I D C T E C H N O L O G Y S P O T L I G H T S e c u r i t y i n t h e M i d m a r k et: Challenges of V i r t u a lization March 2013 Adapted from Worldwide Datacenter Security 2012 2016 Forecast: Protecting the Heart of the Enterprise 3rd Platform by John Grady, Chris Christiansen, Phil Hochmuth, et al., IDC #237776; 2011 Cloud Security Survey: Trends in Security for, and from, the Cloud by Phil Hochmuth, IDC #228224; and SMB Security Competitive Best Practices Key Performance Attributes by Charles J. Kolodgy and Raymond Boggs, IDC #233439 Sponsored by Trend Micro While IT allows midmarket businesses to maximize limited resources and do more with less, technological advances cut both ways. Improved connectivity, communication, and Web presence provide benefits to midsize businesses, yet they can also result in an increase of Internet-based security threats and expose the business to criminal elements that these companies wouldn't otherwise encounter. At the same time, midsize organizations are increasingly utilizing virtualization as well as public and private clouds, trends that have changed security requirements. This Technology Spotlight explores how midmarket virtualization trends are affecting management and security at midsize companies and discusses the role that Trend Micro has in the important market for security solutions for midsize companies. Introduction Businesses in the midmarket have as much need for information technology as larger companies. In many ways, midsize organizations might need IT more because it can be a real force multiplier, allowing them to reach additional markets. In a connected world, midsize businesses are increasingly relying on the Internet to reach more customers, better service those customers, and ultimately be more competitive. In addition to the Internet, cloud is a new paradigm of computing that will shape IT spending over the next several decades the logical evolution of what IDC referred to as "dynamic IT" for years. It entails shared access to virtualized resources over the Internet. IDC estimates that cloud services spending will continue to grow at double-digit rates for the next few years, gradually accounting for a larger proportion of all IT spending. The key advantage to cloud services should be the ability of IT organizations to shift IT resources from maintenance to new initiatives. This in turn could lead to new business revenue and competitiveness. For these reasons, many midsize businesses have adopted virtualization, which is an important component of cloud computing. In response, datacenter architectures have changed to address the growth of both public and private clouds, and security requirements have changed as well. A major benefit virtualization technology offers to midmarket firms is the ability to consolidate and reduce their overall IT footprint, especially in the datacenter. This results in lower costs for managing data and applications, which, in midsize firms, can sometimes be spread across the organization from boxes humming in back closets to departmental server rooms and the company's central corporate data/compute location. At the same time, this consolidation and reduction of hardware can put firms at risk by introducing a potential single point of failure for business applications and data. Organizations can compress apps and data for their lines of business, as well as back-office IDC 1467
functions, communications platforms, and corporate archives, onto a few physical machines running dozens of virtual instances. But the integrity of this centralized, virtualized business computing environment can be compromised by external attacks, by infection on a hosted virtual workload, or at the virtualization layer itself. In a worst-case, "all eggs in one basket" scenario, a midsize firm's ability to generate revenue, bill and service customers, or even send/receive email could be wiped out due to an exploited vulnerability on one of the myriad server workloads that may exist in a high-density virtualized host. Breaches and compromises do not have to be as dramatic to adversely affect business; malware or other intrusions can affect latency, system resources, and application performance. Such issues might be tolerable in a traditional client/server network, but they are magnified in a virtualization scenario where multiple workloads and services share limited physical memory and processing resources. The virtualization of the datacenter, as well as the adoption of cloud and IT as a service, introduces new technologies and management processes that promise significant cost and performance benefits. To a large extent, the residual risks associated with virtualization, cloud, and IT as a service are still not well understood by businesses. As midmarket IT becomes more virtual, security providers must offer solutions to seamlessly support organizational needs for internal, external, and hybrid application and infrastructure workloads. Most environments remain a mix of virtualized and physical workloads, requiring security solutions to provide a common policy framework across all deployment scenarios. Issues around the dynamic nature of virtual environments, the speed of server and application deployment, and the performance limitations of virtual security products remain top of mind for many organizations. As organizations look at new datacenter initiatives or full-scale buildouts, they would be well served to include a clear, end-to-end security strategy to address new architectures. Too often, security is an afterthought in the planning process and becomes a patchwork of disjointed products after the fact. Users should look not only for security products that protect against the advanced, targeted threats in today's environment but also at security that enables (rather than inhibits) the consolidation and scaling benefits of next-generation datacenters. Hackers and others continue to find ways to attack enterprises, including small and midsize businesses. These companies in some ways are low-hanging fruit for organized crime. Attack vectors continue to increase and are becoming more difficult to discover. Organizational attackers (mercenaries for hire, organized crime, or state sponsored) increase the sophistication of attacks and the resources available to attackers. The most damaging cyberattack against midsize businesses is when cybercriminals implant malware on a company's computers and use that malware to gain access to the company's bank accounts via online banking. The cybercriminals then start siphoning off money as quickly as they can. As a result, today's security solutions must do a number of things to address the adoption of virtualization in the midmarket, including: Protect. Advanced, targeted threats against emerging technologies are top of mind for users today. Security solutions must provide defense across a number of platforms and against a variety of sophisticated threats while still achieving scalability and streamlined management. Scale. Security solutions must easily scale alongside the platforms they are protecting to allow organizations to fully embrace the benefits of virtualization and consolidation. In terms of virtualized environments, security must scale along with increased densities of virtual machines (VMs) both servers and desktops running on physical hosts, and it must do so in a way that does not impede the performance of the virtual environment or otherwise impact the business continuity of the virtualized workloads. Manage. Streamlined management across physical, virtual, and cloud environments is a prerequisite as organizations remain more likely to implement virtual and cloud solutions for specific segments of their infrastructure rather than across the entire datacenter. 2 2013 IDC
Benefits Midsize firms will benefit most from security solutions that are integrated into the fabric of their overall virtualization platform of choice, as opposed to individual point solutions that are bolted on to secure virtual workloads or applications after the fact. As midsize firms begin to unitize more external cloud services and resources, they will also require security technology, which can follow critical data workloads as organizations take advantage of cloud services such as infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), and software-as-a-service (SaaS) offerings that are increasingly targeting and being tailored to this market segment. Security policy and protection capabilities must be applicable from the inception of a virtual workload through its life cycle in both on-premise and cloud-based virtualized environments. Trends The security products market encompasses a wide range of functions, platforms, and form factors. Security is one of the most dynamic segments of the overall information technology industry. Security products are used for confidentiality, integrity, privacy, and assurance. Through the use of security applications, organizations can provide security management, access control, authentication, malware protection, encryption, data loss prevention (DLP), intrusion detection and prevention, integrity monitoring, firewalls, Web reputation services, vulnerability assessments, and perimeter defense. All these tools are designed to improve the security of an organization's networking infrastructure and help advance value-added services and capabilities. The major security markets encompass the areas of endpoints, messaging, networks, the Web, identity and access management, and security and vulnerability management. According to IDC, midsize organizations (those with between 100 and 1,000 employees) spent approximately $2.8 billion on security products in 2012. IDC estimates that these organizations will spend $3.7 billion on security products by 2015. Overall, security remains a dynamic market that is seeing strong growth even in the face of questionable economic conditions. The threat landscape continues to evolve as attackers take advantage of vulnerabilities in new technologies. Bad actors target social media, Web applications, and a myriad of user devices to gain entry to the network. Cloud computing, or "as a service" IT, is disrupting a range of technology markets, from datacenter infrastructure and back-office systems to end-user client and OS platforms. The convergence of virtualized computing, rich Web application interfaces, and nearly ubiquitous networks from widely available broadband to high-speed wireless is making all of this possible. IT security is no exception to the SaaS trend; cloud security services, or security SaaS, is the fastest-growing segment among all enterprise security platforms. For securing content such as email traffic or Web content and applications, the cloud is the natural platform for such tasks as spam and Web filtering, online policy enforcement, and behavior monitoring. IDC expects the market for security SaaS to grow from nearly $2.2 billion in 2010 to $3.8 billion by 2014. 2013 IDC 3
Product Profile Deep Security is the flagship offering from security software provider Trend Micro for midsize and large enterprise virtualization and cloud environments. The product is architected to help organizations protect, scale, and manage the security of their virtual and cloud environments. Deep Security is a server protection platform that combines antimalware, Web reputation, intrusion prevention, firewall, integrity monitoring, and log inspection modules in a single solution to protect against advanced threats that target medium-sized businesses today. The product works like a Swiss Army knife customers can deploy any combination of the previously mentioned modules and add more protection with just a license key switch. Deep Security is tightly integrated with the virtualization platform and leverages specific hypervisor APIs made available by VMware to provide security for the virtual environment in an agentless manner (i.e., a single virtual appliance to protect the entire host as opposed to multiple in-guest security agents within each VM). This improves the ability of the IT team to both scale the security solution with the virtual environment and significantly improve security manageability for the individual guest VMs running in the environment. Deep Security is available flexibly in both agentless and integrated agent form factors and is a single solution that can protect physical, virtual, and private/public/hybrid clouds. This comprehensive, centrally managed platform helps simplify security operations while enabling regulatory compliance and accelerating the ROI of virtualization and cloud projects. Deep Security, via its integration with cloud platforms such as Amazon AWS and VMware vcloud, allows midsize businesses and large enterprises that are moving workloads to hybrid/public clouds to manage such workloads with the same policies that are used for workloads within the physical/virtual datacenter. Deep Security comes with multitenant capabilities that enable cloud service providers to offer security as a differentiated service to medium-sized and large business customers in their hosted cloud environments. Large cloud services customers are increasingly integrating Deep Security and its sister product, SecureCloud, which offers policy-based encryption, into their cloud offerings. Deep Security is Common Criteria EAL 4+ certified, the same level as VMware vsphere. It is validated on virtualization ecosystems, including VCE Vblock, Cisco UCS, EMC VSPEX, and NetApp FlexPod. Deep Security comes in a specialized Acceleration Kit bundle of software and services for the midsize business. Challenges Trend Micro continues to focus on core growth markets for security particularly in endpoint (with an emphasis on mobile and BYOD), Web, and content security as it concentrates on securing virtual and cloud environments and leveraging a vast global network to produce actionable threat intelligence for customers, including midmarket businesses. Each of these areas plays right into the four pillar focus of IDC research: mobility, social, cloud, and Big Data/analytics. Trend Micro must balance its large-scale security vision with solid execution: Tying quality solutions, such as Deep Security, focused on each pillar back to the big picture will give midsize security buyers high-level confidence in Trend Micro while keeping IT operators happy with products that work as advertised. It's a delicate balance, but Trend Micro has a track record of executing in this area. 4 2013 IDC
Conclusion The shift to a cloud-based IT architecture is a foregone conclusion for many midsize organizations across a wide range of verticals. However, this shift is still accompanied by trepidation as security and compliance concerns can slow or block many cloud initiatives, in terms of both private and public deployment models. While risks associated with cloud services and deployment models vary depending on the customer, application, and use case, the need for security solutions to be deployed alongside cloud technologies is clear. To that end, businesses are taking a more strategic and structured approach to securing their public, private, and hybrid cloud deployments while demanding more security features, functionality, and responsibility for security systems from providers of SaaS, PaaS, and IaaS platforms. Trend Micro has demonstrated its efficient and effective approach to the two-headed problem of providing effective security for virtualized systems while not impeding the performance of virtualized workloads. This will be critical for midsize businesses, which are particularly vulnerable to disruption as a result of an attack on or infection in a virtual environment or as a result of unresponsiveness or performance issues relating to virtual security solutions that cannot scale efficiently. If Trend Micro addresses the challenges highlighted in this paper, IDC believes the company has a significant opportunity for success. A B O U T T H I S P U B L I C A T I ON This publication was produced by IDC Go-to-Market Services. The opinion, analysis, and research results presented herein are drawn from more detailed research and analysis independently conducted and published by IDC, unless specific vendor sponsorship is noted. IDC Go-to-Market Services makes IDC content available in a wide range of formats for distribution by various companies. A license to distribute IDC content does not imply endorsement of or opinion about the licensee. C O P Y R I G H T A N D R E S T R I C T I O N S Any IDC information or reference to IDC that is to be used in advertising, press releases, or promotional materials requires prior written approval from IDC. For permission requests, contact the GMS information line at 508-988-7610 or gms@idc.com. Translation and/or localization of this document requires an additional license from IDC. For more information on IDC, visit www.idc.com. For more information on IDC GMS, visit www.idc.com/gms. Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com 2013 IDC 5