Network Security Services : Riding on the Fear Factor

Comment

Digg

Del.icio.us

Defying all menace of slowdown, the network security services market continued to witness an exponential growth of over 60% in FY 2008-09. In the past few years, network security services have been growing at double the pace of products in the market. At present, system integration and consulting services are the major contributors to the services revenue. With growing awareness, FY 2009-10 may see the wide contribution of managed security, compliance audits, and certification in the overall revenues.

According to VOICE&DATA research, the overall security services market stood at Rs 739 crore in FY 2008-09 and grew to over 62%. The main contributors to this astonishing figure were HCL Comnet, Datacraft, Fortinet, Wipro Infotech, Sify, and Secure Synergy.

With over 14% market share, HCL Comnet emerged as a major player in the segment. The company garnered an estimated revenue of Rs 105 crore. In FY 2008-09, the company signed a seven-year end-to-end IT services agreement with National Insurance Company (NIC). The contract is valued at Rs 393 crore. Under this agreement, HCL will be responsible for setting up and managing a new enterprise wide IT landscape for NIC. This will cover business process re-engineering, application blueprinting and rollout of nineteen applications, systems integration and management services across data center, networks, security and help desk services spanning over 1,034 branches and 10,000 end-users across the country.

Datacraft grabbed the second position with overall revenues of Rs 95 crore in FY 2008-09. The company has been able to add many new clients over the last few years. FSI, media & communication, manufacturing, travel and transportation, ITS and ITeS continue to be its key verticals. The recent acceptance by shareholders of Datacraft Asia for an offer by Dimension Data to purchase the remaining 44.9% stake has strengthened its reach and made Datacraft a leading global IT solutions and services provider. This will give Datacraft a strong competitive position in the key markets across Asia. Also, Datacraft India would be able to operate with more flexibility and leverage opportunities in India and abroad, which in turn will accelerate growth in key markets.

The research indicates that company acquisitions, which enable the convergence of two heterogeneous environments where the security services on the network need tight integration, is the primary growth driver. Another area which is creating the fear among corporate honchos is the growth in attack signatures in terms of vulnerabilities, virus, etc.

Achieving a thumping growth of over 60% in FY 2008-09, Fortinet continued to build its strong presence in the market. With estimated revenues of Rs 64 crore, the company egressed as a third major player in the VOICE&DATA rankings. Its current focus is on new technologies to fulfill growing security needs of its clients and has some interesting projects with Delhi International Airport, India's and Moon mission Chandrayaan.

While revenue of Wipro declined by 7%, Sify manged to figure first time in the rankings. Sify is now fully operational as a long distance operator for wholesale voice with a steady increase in business. The company won significant contracts for data center services from General Insurance Corporation, State Bank of India, and Vishal Group. It also signed connectivity engagements with Canpack, HDFC SLIC, and Indian Overseas Bank.

Engineering Trends
According to VOICE&DATA estimates, the network security market is expected to grow at a CAGR of over 40% in FY 2009-10. While the industry is still witnessing demand for more customized solutions, Unified Threat Management (UTM) and Unified Access Control (UAC) are also making their foray in an aggressive manner. Also, there is a growing emphasis on simplified and one-stop solutions to queer multiple types of threats, hence, avoiding the complexities of many point products. Increased HSPDA, web 2.0 growth, and Wi-Fi availability have made mobility pushed. Thus the industry is likely to witness new applications, new application programming interfaces (APIs) and new levels of security breaches. Experts are also anticipating an increas applications using 3G and other mobile access methods.

With fears of increasing number of threats looming large, organizations are becoming more and more careful and adopting proactive security strategies. They are also shifting toward technologies used for providing BCP, DR, information security controls, etc, by adopting them as precautionary and assurance based measures against such threats. The industry is also construing an increased adoption of standards like B525999 and ISO27001.

Among new products and services, SRX is the most notable launch by Juniper in FY 2008-09. The platform has a capability to improve data center architecture by earmarking network designers to break multiple layers into one. This platform offers the flexibility to add security functionality as per requirement and can scale from 1G to 100G on the same chassis.

Check Point is no stranger to IT security revolution. The company was one of the first to launch commercial firewall, fifteen years ago. In February 2009, Check Point introduced its Software Blade Architecture, which is a logical security building block that can be centrally managed. Software Blades can be quickly enabled and configured into a solution based on specific business needs. And as needs evolve, additional blades can be quickly activated to extend security to an existing configuration within the same hardware foundation.

The year gone by saw an increasing appearance of sophisticated threats and growing complexity of infrastructure environment. This is burdening the in-house IT departments to match the threat scenario.

Moreover, adherence to regulatory compliance is forcing the resource and knowledge handicapped IT departments to look at outsourcing their security operations.

Fortinet, another major player in this segment, launched a new vulnerability management (VM) and compliance solution, FortiScan-1000B, for endpoint assets including desktops and laptops as well as other network assets, such as servers. It is targeted at mid to large enterprises and government entities. FortiScan-1000B appliance will help organizations protect thousands of computing assets by integrating various capabilities into a single device.

Similarly, HCL launched new services like anti-phishing, anti-malware monitoring, managed endpoint security, and managed authentication. Moreover, it has also worked with principles to integrate new solutions like data leak prevention (DLP), network admission and access control (NAC), encryption, etc.

The last few years saw the emergence of sophisticated threats, which resulted into the evolution of new technologies like DLP, NAC, encryption solution, transaction level monitoring solution for BFSI segment, and federated identity management to support large scale M&A in the industry. Also, services like anti-phishing, anti-malware, integrated managed endpoint security, application and database security monitoring, etc, are seeing momentum in the security market.

New Age Drivers
The network security market is undergoing a change that is marked mainly by the integration of security appliances and solutions. Overall, the security market is going to be driven by next generation security devices like 'Secure Services Gateways'. The emerging new class of networking devices, known as services gateways, combine the functionality of networking infrastructure devices like routing and switching, and security applications like VPN, firewall, anti-virus, IDS/IPS, content filtering, etc, onto a single platform. BFSI segment is envisioning greater adoption of security services as compared to IT/ITeS and the service provider segment. And SMBs have been steadily focusing on integrated security appliances.

Enterprises would be dedicating huge resources to manage individual security appliances. The IT staff would need to be trained on each user interface, with different commands and settings for each device. It is imperative that a company deploys a proven, reputable solution instead of a UTM device that has all the right marketing keywords on the package. A UTM system is only part of a total security infrastructure. In the past, enterprises were mostly engaged with deployment of multiple security software programs, including a firewall, anti-virus software, anti-spam appliance and URL gateway. Though these programs and devices had their specific purposes, implementing so many separate systems is not so cost effective as compared to UTM.

The IT infrastructure user market has become excessive cost sensitive to have security demands. It is now paving way for low-cost outsourced services to address security needs. The growth of virtualization and software as a service (SaaS) is driving more and more organizations to offload their IT services to outsourced vendors. Experts believe that the best bet to outsource would be the service providers for their commitment on availability and dependent infrastructure.

Not Plug and Play Anymore
Given the global meltdown and its aftermath, organizations are now espousing every possible measure to avoid any additional embarrassment. Earlier, buying a firewall was sensed to be the end to all security-related woes. However, that perception is swiftly changing and organizations are devoting substantial time for making blueprints to handle various aspects of security.

Concepts such as perimeter defense, intrusion management architecture, secure branch office, secure IP telephony framework, etc, are gaining immense importance while drafting security frameworks.

Among the key challenges, scarcity of trained network security professionals has been a major issue. Because of this, many organizations are not outsourcing their network security management and monitoring services. There is a strong need to change this mentality and the onus is on the security professionals and vendors, who must create more success stories to take this growth to new level.

Panorama 2009-10
Security always plays a crucial role in IT strategy, but overall it has been a tough task for a CTO to rationalize the implementation budgets on it. In the current bleak environment, companies are looking to spend only for the factual demand and therefore, 2009-10 could see a strong call for customized and scalable security solutions in India.

The SMB sector is also realizing that security is not just about implementing the best-of-breed technology or purchasing boxes and putting them up. Rather, it is an action that demands constant service support to work effectively. Also, the increasing mobility of workforce, rapidly growing broadband adoption, and the rising demand for IT-enabled enterprise solutions are resulting in a continuous rise in the complexity of corporate network security. Considering this, the industry is expected to witness the entry of some new global and domestic players in FY 2009-10. It is expected that organizations are going to consolidate their IT spend in 2009.

Considering the large number of SMEs still incapable of handling their security needs, the network security services market is expected to continue showing solid growth in the near future with further widening of security war pectuses.

In 2009-10, organizations will concentrate more on web, hosted and data security solutions. The need for data protection in the web 2.0 world and creating awareness about web threats is expected to take the lead. Hence, service inspections such as vulnerability assessment and testing will gain more authority .

This increasing security cognizance will emphatically create demand and would be the driving force for this industry. However, it must be remembered that this growth can only be sustained if security domain experts are able to distinguish between common needs and customized needs of organizations in the way they conduct business.

Jatinder Singh
jatinders@cybermedia.co.in