Internationally renowned security technologist Bruce Schneier once said: “The mantra of any good security engineer is: security is a not a product, but a process. It’s more than designing strong cryptography into a system; it’s designing the entire system as such that all security measures work together.”
As more data is shared across the internet between organisations and unmanaged endpoints, enterprise boundaries become more blurred and concerns increase in regard to data leakage and manipulation. This is positive from a reseller point of view, as it gives you the opportunity to step in and encourage greater use of application layers and data layer security controls.
Gartner estimates that total spending on security technology is expected to reach over $20 billion this year alone. A report entitled Key issues for technology providers: Security markets, 2010, states that changes in product delivery and pricing schemes are two key trends making an impact on the market, with a shift away from traditional licensing methods. A global survey of endusers, conducted by Gartner in 2009, showed that, on average, 13% of IT security budgets are spent on functions delivered as Software as a Service (SaaS), or via providers of managed security services.
“Security as a service allows organisations to utilise operating budgets rather than capital expenditures. Also, a Software as a Service method helps to lower switching costs and minimise infrastructure maintenance and operating costs, providing functional improvements without the need to upgrade infrastructure and, thus, lowers the cost to deliver security controls or functions,” states the report.
Surveys carried out by Gartner in Asia- Pacifi c over the past year have revealed there is increasing interest in purchasing the ’as a service’ delivery model. Revenue growth in this area has also been outpacing more traditional software product sales, with message security and secure web gateways big contributors. This “big growth area” is set to boom further, according to Gartner Research Director for Security and Infrastructure, Rob McMillan.
McMillan also addresses the hot topic of cloud, highlighting the security issues that go hand-in-hand with its implementation.
The Channel • October 2010 11 “Cloud is a lot like outsourcing. The security issues that had to be solved when outsourcing kicked off, also apply to the cloud; you need to have a good idea about identifying and knowing what to do with the data,” says McMillan, who advises resellers to approach clients with ideas on the private cloud in the fi rst instance, then progress on from there.
Mobile data protection
Mobile data protection tools, such as software and hardware that encrypt information on fi xed and removable storage devices, continue to drive sales in the security space and support more than a dozen vendors. The loss or theft of data from mobile devices is one of the largest and most damaging data exposure risks that a company can face. Gartner stated in the Hype Cycle for data and application security, 2010, that while users are still disappointed with product complexity and usability, “public outcry over high-profi le data leakage ensures that this product category continues to sell”.
The research fi rm continues to receive constant inquiries regarding notebook computer encryption. However, a large proportion of companies still have little or no protection implementations in place, as they believe they can identify the systems that contain highly sensitive data. Gartner emphasises that data encryption is a necessary standard practice; a worthy fact to keep in mind when pitching to your clients.
Notebooks, in particular, have been generating the most interest, sales, and installations of mobile data protection. It is interesting to note that the most underreported data leakage is occurring through smartphones and PDAs.
“Enterprises are fi nally paying attention to security on smaller devices, but the higher proportional cost to add security to devices that are otherwise much cheaper than PCs, often leads to minimal security policy enforcement,” reveals Gartner. The number of personal devices containing sensitive data is also increasing due to the continuing trend for the purchase and use of non-company devices by employees and contractors.
Data protection is one of the fi rst investments a company should make on a mobile platform. It is considered wise to include data protection in the plan for the standard image, administration, and maintenance of all devices. As encryption does not directly contribute to productivity, the business value for data protection can appear low. Point out the laws, combined with the increasingly harsh penalties that come when they are broken, as a means to raising awareness of the advantages of data protection. Most companies will want to avoid the costs of embarrassment, lost intellectual property, business deals and reputation, not to mention legal and civil penalties.
Compliance remains an important driver in the security space, pushing the growth of solutions such as SIEM (security information and event management). According to IDC’s Security Analyst, Vern Hue, companies of all sizes are continuing to seek ways to develop appropriate risk management strategies.
“The adoption of SIEM also follows the fear of zero-day attacks, signalling the need for event-based security monitoring versus signature based detection,” Hue says. He goes on to say that there is a growing trend of SIEM integration with alerts from surveillance and other physical security systems.
Gartner’s Forecast analysis: Security software markets, worldwide, 2009-2014, 2Q10 update, confi rms that Integrated Asset Management (IAM) technology is a crucial element of enterprises’ security strategy. Approximately 8% of Gartner clients’ security budgets are dedicated to this area and the IAM market is expected to reach more than $12 billion by 2014.
The same report points out that the recent trend of technology and vendor consolidation is expected to continue; smaller vendors have become attractive acquisition targets as they fi ll product functionality gaps for larger vendors. “This consolidation continues to cause market disruptions and uncertainty as market momentum shifts between best-of-breed and suite/platform software vendors; although the overall security software market is gradually moving from a best-ofbreed- based approach to a suite/platform orientated purchasing trend.”
The Asia/Pacifi c region continues to be a leading emerging economy in the security market, with a projected compound annual growth rate of more than 6% through to 2014. Social and legal infl uences are driving greater use of data and application security products as individuals demand superior care be given to personal data. The impact of the new payment card industry security standards, combined with contractual requirements and a growing sense of threat to intellectual property, means this market is full of opportunities.