Sunday, May 16, 2021

Buying into SCM — The Price of Protection

Things may be hard financially for many areas of IT… but not so much

for security.

In fact, Secure Content Management (SCM) is one of the few areas of IT

spending which continues to expand in this sluggish economy. According

to IDC, a Framingham, Mass.-based analyst firm, worldwide revenue for

SCM software grew 34 percent to $2.7 billion in 2002 and another 25

percent to $3.4 billion in 2003. IDC expects the market will reach $7.5

billion by 2008.

There is an even faster growing market for SCM

appliances. See sidebar.

IDC analyst Brian E. Burke says major virus and worm outbreaks,

continued growth in spam, and corporate deadlines for compliance with

government regulations are some of the factors driving the purchase of

SCM solutions. Spyware is yet another important element.

”Spyware is no longer just a consumer nuisance,” says Burke. ”It is

quickly becoming a major concern in the corporate environment. The fact

that spyware can gather information about an employee or organization

without their knowledge, is causing corporate security departments to

take notice.”

Taking Security Seriously

It’s taken a while for the corporate world to wrap its collective head

around computer security. But, now, companies are treating the subject

very seriously.

”Five years ago, if you told people they were doing something insecure,

they wouldn’t mind,” says Neal Krawetz, Ph.D., a senior researcher at

Secure Science Corp. in San Diego, Calif. ”Today, it is a very

different climate. Companies are taking preventative measures that you

wouldn’t have heard of before.”

According to the 2004 CSI/FBI Computer Crime and Security Survey, 99

percent of respondents have antivirus software, 98 percent have

firewalls, 68 percent are using intrusion detection and 42 percent use

file encryption.

On the vendor side, Microsoft’s Windows XP Service Pack 2 is making the

desktop more secure. Even the wild west of the wireless world may be

calming down some with the release of IEEE’s 802.11i security standard

for wireless networks.

While that is all good news, the battle is far from won.

Statistics from the CERT Coordination Center at Carnegie Mellon

University’s Software Engineering Institute show that the number of

vulnerabilities reported this year is running slightly below the 2002

peak, but it is still 50 percent higher than it was in 2001. Meanwhile,

hackers are building faster and more powerful attacks, such as last

January’s MyDoom — a worm which has installed backdoor Trojans on

countless computers. And we can’t foget the virulent Netsky or Bagle

viruses, or even 2003’s SQL Slammer, which took a mere 10 minutes to

infect more than 100,000 database servers.

”As security becomes more sophisticated, coming up with more patches

and closing more holes, attackers have to become more creative,” says

Krawetz.

To meet this new generation of threats, more companies are realizing

that piecemeal actions won’t provide the level of security they need.

For a more complete approach, they are turning to SCM software, which

consists of a combination of elements such as antivirus programs, email

filtering, Intrusion Detection Systems (IDS) and firewalls.

”You always want to keep multiple layers of defense,” says Orest

Resitnyk, director of IT for National Insurance Programs in Woodbridge,

N.J.

Reasons to Adopt

The SCM market includes most of the familiar names in the security

business. The top four software vendors, each with more than $100

million in 2002 SCM revenue, were Symantec Corp. based in Cupertino,

Calif.; Network Associates, Inc. of Santa Clara, Calif.; Trend Micro,

Inc. based in Cupertino, Calif., and Computer Associates, Inc. of

Islandia, N.Y. These firms accounted for two-thirds of the total SCM

market.

Four other companies had greater than $40 million in SCM revenue. They

include SurfControl PLC of England; Websense, Inc. based in San Diego,

Calif.; Sophos PL of Abingdon, UK, and Panda Software International

based in Bilbao, Spain. Panda and Websense had the highest growth rates

— both exceeding 50 percent.

Worms, viruses, spyware and other outside attacks are not the only

reasons to adopt SCM. Convenience, privacy, bandwidth conservation and

policy enforcement also play their role. Downloading music and movies,

for instance, doesn’t just waste company payroll and bandwidth, it also

can lead to legal threats.

”The RIAA, the Motion Picture Association of America, and other groups

recently warned CEOs of Fortune 1,000 companies that their enterprises

could be liable for breaking copyright laws if employees use company

networks to download, store or distribute music or movies illegally,”

says IDC’s Burke

Porn is another aspect of the problem.

Employees can sue a company for a ‘hostile work environment’ if they

receive unsolicited porn e-mails or are subjected to working in an

office where other employees are viewing porn online. In a wonderful

Catch-22 situation, the American Library Association has been fighting

laws requiring the installation of porn filters, but employees at a

Minneapolis library just won $500,000 in a harassment lawsuit because

patrons were viewing and printing out porn on the library’s computers.

Fortunately, private enterprises have a greater legal right to install

filters than public institutions.

But beyond meeting security needs, SCM also helps companies achieve

their business goals. Providing better service to fans is what led David

Curry, director of information services for the Seattle Mariners

baseball organization to set up Computer Associates’ SCM software to

manage the 60,000 emails his organization receives weekly.

”On some email accounts, 95 percent are spam and it takes a long time

to delete them,” Curry explains. ”Some are offensive and employees

complain, but mainly we wanted to guarantee customer service.”

Similar articles

Latest Articles

How IBM has Changed...

Think is IBM’s big annual conference, and again this year, it was digital. I’m noticing a sharp quality difference in shows like this where...

Database-Tuning Platform Launches and...

PITTSBURGH — A team out of Carnegie Mellon University is launching its automatic database-tuning product today with the help of $2.5 million in funding.   OtterTune,...

Top 10 Professional Services...

Professional services automation (PSA) software aims to offer service-based companies most of the software they will need to run their businesses in one package....

What is Data Aggregation?

Data aggregation is the process where raw data is gathered and presented in a summarized format for statistical analysis. The data may be gathered...