Security concerns have increased drastically following the events of 9/11 and thereafter. Now these concerns and heightened awareness of the need for comprehensive security measures are translating into actual implementation. Punita Jasrotia examines the trends in the security market and evaluates what the future looks like for this rapidly evolving segment

Security: Top Trends

• Security approach shifting from the desktop to the server or Internet gateway security.
• Overall security market will grow by 30 percent.
• Clear shift from products to a solutions-based approach.
• Outsourced, managed security services model gaining credence but will take a while to mature.
• PKI technology will gain considerable momentum with the growth in Internet transactions.
• Worldwide standards for security will soon be followed in India too.

While the economic slowdown and the incidents of 9/11 have caused a lot of slashing in the growth plans of many business segments, it proved to be a boon for the security market. Not only has there been a considerable increase in the awareness but also adoption of security solutions by the SME segment which until now had avoided security as a ‘futuristic option’. The coming financial year, 2002-03, will witness this awareness translating into implementation, which will give a further impetus to the Security 3A segment (comprising Security Authentication, Authorisation, and Administration solutions). As per IDC, the increasing popularity of both internal and external networks within organisations is expected to increase the demand for 3A solutions and subsequently push its market share from 28 percent in 2001-02 to 34 percent in 2002-03.

Besides the anti-virus, 3A, firewall and encryption segments, areas like PKI (Public Key Infrastructure) technology, formulation of policies, procedures and standards (implementation of regulatory requirements the IT Act 2000 and RBI guidelines for banks), and security training will also play a key role in the growth of the overall security market. PKI, which has been talked about a lot in the past two years, will witness increased activity in the coming year, due to an increase in e-commerce transactions by banks, financial institutions and government departments.

All this will contribute a quantum of two to three percent to the growth of the overall security market taking the tally to 30 per cent in the coming year, compared to a 25-27 percent growth witnessed over the past three years. According to an IDC survey, the Indian e-security market pegged at US $241 million is expected to register a 100 per cent growth in the next financial year with the market growing to US $441 million by 2003.

Industry experts aver that while Internet security has been one of the key drivers for the security market in the past one year, the real impact would be witnessed only this year with an increase in the e-commerce transactions and growing Internet penetration. (Nasscom predicts that e-business transactions will exceed Rs. 40,000 crore by FY 2003-04). While the rate of networking within and between organisations has increased considerably in the past couple of years, the same cannot be said about the implementation of security solutions. As a result, the key security concerns for most of the corporates would be malicious code (which includes viruses, trojans, worms, and hostile ActiveX and Java applets) followed by loss of privacy/confidentiality (which includes abuse/misuse of data) and electronic exploits/tools (including cracking, eavesdropping, and spoofing).

Anti-virus share

The above concerns notwithstanding, anti-virus will continue to command the biggest share in the e-security market (growing at a rate of 60 percent). In the anti-virus market, the Internet gateway segment will prove to be the fastest growing sub-segment (IDC predicts Internet gateway to be the highest growth segment of the anti-virus market, with a projected compounded annual growth rate (CAGR) of 43 percent from 1999 to 2004.

According to Goh Chee Hoh, regional sales director, Overseas Business Unit (OBU), Trend Micro, “There is an increase in awareness among the corporates to shift their security approach from desktop security to the server or Internet gateway security.” It is estimated that 93 percent of all viruses are transmitted through e-mail. However, due to the considerable acceptance and presence of anti-virus solutions in the corporate world, the segment will have a stable growth of around 60 percent in the coming year. Other areas of growth are VPN solutions and firewalls (with multi-layered firewalls being introduced in the coming months). This will also see this segment growing from US $52 million to US $95 million in just 12 months.

Hoh feels that due to the multi-dimensional and complex virus behaviour approach (especially for next generation viruses), the need for Content Security is becoming a key concern. The demand for content security at all layers will induce organisations to buy packaged or end-to-end solutions starting right from the entry point of the Internet Gateway, the e-mail system, the file server and down to the desktop.

Another sector that will contribute growth to the security market is the wireless sector, with an increase in mobile and wireless communication. “With e-commerce transactions shifting from PCs to non-PC devices such as cell phones, PDAs or set-top boxes in the coming years, it would increase the security risks. Wireless transmissions are particularly susceptible to interception and tampering because all one needs to know is the exact frequency at which your wireless system is operating,” says Vishal Bindra, CEO of ACPL.

Outsourced solutions-based approach

While until now security was considered a piecemeal solution, with corporates buying into the most popular solutions (limiting buying preferences to anti-virus and firewall solutions), there is a clear shift from a products market to a solutions-based approach. This will also result in a change in the market share ratio from 80:20 in favour of products, to a more or less 50-50 break-up.

The growing awareness of the complexity of security issues, coupled with an increasing security threat, points to a trend of organisations increasingly outsourcing their security needs. The major services to be outsourced would be firewall, IDS and vulnerability assessment tools. According to industry observers, the key driver for this growth in security outsourcing would be the SME market, which is undergoing a change from awareness to implementation. And with SMEs driving the growth, the market will witness an increasing demand for easy-to-use solutions, which will lead to increasing alliances between the security service and solution providers.

The market will also witness a shift from consulting and integration services that merely put the basic security policy and technology components in place, to Managed Security Services that extend to monitoring and managing security in order to maintain and improve upon the security baseline). The shift towards the integrated services market would further evolve into a managed services market over time. While the present integration services market is pegged at Rs 30 crore (consisting of product provisioning, system implementation and professional services), the managed security services (managed firewall, online intrusion detection, forensics, incident management, managed anti-virus, penetration testing) currently account for Rs 10 crore of the estimated overall security market of Rs 170-180 crore. While managed services are expected to increase in terms of awareness and acceptance, the real revenues will only accrue in the next three to four years. The same will hold true for so-called lifecycle solutions that will take care of the entire security requirements of an organisation, right from the designing to the implementation and then further moving seamlessly into managed services to ensure continued security for the organisation’s business operations.

Banking on security

Another key driver for the security market would be the increasing usage of IT by banks and other financial institutions, which will give a further boost to the demand for ‘encryption security solutions’ (specifically PKI and VPN solutions). According to Ganesh Ramamoorthy, IT analyst at Netscribes, “The Indian banking sector has budgeted spending on technology during 2001-02 at about Rs 200 billion. At an average 1.2 percent of the total technology budget, the budget for e-security in Indian banks should therefore be about Rs 2.4 billion. However, it is understood that this whole budget will not be spent in the current financial year and would spill over to the next fiscal year. Deepak Prasad, director of Rainbow Technologies, is in agreement with this view and he feels that it is PKI technology that will gain considerable momentum with the growth in Internet transactions. As per IDC, over 30 percent of all Internet traffic will be secure by 2004.

Finally, with the market maturing and a growing awareness of the need to implement robust security systems, there would be an increasing need to deliver quality and follow worldwide standards such as BS7799 and ISO 17799.