I just got back from a week long trip to Japan. I met with a few members of the press (if you read japanese, check out this article in the Nikkei BP's IT Pro magazine...I hope they got all my quotes right ;-) as well as partners and customers. I also presented a
session on Data Governance Trends for a full house seminar put on by
Imperva distributor Tokyo Electron
My main conclusion after a week in Tokyo is that Application Data Security is thriving in Japan. Database security and database activity monitoring have been a strong market in Japan for the last year or eighteen months, primarily as a result of "J-SOX" (J-SOX is an informal name, the formal name is Financial Instruments and Exchange Law. It is similar to Sarbanes-Oxley in the US). While I was there, this article (also in ITPro and written in Japanese) was published about Imperva DMG customer, Ace Insurance.
What struck me was the number of questions I got about PCI. It came up in literally every meeting I had in Japan. In my seminar presentation, I summarized where I think we are with PCI in the US (strong enforcement push by the card brands and adoption considerably underway) and in Eurpope (about 18 months behind the US on the enforcement/adoption curve, but currently meeting strong resistance and resentment). I left my Japan comments blank, but throughout the week I drew the conclusion that while Japan is just starting out with PCI (I'd guess 9 months behind Europe), I think that adoption in Japan will overtake Europe fairly soon.
I'm not sure if I know why, but my guess is that after a strong J-SOX push, the Japanese companies are more like US companies...they've been though the pain of a regulation once already, so they see a bit of the inevitablity. Also, very much like the Americans - they DO NOT want to have to do data governance manually...so most of the questoins were about things like "How do I automate my compliance process?" and "What's the comparison of operational cost for code review/vulnerability scanning versus WAF?" (and yes, I explained why you need all of these things to work together).
My main conclusion after a week in Tokyo is that Application Data Security is thriving in Japan. Database security and database activity monitoring have been a strong market in Japan for the last year or eighteen months, primarily as a result of "J-SOX" (J-SOX is an informal name, the formal name is Financial Instruments and Exchange Law. It is similar to Sarbanes-Oxley in the US). While I was there, this article (also in ITPro and written in Japanese) was published about Imperva DMG customer, Ace Insurance.
What struck me was the number of questions I got about PCI. It came up in literally every meeting I had in Japan. In my seminar presentation, I summarized where I think we are with PCI in the US (strong enforcement push by the card brands and adoption considerably underway) and in Eurpope (about 18 months behind the US on the enforcement/adoption curve, but currently meeting strong resistance and resentment). I left my Japan comments blank, but throughout the week I drew the conclusion that while Japan is just starting out with PCI (I'd guess 9 months behind Europe), I think that adoption in Japan will overtake Europe fairly soon.
I'm not sure if I know why, but my guess is that after a strong J-SOX push, the Japanese companies are more like US companies...they've been though the pain of a regulation once already, so they see a bit of the inevitablity. Also, very much like the Americans - they DO NOT want to have to do data governance manually...so most of the questoins were about things like "How do I automate my compliance process?" and "What's the comparison of operational cost for code review/vulnerability scanning versus WAF?" (and yes, I explained why you need all of these things to work together).
Leave a comment