Things may be hard financially for many areas of IT… but not so much
for security.
In fact, Secure Content Management (SCM) is one of the few areas of IT
spending which continues to expand in this sluggish economy. According
to IDC, a Framingham, Mass.-based analyst firm, worldwide revenue for
SCM software grew 34 percent to $2.7 billion in 2002 and another 25
percent to $3.4 billion in 2003. IDC expects the market will reach $7.5
billion by 2008.
There is an even faster growing market for SCM
appliances. See sidebar.
IDC analyst Brian E. Burke says major virus and worm outbreaks,
continued growth in spam, and corporate deadlines for compliance with
government regulations are some of the factors driving the purchase of
SCM solutions. Spyware is yet another important element.
”Spyware is no longer just a consumer nuisance,” says Burke. ”It is
quickly becoming a major concern in the corporate environment. The fact
that spyware can gather information about an employee or organization
without their knowledge, is causing corporate security departments to
take notice.”
Taking Security Seriously
It’s taken a while for the corporate world to wrap its collective head
around computer security. But, now, companies are treating the subject
very seriously.
”Five years ago, if you told people they were doing something insecure,
they wouldn’t mind,” says Neal Krawetz, Ph.D., a senior researcher at
Secure Science Corp. in San Diego, Calif. ”Today, it is a very
different climate. Companies are taking preventative measures that you
wouldn’t have heard of before.”
According to the 2004 CSI/FBI Computer Crime and Security Survey, 99
percent of respondents have antivirus software, 98 percent have
firewalls, 68 percent are using intrusion detection and 42 percent use
file encryption.
On the vendor side, Microsoft’s Windows XP Service Pack 2 is making the
desktop more secure. Even the wild west of the wireless world may be
calming down some with the release of IEEE’s 802.11i security standard
for wireless networks.
While that is all good news, the battle is far from won.
Statistics from the CERT Coordination Center at Carnegie Mellon
University’s Software Engineering Institute show that the number of
vulnerabilities reported this year is running slightly below the 2002
peak, but it is still 50 percent higher than it was in 2001. Meanwhile,
hackers are building faster and more powerful attacks, such as last
January’s MyDoom — a worm which has installed backdoor Trojans on
countless computers. And we can’t foget the virulent Netsky or Bagle
viruses, or even 2003’s SQL Slammer, which took a mere 10 minutes to
infect more than 100,000 database servers.
”As security becomes more sophisticated, coming up with more patches
and closing more holes, attackers have to become more creative,” says
Krawetz.
To meet this new generation of threats, more companies are realizing
that piecemeal actions won’t provide the level of security they need.
For a more complete approach, they are turning to SCM software, which
consists of a combination of elements such as antivirus programs, email
filtering, Intrusion Detection Systems (IDS) and firewalls.
”You always want to keep multiple layers of defense,” says Orest
Resitnyk, director of IT for National Insurance Programs in Woodbridge,
N.J.
Reasons to Adopt
The SCM market includes most of the familiar names in the security
business. The top four software vendors, each with more than $100
million in 2002 SCM revenue, were Symantec Corp. based in Cupertino,
Calif.; Network Associates, Inc. of Santa Clara, Calif.; Trend Micro,
Inc. based in Cupertino, Calif., and Computer Associates, Inc. of
Islandia, N.Y. These firms accounted for two-thirds of the total SCM
market.
Four other companies had greater than $40 million in SCM revenue. They
include SurfControl PLC of England; Websense, Inc. based in San Diego,
Calif.; Sophos PL of Abingdon, UK, and Panda Software International
based in Bilbao, Spain. Panda and Websense had the highest growth rates
— both exceeding 50 percent.
Worms, viruses, spyware and other outside attacks are not the only
reasons to adopt SCM. Convenience, privacy, bandwidth conservation and
policy enforcement also play their role. Downloading music and movies,
for instance, doesn’t just waste company payroll and bandwidth, it also
can lead to legal threats.
”The RIAA, the Motion Picture Association of America, and other groups
recently warned CEOs of Fortune 1,000 companies that their enterprises
could be liable for breaking copyright laws if employees use company
networks to download, store or distribute music or movies illegally,”
says IDC’s Burke
Porn is another aspect of the problem.
Employees can sue a company for a ‘hostile work environment’ if they
receive unsolicited porn e-mails or are subjected to working in an
office where other employees are viewing porn online. In a wonderful
Catch-22 situation, the American Library Association has been fighting
laws requiring the installation of porn filters, but employees at a
Minneapolis library just won $500,000 in a harassment lawsuit because
patrons were viewing and printing out porn on the library’s computers.
Fortunately, private enterprises have a greater legal right to install
filters than public institutions.
But beyond meeting security needs, SCM also helps companies achieve
their business goals. Providing better service to fans is what led David
Curry, director of information services for the Seattle Mariners
baseball organization to set up Computer Associates’ SCM software to
manage the 60,000 emails his organization receives weekly.
”On some email accounts, 95 percent are spam and it takes a long time
to delete them,” Curry explains. ”Some are offensive and employees
complain, but mainly we wanted to guarantee customer service.”