Security: getting proactive about it

Integrated appliances are the flavour of the season as India Inc gets serious about security and starts taking a proactive approach, says Abhinav Singh

The growth of the Indian security solutions market exceeded the expectations of most analysts last year. This momentum is expected to continue in 2005 as security war chests are expected to be opened wide this year. Analysts from Frost & Sullivan say that the growth of the network security market in India will exceed the projected growth rate of 32.4 percent in 2005. The IT and BPO industry will be the biggest consumers of security solutions.

2004: beyond expectations

Frost & Sullivan had pegged the growth of the security market at 38 percent for 2004. Although the final numbers are yet to be released officially, the analyst firm expects the network security market to have grown by 45 percent (valued at $45 million) in 2004 up from $29.9 million in 2003.

IT and BPO drove the market last year, accounting for 40 percent of network security purchases. The BFSI sector was a close second with a contribution of 30 percent. Government, manufacturing and SMB (Small and Medium Businesses) contributed the remainder.

Of the overall network security market, firewalls are expected to have grossed $22.5 million in 2004, VPN $14.5 million, and IDS (Intrusion Detection Systems) $8 million.

Shantanu Dasgupta, Industry Analyst, Technology Practice, Frost & Sullivan, attributes the robust growth of IDS to customers who had already invested in VPN and firewall, adding one more layer of security. 2004 saw the debut of Intrusion Prevention Systems (IPS) that aim at taking a proactive approach to network security by attacking the root cause of the problem rather than detecting a problem and then fixing it. The Indian IDS sub-segment grew by 65 percent to rank among the fastest growing in the APAC.

Last year also witnessed the growth of SSL VPN, estimated at $1.2 million by Frost & Sullivan. The principal players in the Indian SSL VPN market are Juniper Networks, Aventail, Nortel and NetScaler. Dasgupta says, “The SSL VPN market is new in India but it is expected to mature in 2005. The total cost of ownership (TCO) of installing and maintaining an SSL VPN network is lower than that of IPSec VPN.” Additionally, the overheads associated with the latter technology such as installing IPSec-VPN clients on each desktop are avoided in the case of SSL VPN.

Another significant trend observed last year in the security market was the emergence of integrated security appliances combining the capabilities of firewall, VPN, IDS and anti-virus (AV) coupled with anti-spam. The market for integrated appliances in India was close to $1 million in 2004.

Security appliances are well-suited to the needs of organisations with more than 500 users.

As far as the AV market is concerned, there was steady demand for these solutions, and the popularity of AV products continued as enterprises continued to buy them. The demand for anti-virus products will sustain in the years to come.

2005: BPO & IT to fuel growth

This year the IT and BPO segments will drive the security market. Dasgupta remarks, “The IT and BPO segments need to handle online customer transactions that concern sensitive customer data. Hence, security is a major cause of concern for them.” With regulations such as the Sarbanes-Oxley Act (SOA), TurnBel in Britain and the HIPPA for healthcare affecting Indian IT and BPO companies, they will need to go in for foolproof security networks this year to adhere to international regulations.

2005 will also see banks go online and continue the ongoing build-out of their ATM networks. Comments Dasgupta, “The spending from the government sector on network security should also show an increase in 2005 as there is a trend where government is investing in e-governance projects and computerisation programmes, which in turn are expected to fuel the investment on network security.”

The SSL VPN market is expected to grow speedily as the technology is maturing. It will grow faster than IPSec, although on a smaller base. Both these markets will grow steadily in 2005. Dasgupta of Frost & Sullivan comments, “The IPSec VPN market is expected to grow by 35 percent while the SSL VPN will grow by 60 percent in 2005. Growth will be driven by those companies that have offices spread across geographies and have a mobile workforce which needs to be securely connected to the [head] office.” The IPSec VPN market was worth $13.2 million last year.

The IDS market is expected to grow 40 percent in 2005. The concept of IPS, which was introduced in the market in 2004, is expected to evolve in 2005.

Multi-function boxes

The nascent integrated security appliance market in India will see appliances being offered that combine multiple security features in a single box. These multi-function boxes that come with integrated firewall, VPN, IDS, anti-spam and anti-virus will be popular in 2005. 2004 saw an increase in broadband penetration, but brought along with it a number of content-level blended threats. Appliances have proved their capability to perform deep packet inspection (looking inside e-mail attachments, downloads and the like), thereby eliminating content level threats and ensuring secure content-level management.

In 2005 we hope to see players in the integrated appliance space forging alliances to complement each other’s products Vishak Raman Country Manager—India Fortinet Inc	SSL is not always the right technology. IPSec is a more viable technology when it comes to intra-enterprise site-to-site connectivity Jagdish Mahapatra Business Development Manager Cisco Systems, India & SAARC	Although the emphasis will be on intrusion prevention rather than detection, we are expecting an increasing number of attacks in 2005 Ambarish Deshpande Head, Channel & Consumer Sales Symantec India	The government and education segments want to have content and URL filtering at the gateway level to prevent users from accessing unwanted Web sites Harish Chib Vice-president, Marketing Elitecore

The appliance advantage

India Inc. is expected to invest in security appliances on account of the ease of manageability that these appliances offer. Appliances are easy to configure, and deployment is smooth. What’s more, these boxes can be efficiently monitored from a central location. Due to the ease of manageability, security appliances have helped organisations cut down on staffing costs as they can manage security with fewer people. Another bonus is that using appliances permits organisations to do away with licencing fees that would otherwise have to be incurred on software-based security solutions.

In the past, organisations faced accountability issues while maintaining SLAs with vendors as each area of security was handled by a separate vendor. Whenever a security breach occurred, it became difficult to get the matter resolved as no one was willing to take the responsibility for the breach. But with security appliances, CIOs can turn to a single vendor for support and hold the vendor accountable.

Even vendors are bullish about appliances. Says Ajith Pillai, Country Manager-India, WatchGuard Technologies, “Last year integrated security appliances accounted for 80 percent of our Indian sales.”

Organisations having 100 to 1,000 users are prime customers for the company. As of now it has 500 Indian customers, and it intends to tap B&C cities this year.

Fortinet, Inc has also had some big wins in the recent past, bagging orders from Air-India, Ramco, Biocon and Lason. Says Vishak Raman, country manager-India of Fortinet, “In 2005 we hope to see players in the integrated appliance space forging alliances to complement each other’s products, and then bundling [these products].”

Elitecore has the Cyberoam appliance, and over 500 deployments at companies such as Chambal Fertiliser & Chemical, Government of Gujarat, BSNL, Indian Institute of Management-Bangalore, National Dairy Development Board, Indian Institute of Remote Sensing and Bharat Heavy Electricals. Says Harish Chib, the company’s Vice-president for Marketing-Products, “We have seen a strong push from the government and education segments for our product. They want content and URL filtering at the gateway level to stop users from accessing unwanted Web sites.”

A tale of two VPNs

Last year there was considerable debate about which VPN technology would dominate this year—SSL or IPSec. Many believe that SSL VPNs will eventually replace IPSec. That said, both technologies are poised to co-exist in 2005; they already do so at many enterprises, with iGATE Global Solutions being just one example.

SSL and IPSec are both standards-based protocols that are widely deployed. IPSec operates at the network layer whereas SSL operates at the application layer. As SSL is independent of operating systems, it is possible to offer a secure environment for remote users who are, for example, accessing the corporate network from non-secure end-points using a standard Web browser in a cyber cafe. IPSec VPN is ideal for providing high-performance security for site-to-site VPNs where the remote user has managed secure access to the VPN through, say, a notebook issued by his employer.

“SSL is not always the right technology. IPSec is a more viable technology when it comes to intra-enterprise site-to-site connectivity, and it works better when traffic from a large number of applications needs to be secured. All flavours of VPN have their pros and cons,” says Jagdish Mahapatra, who is the Business Development Manager, Cisco Systems, India and SAARC.

IPSec VPNs can be used to connect remote or branch offices to each other or to the head office. Muthu Kumar M, Managing Director, Aventail India, has this to say, “IPSec VPN is traditionally meant for office-to-office connectivity, but SSL VPN is best suited for remote connectivity as it facilitates the same level of secure access to an employee on the move as he would have working onsite. We expect organisations that want to connect employees from far-off locations in a secure way to opt for this technology.” SSL VPN offers advantages over IPSec because it is found everywhere, is inter-operable, and offers ease of configuration and network layer transparency. SSL VPN can be used to provide access from any Web browser that supports SSL; all the leading brands do. SSL VPN fits into existing systems in a transparent manner, and is relatively easier to configure.

Cisco Systems is the leader in the Indian market for IPSec VPN. Its clientele includes the likes of State Bank of India, Vijaya Bank and HCL Technologies. In the SSL VPN space, Juniper Networks, Aventail and NetScaler are market leaders. Aventail recently bagged two customers for SSL VPN: Marico Industries and iGATE Global Solutions.

Remarks Rakesh Singh, General Manager-Asia Operations, NetScaler, “The market will mature in 2005.” Large organisations with mobile workforces needing remote connectivity—banks, ISPs, e-businesses, BPOs and e-traders—will deploy SSL VPN.

Java Girdhar, Country Manager, India & SAARC, Juniper Networks, says, “Indian mobile operators are rolling out new platforms to deploy mobile data applications. Cellular operators are also gearing up for metro Ethernet roll-out. This presents an immense opportunity for SSL VPNs to enable facilities such as on-line trading, working at home and mobile connectivity—as long as the connection can be made secure.”

abhinav@expresscomputeronline.com