Studies: Security Services, Software on the Rise

One day after the Superbowl — labeled the most secure sporting event ever held in the United States — market research firms IDC
Corp. and Gartner’s Dataquest Inc. released new figures on managed security services and security software,

IDC pegged the U.S. market for managed security services at some $720 million in 2000 and, in the wake of the Sept. 11 events,
increased focus and interest has certainly been placed on safeguarding systems from potentially crippling terrorist cyberattacks. As
such, IDC said it now expects this figure to escalate to $2.2 billion by 2005 — a compound annual growth rate (CAGR) of 25.4
percent between 2000 and 2005.

IDC believes the most apparent opportunities for managed security service providers (MSSPs) are within the small to medium-sized
business market. This is because such customers have strong security needs, but limited information security skills and resources.
One salient fact is that service providers must become much more cognizant of security needs.

“The managed security services market is being driven primarily by resource constraints to capital and security expertise, as well
as the growing complexity of networks and rogue access points, which exponentially increase exposure to vulnerabilities and
threats,” said Allan Carey, senior analyst of IDC’s Information Security Services research service. “These factors combined are
drastically affecting the way organizations approach risk mitigation. Customers want information security solutions to seamlessly
integrate into the network, ensure scalability, and provide a measurable return on investment.”

Further research and figures are housed in IDC’s “Reality or Illusion: Demystifying the Managed Security Services Market,” which
also examines real-time, security management and monitoring services and the vendors that provide them on an outsourcing basis.

Meanwhile, Gartner unit Dataquest said in its report, “Gartner Predicts 2002: Security and Privacy,” that despite constricted IT
budgets it foresees the worldwide security software market hitting $4.3 billion in 2002. This is a 18 percent increase over revenue
of $3.6 billion in 2001.

Again, the events of Sept. 11 and ongoing war on terrorism are paving the way for growth in this arena, with enterprises snapping up
antivirus software, intrusions detection systems and firewalls,” according to Colleen Graham, an analyst for Dataquest’s Software
Industry Research group.

“Technologies such as biometrics and other forms of authentication are also getting a great deal of attention, but because of the
high cost of rolling out such technologies, mass adoption of these products will not occur before 2003,” Graham said.

The report noted that, perhaps not surprisingly, the telecommunications and communications industries were the major purchasers of
security software. However, Dataquest predicted that government, education, IT and especially financial services are expected to
increase security software spending. This is because banks and such rely so much on computerized infrastructure to function. Graham
explained the logic behind her firm’s affirmations.

“Financial services companies are critically concerned about the infrastructure-dependent nature of the industry and are anxious to
prevent outages, such as those suffered after Sept. 11, from occurring again,” Graham said. “Government and defense will increase
spending in reaction to public concern about the shamefully low scores received in security audits performed in reaction to
increased concerns about the security of the government IT infrastructure.”

The Dataquest report foreshadows the company’s upcoming conference, Information Security: Combating Enterprise Espionage and
Protecting Corporate Assets, which will be held May 15-17, 2002, at the Sheraton Chicago Hotel and Towers in Chicago.

News Around the Web