Things may be hard financially for many areas of IT... but not so much for security.

In fact, Secure Content Management (SCM) is one of the few areas of IT spending which continues to expand in this sluggish economy. According to IDC, a Framingham, Mass.-based analyst firm, worldwide revenue for SCM software grew 34 percent to $2.7 billion in 2002 and another 25 percent to $3.4 billion in 2003. IDC expects the market will reach $7.5 billion by 2008.

There is an even faster growing market for SCM appliances. See sidebar.

IDC analyst Brian E. Burke says major virus and worm outbreaks, continued growth in spam, and corporate deadlines for compliance with government regulations are some of the factors driving the purchase of SCM solutions. Spyware is yet another important element.

''Spyware is no longer just a consumer nuisance,'' says Burke. ''It is quickly becoming a major concern in the corporate environment. The fact that spyware can gather information about an employee or organization without their knowledge, is causing corporate security departments to take notice.''

Taking Security Seriously

It's taken a while for the corporate world to wrap its collective head around computer security. But, now, companies are treating the subject very seriously.

''Five years ago, if you told people they were doing something insecure, they wouldn't mind,'' says Neal Krawetz, Ph.D., a senior researcher at Secure Science Corp. in San Diego, Calif. ''Today, it is a very different climate. Companies are taking preventative measures that you wouldn't have heard of before.''

According to the 2004 CSI/FBI Computer Crime and Security Survey, 99 percent of respondents have antivirus software, 98 percent have firewalls, 68 percent are using intrusion detection and 42 percent use file encryption.

On the vendor side, Microsoft's Windows XP Service Pack 2 is making the desktop more secure. Even the wild west of the wireless world may be calming down some with the release of IEEE's 802.11i security standard for wireless networks.

While that is all good news, the battle is far from won.

Statistics from the CERT Coordination Center at Carnegie Mellon University's Software Engineering Institute show that the number of vulnerabilities reported this year is running slightly below the 2002 peak, but it is still 50 percent higher than it was in 2001. Meanwhile, hackers are building faster and more powerful attacks, such as last January's MyDoom -- a worm which has installed backdoor Trojans on countless computers. And we can't foget the virulent Netsky or Bagle viruses, or even 2003's SQL Slammer, which took a mere 10 minutes to infect more than 100,000 database servers.

''As security becomes more sophisticated, coming up with more patches and closing more holes, attackers have to become more creative,'' says Krawetz.

To meet this new generation of threats, more companies are realizing that piecemeal actions won't provide the level of security they need. For a more complete approach, they are turning to SCM software, which consists of a combination of elements such as antivirus programs, email filtering, Intrusion Detection Systems (IDS) and firewalls.

''You always want to keep multiple layers of defense,'' says Orest Resitnyk, director of IT for National Insurance Programs in Woodbridge, N.J.

Reasons to Adopt

The SCM market includes most of the familiar names in the security business. The top four software vendors, each with more than $100 million in 2002 SCM revenue, were Symantec Corp. based in Cupertino, Calif.; Network Associates, Inc. of Santa Clara, Calif.; Trend Micro, Inc. based in Cupertino, Calif., and Computer Associates, Inc. of Islandia, N.Y. These firms accounted for two-thirds of the total SCM market.

Four other companies had greater than $40 million in SCM revenue. They include SurfControl PLC of England; Websense, Inc. based in San Diego, Calif.; Sophos PL of Abingdon, UK, and Panda Software International based in Bilbao, Spain. Panda and Websense had the highest growth rates -- both exceeding 50 percent.

Worms, viruses, spyware and other outside attacks are not the only reasons to adopt SCM. Convenience, privacy, bandwidth conservation and policy enforcement also play their role. Downloading music and movies, for instance, doesn't just waste company payroll and bandwidth, it also can lead to legal threats.

''The RIAA, the Motion Picture Association of America, and other groups recently warned CEOs of Fortune 1,000 companies that their enterprises could be liable for breaking copyright laws if employees use company networks to download, store or distribute music or movies illegally,'' says IDC's Burke

Porn is another aspect of the problem.

Employees can sue a company for a 'hostile work environment' if they receive unsolicited porn e-mails or are subjected to working in an office where other employees are viewing porn online. In a wonderful Catch-22 situation, the American Library Association has been fighting laws requiring the installation of porn filters, but employees at a Minneapolis library just won $500,000 in a harassment lawsuit because patrons were viewing and printing out porn on the library's computers. Fortunately, private enterprises have a greater legal right to install filters than public institutions.

But beyond meeting security needs, SCM also helps companies achieve their business goals. Providing better service to fans is what led David Curry, director of information services for the Seattle Mariners baseball organization to set up Computer Associates' SCM software to manage the 60,000 emails his organization receives weekly.

''On some email accounts, 95 percent are spam and it takes a long time to delete them,'' Curry explains. ''Some are offensive and employees complain, but mainly we wanted to guarantee customer service.''