IT Security Market Overview Gabriel Coimbra Research & Consulting Director IDC Portugal Porto, 29 de Maio 2008 www.idc.com
Agenda Market context IT Security context CSO Agenda IT Security market Conclusion 2
The Expanding IT Realm IT $1.2 Trillion 3
The Expanding IT Realm Business Services $1+ Trillion IT $1.2 Trillion Telecom Services $1.3 Trillion Content ~$1 Trillion 4
The Expanding IT Realm Business Services Expenses: >$1T CIO IT Mgt Budget: ~$2T Telecom Services Budget: $1.3T Content Spending: ~$1T 5
The Information Explosion 1.000 900 800 700 600 500 400 300 200 100 Exabytes of Information Created WW 90% Unstructured 10X File Diversity 70% User Created 85% Corporate Liability 30% Outside Data Center 0 2007 2008 2009 2010 6
The CIO Domain Explosion Communicating Devices* WW (Millions) 5.000 4.000 3.000 2.000 1.000 Automobiles Cameras Converged phones Games GPS Industrial Machines PDAs Toys and Appliances Etc. PCs and Servers 0 2006 2007 2008 2009 2010 * Excludes RFID and sensors 7
Security Context www.idc.com
IT Security context IT Security Security Hardware Security Software Security Services Hardware Authentication Biometrics Tokens Smart Cards Threat Management Security Appliances FW/VPN Unified (UTM) IDS and IPS SCM Consulting Implementation Operations Education and Training Other 9
IT Security context Security Services Consulting Implementation Operations Education and Training Security Strategy and Planning Assessment Compliance Audit Architecture Analysis and Review IR and Forensics Design Managed Security Instructor-Led Services Training i HW and SW Procurement Integration of Security Architecture Performance Testing Transition/ Migration Hosted Security Services Technology- Based Training Text-Based Training Knowledge Transfer 10
IT Security context Security Software Identity and Access Management (IAM) Security Compliance and Vulnerability Management (SVM) Secure Content and Threat Management (SCTM) Other Security Software Advanced Authentication Web SSO Host SSO Legacy Authorization User Provisioning Directory Services Sec. Info and Event Network Endpoint Messaging Web Security Management Security Security Security Vulnerability Enterprise Endpoint (IPC) Mail Server Assessment URL Filtering Firewall Antivirus Intrusion Client Antivirus Antispam Policy and Network Prevention Compliance Intrusion Firewall/VPN Personnal Messaging Prevention Firewall Information Patching and Gateway Protection and Remediation Network Antivirus Client Control (IPC) Antivirus Antispyware Security Sys and Gateway Secure Email Host Intrusion Configuration Network Antispyware Prevention Management Access Control (NAC) USB Security Forensics Endpoint Encryption Encryption Toolkits File Encryption Database Encryption Wireless Security Others... Network Access Control (NAC) 11
Today: Current Situation ti 12
Current Threat Environment How would you rate the items below on the threat each poses to your company s enterprise network security? (Scale: 5 = significant threat; 1 = no threat) Trojans, viruses, worms, and other malicious code Spyware 45% 50% 50% 57% SPAM Employee error (unintentional) 35% 39% 39% 47% Application vulnerabilities 31% 37% Data stolen by employee or business partner 22% 37% 2006 2005 Hackers 37% 36% Source: IDC s Enterprise Security Survey 2006 Top 2 boxes (rating of 4 or 5) 13
Current Internal v. External Threats Q: Do you believe that the most serious threats to your company's enterprise IT infrastructure originate from internal or external sources? 60% 50% 40% 30% 20% 10% 0% Small Medium Large Very large External sources Internal sources About even Source: IDC s Enterprise Security Survey 2006 14
Tomorrow s Situation 15
Future Security Challenges How would you rate the items below on the threat each poses to your company s enterprise network security? (Scale: 5 = significant threat; 1 = no threat) Employees following security policy 44% 52% Increasing sophistication of attacks Business executives following security policy 33% 44% 51% 49% Security budget too small Increasing complexity of security solutions Increasing volume and complexity of network traffic 40% 38% 39% 36% 39% 33% 2006 2005 Mobile clients 27% 37% Source: IDC s Enterprise Security Survey 2006 Top 2 boxes (rating of 4 or 5) 16
What's on the Agenda for CSOs? (And What Will Drive the Market for the Next Three Years) www.idc.com
CSO Agenda, 2007 2008 1 - Process Compliance and risk assessment/management Information protection and control Security process (incident reaction) 2- People User escort Endpoint protection IAM 3 - Technology Best of breed Mixing vendors Refocus on real security 18
IT Security Market www.idc.com
Security Revenues IT Security Market in Portugal 80 Milhões de Euros 60 40 20 Hardware Software Services 2005 2006 2007 2008 2009 2010 2011 Source: IDC, 2007 20
Security Revenues Growth 35% IT Security Market in Portugal UTM Appliances Explosion Annual Growth Rate 30% 25% 20% 15% 10% Shift to SaaS Hardware Software Services 5% 2005 2006 2007 2008 2009 2010 2011 Source: IDC, 2007 21
Conclusion www.idc.com
Conclusion Traditional IT security over-protects the wrong assets, overreacts to the unexpected and over-spends on almost everything. IDC believes the risk management that applies security resources appropriately while maximizing business agility is the correct approach to the IT Security. Instead looking to IT security as a reflection, it should integrate compliance, risk assessment and business continuity dynamics into every process and application. In IDC vision, It s the only way to contain security spending while managing the risks of doing business in a connected world and mobility environment. 23
Questões? Gabriel Coimbra Research & Consulting Director IDC Portugal Av.António A Serpa, 36 9º andar 1050-027 Lisboa Portugal Tel:+351 21 796-5487 Mob:+351 91 985-4722 Fax:+351 21 796-5476 gcoimbra@idc.com www.idc.pt www.idc.com 24