The last year has been a rocky road for IT budgets, as predictions for the security market have attested. In a March 2009 paper entitled Is Security a Luxury in a Declining Economy?, Gartner analyst Jay Heiser wrote: "As organisations suffer declining cash flows and fall further into debt, many will be forced to make security cutbacks that would not ordinarily be considered acceptable." Heiser went on to say that while a basic level of security is no luxury, the desire for CIOs to overprotect will increasingly be overridden by the need to cut back on the security budget, allowing security risks that would be unacceptable during normal times. That security might be compromised due to lack of budget is a startling fact.
At the time, predictions showed that many organisations would spend less on security during 2009 and 2010; however, most Gartner clients expected to spend slightly more on security in 2009 (unless revenue fell below a critical point). In May 2009 Gartner released another paper, Market Trends: Asia/Pacific Security Software Markets Will See High Growth Rates Through 2013, which had a more positive tale to tell.
In the introduction, the research firm stated: "Spending on security is estimated to be impacted by a worsening economic downturn affecting the global economy at the end of 2008 and into 2009; however, Gartner estimates overall security software markets to be among some of the fastest-growing. A worsening threat landscape and an ever increasing reliance on IT to conduct business mean that investments will be increasing in this area."
Interestingly, although security doesn’t come anywhere near the top of the technology priorities list for CIOs in 2009, languishing at number nine (in previous years it had been creeping up into the top five spots), a survey of IT managers shows that security is a spending priority. This suggests that the top-level bosses no longer consider security because they just expect it to happen, so perhaps we can expect the market to grow in this area after all.
Indeed, the whitepaper on market trends estimated the total security software market in Asia/Pacific will grow at a 14.8% CAGR (compound annual growth rate), from $897million in 2008 to $1.79 billion in 2013. New Zealand in particular has a forecast of 13% growth rate for security software revenue from 2008-2013. "Mature markets/countries, such as Australia, New Zealand, Hong Kong and Singapore, will have modest growth because these markets are largely exposed to export and re-export trade and are severely hurt by reduced demand for commodities and finished goods during the global economic recession," explains Gartner.
Growth and opportunity
However, the paper goes on to highlight particular areas of growth that you would do well to focus on: appliance-email security boundary and other security software are the fastest-growing sub-segments, with a CAGR of 25.9% and 26.3%, respectively. This high growth is due to the increase in email usage and its related security issues, which then lead to hardware appliance growth adjacent to the email security boundary. Within other security software, there are emerging technologies, such as DLP (data leakage prevention), role life cycle management and mobile data protection, that are growing more than 50% year over year and will continue to perform above average between 2008 and 2013. The email security boundary, security information and event management and appliance (SIEM) sub-segments are experiencing medium growth, although as emerging areas of security they start their growth from a smaller base. The traditional enterprise and consumer anti-virus segments will have a relatively lower growth rate, being mature sub-segments. For a more detailed breakdown of the market segments and areas of opportunity, see the table below.
Follow the trend
At present the security software market is fragmented, but as companies increasingly seek to rationalise their software infrastructure and to improve the maintenance and management of their established variety of security tools, there is a desire for consolidation. "This desire to reduce the number of suppliers is leading to a shakeout of vendors and a standardisation of security software platforms," says Gartner. Market convergence is on the horizon, but it takes more time for the Asia/Pacific region to follow.
Added to this, security-as-a-service is also gaining popularity, with 41% percent of organisations surveyed by Gartner putting more than 10% of IT security spending towards it. "The current adoption of security-as-a-service is small, but it is believed to be growing fast," says the report. In fact, security-as-a-service and open-source security adoption are emerging technologies in the Asia/Pacific region, and will become more popular. Their adoption is likely to increase in the next 12 months, although the spending in these areas still only represents a small fraction of total IT security spending.
Overall, things are improving in the security area. A recent survey of more than 1000 IT professionals worldwide shows that security spending will outpace overall IT spending in 2010. "Even the modest growth rates anticipated – in both software and services spending – are meaningful in a
time of economic uncertainty and constrained enterprise resources," explain Gartner analysts Adam Hils and Ruggero Contu. Security software budgets are expected to grow by approximately 4% in 2010, outpacing all other areas of infrastructure software; security services budgets are projected to grow almost 3%, significantly outperforming other service areas.
These figures demonstrate that security is still a must-have, despite the impact of the recession. It will be no surprise then, that the Gartner Predicts 2010 security paper, released last November, was entitled:
Predicts 2010: Infrastructure Protection Is Still Not ‘One Size Fits All’. Infrastructure protection (enterprise requirements and the technologies to address those requirements) continues to change rapidly and Gartner has identified three areas of increasing future importance that you might like to consider:
Compliance requirements and the need to protect sensitive data are driving growing enterprise adoption of content-aware data loss prevention (DLP) technologies – but few DLP capabilities are being implemented on a holistic basis. Gartner predicts that by 2014, more than 50% of enterprises will have some form of content-aware DLP capability, but only 15% will have an enterprise-wide, content-aware DLP solution or strategy.
The Domain Name System (DNS) continues to represent a serious internet security problem, but implementation complexity continues to prevent the primary solution — Domain Name System Security Extensions (DNSSEC) — from being widely implemented; however, by 2014, Gartner predicts that 30% of all DNS lookups will be signed with DNSSEC.
Small and mid-size businesses (SMBs) are becoming more comfortable with cloud-based email security delivery models, and vendors are responding with joint appliance/cloud offerings. Gartner suggests that as soon as by the end of 2012, adoption of cloud-based services will drive a doubling of multifunction firewall deployment by SMBs.