Print

Comment

Email

Digg

Del.icio.us

Reddit

As network security emerged as a prime concern in networked companies, network security services gained traction among both large and small enterprises. There was a growing adoption of security as an outsourced service. While the level of involvement of small companies largely remained confined to mostly hiring virus/worm protection services, large customers especially in the banking and finance, and BPO along with the government sector space have emerged as a growing market for network security service providers. There are two clear distinctions in the network security services market in terms of the kind of services offered-professional services like consulting on network security design, processes, gap analysis, certification etc., and managed services like firewall management, intrusion detection, security audits, vulnerability assessment, penetration testing and the like.

Services that picked up in 2003–04 belonged to either of these two categories. The scope of security consulting and audit for certifications like BS7799 (the only globally accepted security standard), drawing of RFP, security architecture design etc got a favorable response from customers. Also, what was good for network security service providers was the fact that there was a significant increase in the average value and scope of security consulting assignments. While the average value of a typical consulting assignment doubled from Rs 3–4 lakh to Rs 8–10 lakh, customers began looking for more end-to-end kind of consulting instead of taking a piecemeal approach. In the managed security services space, 24/7 monitoring of networks, and alerting and security management services picked up quite well.

The network security services market in FY 2003–04 was estimated to be around Rs 37.4 crore as against Rs 33.5 crore in FY 2002–03, registering a 12 percent growth. HCL Comnet emerged as the market leader with a 23 percent share (Rs 8.5 crore). At Rs 8.4 crore, Datacraft was a second. Wipro was the third important player in the market with a 17.5 percent market share.

One of the major drivers of the security services business was the building up of a realization among the enterprises and corporates that security was not just about deployment of tools and technologies, services were also very critical. In other words, there was a growing acceptance of the fact that for security deployments to be effective, they must be effectively supported by the required array of services. Moreover, services also got a boost because many companies, especially in the banking-finance and BPO sectors, started adopting security best practices driven by external factors like regulations (in case of banks) and client requirements (in case of BPO companies). While banks have always been the early adopters of security best practices, in 2003–04 BPO companies emerged as key customers. For BPO companies, security is one of the key business drivers as their clients insist on a certain level of network and information security before awarding contracts.

What is still not happening is vulnerability assessment. Security breaches happen because of exploitation of vulnerable points on the network. Surprisingly in India, vulnerability assessment is still to pick up. Even a security service provider like HCL Comnet, which is clearly one of the pioneers in security services in India, did only 1,000 scans in a year of network devices, databases, applications etc., for finding possible vulnerabilities. However, the same HCL Comnet did 15,000 scans for its 10 global customers during the same period.

Among the large network integrators, HCL Comnet, Datacraft, Wipro Infotech, Network Solutions, GTL, Tulip IT Services, and Sify were the key players in the network security services market in 2003–04. Most of these companies offered either professional or managed security services or both and combined onsite and offsite delivery depending on the customer's needs. HCL Comnet with 40 customers (including 10 global ones) was clearly a leader in the managed security services segment. Among the small companies, the Netmagic Solutions and Secure Synergy were noteworthy for their significant gains in the market. Mumbai-based Netmagic had over 120 customers, distributed across its various network security services. NetMagic offered both professional services as well as managed security services using both onsite and remote models. Secure Synergy, among other things, offered managed virus protection services in association with Network Associates. Among other significant players in the security services space was ICICI Infotech. The company offered a range of security services including consultancy, security architecture design and implementation, and BS7799 certification. The company had about 10 customers including some from the Gulf region.

Most of the customers for security services belonged either to a vertical like BFSI or software development or BPO. However, sectors like automotive, media, FMCG etc. also showed keen interest in the services. Globally, the growth rate in manufacturing segment is higher than in banking, since in case of the latter, security is mandatory and most of the banks have already deployed some sort of security already. In India, security spend in the government sector has gone up.

The Indian market for network security services is clearly moving towards outsourced managed services because of two reasons. Deployment of in-house security professionals entails high operational expenses. Also 24/7 monitoring can be beyond the capabilities of enterprises. And there is a growing realization that it is best managed by experts.

On the other hand, even though some of network security providers (primarily HCL Comnet and Datacraft) have been successfully selling remote security management to their clients, the market is likely to favour the hybrid model (made up of onsite and offsite delivery of services) in near future. Though remote delivery of security services means most gain for customers; most customers are still not comfortable with the idea of losing control to an outside agency.

Ravi Shekhar Pandey