Browse by year:
February - 2005 - issue > Cover Feature
Information Security - An Insight
Shantanu Dasgupta
Monday, November 17, 2008
The growth of information technology and IT networks in businesses leads to many issues and challenges—key one being Informa-tion Security.

The threats accompanied Information Technology from its inception and grew with it. The figure below illustrates how the threats developed in scope and impact with growing IT networks.

Need for Information Security
Enterprises today are bringing increased numbers of their transactions online, including those critical to their business. The safety and confidentiality of this information are very significant. Especially in banks and IT/ITES firms, online transactions are essential for business flow, and any disruption in flow can cause much loss. Estimates say that there is a 2000 percent increase over the period of 1999 to 2003 in financial losses from hacker-caused denial of service, which translates to about $65.6 million in reported cost.

Regulations like the HIPAA, the Gramm-Leach-Bliley Act, and the Turnbull Report has much impact in the U.S and U.K. The IT/ITES industries that caters to outsourcing from these counties, must comply with their regulations. In India, the RBI mandate for bringing all banks online has driven the BFSI sector towards such solutions. Currently approximately 60 percent of the revenues for Network security are derived from the IT-ITES, Telco’s & BFSI sectors in India, so the impact of this driver can be understood.

Ensuring Optimal Utilization of Resources
A latest trend that is catching up is the focus on optimal utilization of resources. Corporations worldwide are experiencing distinct issues like:
  • Productivity losses as employees spend company time to visit non-business sites

  • Bandwidth limitations due to clogging up of network access

  • The net result of non-business Internet usage affects the productivity of the corporation, either by reducing the revenues and/or increasing costs. Some estimates have revealed that a large sized organization in the U.S. on average loses more than $10 million due to such non-business pursuits.

    About 20 years back, the threats were viruses that took some weeks before causing some damage. Today infection time has reduced to minutes. The sapphire worm (slammer) took approximately 11 minutes to infect around 75,000 hosts.

    The increasing sophistication of threats is continuously matched with upgrades in technologies and services, resulting in higher investments. However, IT security spending relative to other investments is fractional. Though the awareness is increasing, the challenge of market education is quite evident.

    Anti-virus had traditionally been the solution at end-point, meaning desktops. However, with growing business complexities, security solutions that address end-point issues as well as those of perimeter and gateway levels like Firewall, VPN and Intrusion Detection Systems have grown significantly.

    The Firewall-VPN revenues in India grew by 69 percent in 2003 from 2002’s $14.9 million, currently resulting in $25.2 million. The IDS revenues also increased 55 percent to $4.7 million during the same period (Frost & Sullivan estimates). The Network Security market in India, which primarily constitutes these three technologies, is continuously growing at a tremendous rate and has crossed the $20 million mark in 2004-H1 (Frost & Sullivan estimates). Some of the latest technology trends are:

    Integrated Security
    Integrated security can be defined as addressing security from all aspects of the organization. Currently emerging market solutions combine technologies like Firewall, VPN, and IDS and Antivirus into a single box. Companies like Symantec and ISS already employ such solutions.

    Cisco’s initiative called Self-Defending Networks has tied up with leading Antivirus vendors like Symantec, McAfee and Trend Micro to have the synergies of their expertise on the desktop side alongside their own expertise in Network knowledge as a part of an integrated security initiative.

    The first half of 2004 witnessed the launch of these products and with a number of players launching solutions in this arena; there is a good market buzz. The revenues thus far should not be greater than a few hundred thousand in 2004. Primarily, the appliances’ value proposition was to offer customers an all-inclusive solution at economic costs. The prime targets were SMB customers who have minimal security needs, due to a lesser number of users, and an integrated security solution with much potential is beneficial for them.

    With growing business complexities and increasing security needs, Integrated Security is likely to grow tremendously.

    Intrusion Detection Systems
    Intrusion Detection Systems have undergone a natural progression from merely detecting unusual patterns known as “Intrusions” to Intrusion Detection and Prevention. The natural driver for these systems is the increasing sophistication of threats and the need for response time reduction. The market leader in the IDS space ISS is also leading the way in IDP. With Juniper and McAfee joining with their own IDP solutions, the market is becoming quite competitive.

    Clearly, this market for IDP is at a very nascent stage. The revenues have been less than $500,000 until now in the Indian market. However, a faster market education due to competition coupled with the increasing need for sophisticated solutions will greatly drive this technology, especially for larger enterprises.

    SSL VPNs
    Globally SSL VPNs have become quite a buzz. However, SSL VPNs are a recent phenomenon in India. The SSL VPNs have been launched in India this year and already market revenues have reached $ 700-800,000. The market’s major players are global leader Juniper, as well as Nortel, Nokia, Aventail, Safenet and Portwise. The existing competition and the benefits of SSL VPNs will drive the market maturity. Regulatory needs, Increasing use of Extranets, Increased demand by employees for flexible working options will further fuel growth of the SSL VPN market. However, there are other technologies like Identity Management, with their unique set of features becoming noticed.

    Managed Services
    The Managed Security Service Providers (MSSP) can be defined as the service providers who remotely monitor and manage security from their Secure Operating Center (SOC) or Network Operating Center (NOC).

    The concept has already caught on in the developed countries like the U.S. and Europe. Globally, this market reached $497.3 million in 2002 (Frost & Sullivan estimates) and will grow at a CAGR of around 24 per cent. However, the market in India is very nascent. In 2004-H1, the MSSP market in India should be close to $0.5 million. A look at the drivers of these services globally reveals that apart from all the other aforementioned needs and challenges mentioned, the ability to offer continuous monitoring is a prime driver. This especially caters to issues of cost control as well as requirement of specialized skill sets.

    Future outlook
    With growing complexities of networks and the need to comply with global regulations, the cost of services associated with security will advance and it is where we expect that Managed Services will find its footing. No doubt the phenomenon is pretty nascent in India and it will take some time when the real value proposition of Managed Services will emerge. In India, HCL Comnet, Wipro & DataCraft-Asia are leading the initiative of Managed Services.

    Even vendors like Cisco and McAfee are also encouraging the Managed Security Services from their side with, major Vendors and tier1 SI’s taking on these initiatives, the future of Managed Services seems to be promising.

    Shantanu Dasgupta is an analyst with the Technology Practice team of Frost & Sullivan India that works in various areas of Information technology and telecom.

    Share on LinkedIn