Increasing threats from more organised sources including governments, bring your own device, virtualisation and cloud computing, social networking for business purposes... When it comes to security the pressure points for New Zealand businesses are coming from all directions.
Worldwide, the security market is a multi-billion dollar industry, and here in New Zealand, IDC estimates it was worth $71.04 million in 2010. Ovum predicts the worldwide market will increase from $16.76 billion at the end of 2010 to $23.3 billion at the end of 2015, with Asia Pacific experiencing even stronger growth because of the pace of technological advance in the region. The research company says the Asia Pacific security software market will reach $4 billion revenue by 2015 – a compound annual growth rate of 10% from 2010’s $2.49 billion.
Add to that the fact that it has consistently out-grown the overall IT market – thanks to the increasing needs and demands for security along with companies seeing exactly what happens if they neglect security – and it’s no wonder that growth is tipped to continue strongly and provide plenty of opportunities for resellers over the next few years.
The Big Three – and a few more besides
Arun Chandrasekaran, Frost & Sullivan research director, ICT Practice, says three key disruptive trends are at play: securing organisations in the virtualised world and driving data privacy in the cloud; the incursion of social media in the business world and securing the mobile workforce.
He says all three areas offer opportunities for resellers, along with ‘immense opportunities in providing managed security services and compliance consulting services’.
"For resellers, security is a specialised function and needs significant investments in terms of people and process. However, security is, and will continue to be, an area where customers spend significant amounts of their IT budgets. To ensure value creation and to garner higher margins, resellers need to move up the value chain, beyond mere product resell.”
Ovum principal analyst Graham Titterington agrees the three major business changes which will grow the market over the next few years and create new opportunities for security suppliers are cloud computing, mobility and the business use of social networking. "The security issues these phenomena raise can be significant and they need to be tackled accordingly,” he says.
Beyond business changes, he says the key trend is the increasing threat from better organised gangs from rival organisations – including governments – wanting to steal valuable data. "They have the resources to ramp up the threat level and to launch the so-called advanced persistent threats, which are difficult to defeat.” He says the competitive market in this region ‘makes this threat a particular concern’.
"Other emerging factors are greater interoperability of systems in different organisations, the use of shared user authentication systems, particularly for customers and partner employees, and the adoption of virtualisation technology,” he adds. "So overall we will see a lot of change, and opportunity, in the security sector over the next few years.”
Titterington says adopting to the changes will provide plenty of opportunity for resellers and systems integrators. "Many of [these changes] are still research issues and so there is scope for integrators to offer advice on the way forward. All aspects of inter-organisation interaction offer opportunities for system integrators. Resellers can all add this customer-specific deployment angle to the products they resell.”
He says much of the future investment from enterprises will be in encryption software, along with advanced encryption key management environments, as these play a key role in the fight to protect sensitive and valuable data from hackers. "Other key investment targets will be new types of anti-malware protection to counter the huge threat the Internet poses.”
IDC’s senior market analyst, Vern Hue, who gives mobile security and the emergence of BYOD the nod as the biggest trends in security, adds that data leak prevention is also seen as a new way of helping organisations avoid the accidental and deliberate release of data from companies, and is increasingly playing a crucial part in an organisation’s risk and governance programme.
"We’re seeing increasingly that organisations, both enterprises and SMBs are slowly ceding control of their on-premise security and using a cloud-based solution along with their on-premise solutions. We are also seeing that organisations are beginning to move away from point solutions to a solution suite and provisioning a portfolio of solutions from the cloud,” Hue says.
As to upcoming opportunities for resellers, Hue says for all that has been said and done, malware is still a vital discussion for both enterprises and SMBs. The threat is consistently proving a thorn in their sides, and the sophistication and frequency of attack has been exponentially increasing, evading traditional anti-malware and firewalls. "New risk strategies will need to be considered and resellers and system integrators will need to ensure they are well equipped technically as end-users are increasingly abandoning point solutions in favour of a solution suite and the partners are seen as trusted advisors as they often have the ability to manage and monitor the accounts,” Hue says.
Not just a lock-down
But while much of the focus of security remains on locking down networks, Scott Robertson, Watchguard vice president Asia Pacific, channels and alliances, says productivity should also be a key discussion. "The focus for the reseller community should be to understand security and also how security can enable business to not just lock down the relevant areas, but also to build around productivity,” he says. "And that’s a discussion that goes beyond just the IT department into HR, finance and [with the introduction of the Copyright (Infringing File Sharing) Amendment Bill] legal.”
Robertson says the proliferation of Web 2.0 sites, along with social networking, has brought about a new battleground for security and a ‘real pain point for businesses’. "Companies, and people in general, are interacting more with online media – including interaction with Facebook, YouTube and other social networking sites – and we see the web as the battleground at the moment.”
He says companies seeking to attract Gen Y and Gen X staff are looking to be social networking friendly, but still have the tools to ensure they have the security in place to manage it. Where once the aim was to lock access to social networking sites, now companies are instead seeking to provide granular access – allowing staff to access Facebook or Skype but not transfer files, for example.
Meanwhile, Robertson says the introduction last month of the controversial Copyright (Infringing File Sharing) Amendment Bill has also prompted increased interest in security options.
Robertson, who was in New Zealand speaking with resellers when the bill came into force, says channel partners ‘are telling us they need a tool businesses can use to ensure staff are not downloading bit torrents, peer to peer and so on’.
The bill can see infringers liable for up to $15,000, with companies liable for the action of their employees.
"When we see some attachment of cost to something like this, it raises the profile considerably,” Robertson says of the potential fines.
Meanwhile, Frost & Sullivan’s Chandrasekaran says resellers need to do a better job of articulating the return on investment in security investments. "In many organisations, security is viewed akin to ‘insurance’ and channel partners have an onus in demonstrating the business value of security.” He says security is a specialised function for resellers, and needs ‘significant investments in terms of people and process’.
Mark Joynes, Entrust director of product management, says there is currently ‘a perfect storm going on and significant change’ in the security market, with the consumerisation of endpoints in the mobile arena.
Entrust provides identity-based security solutions, and provides the PKI (public key infrastructure) technology behind New Zealand’s ePassports.
Joynes says identity-based security comes down to three key areas – user based identification, machine or device, and application. He says the consumerisation of end points in the mobile area is providing challenges
with increasing threats targeting the mobile environment. Joynes says soft tokens are one option and suggests channel partners discuss with their customers what challenges they are facing in terms of legacy hard tokens. "They may need to move to a more contemporary platform in terms of mobility,” he adds.
People problems – reseller opportunities
Kelvin Rundle, director of security engineering, Asia Pacific for Sourcefire, says one situation which is exaggerated in New Zealand, over the United States or United Kingdom, is the ability for companies to recruit, train and retain specialist security staff. "There are not enough highly trained security people in New Zealand – within companies IT staff usually have to work across the full range – desktop admin, server admin, security... They’re not specialists.
"So from a reseller or channel perspective, they need to be looking at products with a high degree of automation – which traditional security products often don’t have,” Rundle says. Resellers aren’t immune the problems around acquiring and retaining staff, Rundle notes, advocating that resellers invest in training and up-skilling of existing staff to ensure they can best take advantage of the burgeoning market.
He says another trend is that firewalls ‘are not enough anymore’. "The majority of attacks are application focused and firewalls can’t tell the difference between good and bad traffic. Virtualisation and cloud is also adding complexity to protecting company data.
"So you need to complement or supplement traditional security offerings with products that are application focused...
"But one of the keys to being a successful security reseller is understanding the business requirements around security, balancing risk and reward and keeping abreast of the latest threats and trends.”