Gabriel Coimbra Research & Consulting Director IDC Portugal. Porto, 29 de Maio

Transcription

1 IT Security Market Overview Gabriel Coimbra Research & Consulting Director IDC Portugal Porto, 29 de Maio

2 Agenda Market context IT Security context CSO Agenda IT Security market Conclusion 2

3 The Expanding IT Realm IT $1.2 Trillion 3

4 The Expanding IT Realm Business Services $1+ Trillion IT $1.2 Trillion Telecom Services $1.3 Trillion Content ~$1 Trillion 4

5 The Expanding IT Realm Business Services Expenses: >$1T CIO IT Mgt Budget: ~$2T Telecom Services Budget: $1.3T Content Spending: ~$1T 5

6 The Information Explosion Exabytes of Information Created WW 90% Unstructured 10X File Diversity 70% User Created 85% Corporate Liability 30% Outside Data Center

7 The CIO Domain Explosion Communicating Devices* WW (Millions) Automobiles Cameras Converged phones Games GPS Industrial Machines PDAs Toys and Appliances Etc. PCs and Servers * Excludes RFID and sensors 7

8 Security Context

9 IT Security context IT Security Security Hardware Security Software Security Services Hardware Authentication Biometrics Tokens Smart Cards Threat Management Security Appliances FW/VPN Unified (UTM) IDS and IPS SCM Consulting Implementation Operations Education and Training Other 9

10 IT Security context Security Services Consulting Implementation Operations Education and Training Security Strategy and Planning Assessment Compliance Audit Architecture Analysis and Review IR and Forensics Design Managed Security Instructor-Led Services Training i HW and SW Procurement Integration of Security Architecture Performance Testing Transition/ Migration Hosted Security Services Technology- Based Training Text-Based Training Knowledge Transfer 10

11 IT Security context Security Software Identity and Access Management (IAM) Security Compliance and Vulnerability Management (SVM) Secure Content and Threat Management (SCTM) Other Security Software Advanced Authentication Web SSO Host SSO Legacy Authorization User Provisioning Directory Services Sec. Info and Event Network Endpoint Messaging Web Security Management Security Security Security Vulnerability Enterprise Endpoint (IPC) Mail Server Assessment URL Filtering Firewall Antivirus Intrusion Client Antivirus Antispam Policy and Network Prevention Compliance Intrusion Firewall/VPN Personnal Messaging Prevention Firewall Information Patching and Gateway Protection and Remediation Network Antivirus Client Control (IPC) Antivirus Antispyware Security Sys and Gateway Secure Host Intrusion Configuration Network Antispyware Prevention Management Access Control (NAC) USB Security Forensics Endpoint Encryption Encryption Toolkits File Encryption Database Encryption Wireless Security Others... Network Access Control (NAC) 11

12 Today: Current Situation ti 12

13 Current Threat Environment How would you rate the items below on the threat each poses to your company s enterprise network security? (Scale: 5 = significant threat; 1 = no threat) Trojans, viruses, worms, and other malicious code Spyware 45% 50% 50% 57% SPAM Employee error (unintentional) 35% 39% 39% 47% Application vulnerabilities 31% 37% Data stolen by employee or business partner 22% 37% Hackers 37% 36% Source: IDC s Enterprise Security Survey 2006 Top 2 boxes (rating of 4 or 5) 13

14 Current Internal v. External Threats Q: Do you believe that the most serious threats to your company's enterprise IT infrastructure originate from internal or external sources? 60% 50% 40% 30% 20% 10% 0% Small Medium Large Very large External sources Internal sources About even Source: IDC s Enterprise Security Survey

15 Tomorrow s Situation 15

16 Future Security Challenges How would you rate the items below on the threat each poses to your company s enterprise network security? (Scale: 5 = significant threat; 1 = no threat) Employees following security policy 44% 52% Increasing sophistication of attacks Business executives following security policy 33% 44% 51% 49% Security budget too small Increasing complexity of security solutions Increasing volume and complexity of network traffic 40% 38% 39% 36% 39% 33% Mobile clients 27% 37% Source: IDC s Enterprise Security Survey 2006 Top 2 boxes (rating of 4 or 5) 16

17 What's on the Agenda for CSOs? (And What Will Drive the Market for the Next Three Years)

18 CSO Agenda, Process Compliance and risk assessment/management Information protection and control Security process (incident reaction) 2- People User escort Endpoint protection IAM 3 - Technology Best of breed Mixing vendors Refocus on real security 18

19 IT Security Market

20 Security Revenues IT Security Market in Portugal 80 Milhões de Euros Hardware Software Services Source: IDC,

21 Security Revenues Growth 35% IT Security Market in Portugal UTM Appliances Explosion Annual Growth Rate 30% 25% 20% 15% 10% Shift to SaaS Hardware Software Services 5% Source: IDC,

22 Conclusion

23 Conclusion Traditional IT security over-protects the wrong assets, overreacts to the unexpected and over-spends on almost everything. IDC believes the risk management that applies security resources appropriately while maximizing business agility is the correct approach to the IT Security. Instead looking to IT security as a reflection, it should integrate compliance, risk assessment and business continuity dynamics into every process and application. In IDC vision, It s the only way to contain security spending while managing the risks of doing business in a connected world and mobility environment. 23

24 Questões? Gabriel Coimbra Research & Consulting Director IDC Portugal Av.António A Serpa, 36 9º andar Lisboa Portugal Tel: Mob: Fax: gcoimbra@idc.com