, CISOs and security managers frequently discussed the zero trust approach in 2021 and updated their strategies in line with this approach,\u201d Ozturk said.\n\nThis in turn means that companies often must modernize legacy solutions, further driving more investment in overall security solutions, she said. \u201cIn this direction, institutions are planning to renew their IT infrastructures, old security software and hardware in 2022,\u201d Ozturk said.