Economic pressures and budget crunches are hard enough to deal with. Add to that scenario new spam and malware threats of epic proportions and the IT security world is facing the perfect storm.

Security administrators at medium-size companies, in particular, are looking for technology and services that can help accelerate technology benefits, secure business processes, lower security costs, and supplement lost security staff and skills. Recent ESG research reveals that while IT security budgets overall will be tight in 2009, information security and risk management initiatives remain high priorities.

Of 500 IT decision makers at medium-size organizations, an ESG survey (called Midmarket IT Priorities and Skills Gaps Provide a Bright Spot for Security Vendors) found that more than half (58 percent) of survey participants expect their 2009 IT budgets to grow at an annual rate of 4 percent or less compared to their 2008 budget—a rate that is equivalent to or slower than the rate of inflation in the U.S. in the first half of 2008. This means that most IT budgets are staying flat or even shrinking in terms of real dollars.

Nevertheless, IT budgets are not disappearing entirely, and during these challenging times businesses still correlate IT spending with overall organizational success. Therefore IT decision makers are on the hunt for low-cost and effective security solutions that provide solid threat protection and promote ease-of-use tools.

A New Approach to Email and Web Security: Unified Messaging Platform

Secure messaging is a great area where technology providers can address a pressing problem for medium-size organizations.

Malware and spam threats are bearing down hard on businesses, prompting users to find more effective and feasible solutions. Over the last 12 to 18 months, security providers have determined that the majority of threats to the enterprise are now triggered by Web content, not email content, making the need for a unified messaging platform vital in the battle against cyber-threats. This would replace users’ current solutions, which typically include separate appliances for email security, Web security and DLP (data loss prevention).

Many threat protection vendors are seeing massive increases in daily malware discoveries compared to a few years ago. For example, Panda Security reported it discovers 10,000 to 15,000 new malware per day, compared to 800 to 1,000 per month three years ago. Sophos said that in recent months, 1 in 416 emails sent contains a dangerous malware attachment aimed at infecting the recipient’s computer, representing an eight-fold increase in malware compared to the previous quarter, where the figure was 1 in every 3,333 emails.

Through integrated multi-protocol messaging security, users can simplify management between email and Web communications, through a single management console which also supports centralized policy controls. Mid-sized companies are looking to consolidation threat management, especially in the area of messaging where emerging threats have turn into blended threats, e.g., where malware and other threats are being sent across email and Web applications using a number of methods.

Not many vendors have addressed a unified messaging platform, but we expect that to change. BorderWare, a leading secure messaging provider, has moved into this emerging market through the release of the BorderWare Security Platform. The all-in-one solution was recently enhanced to include email security, Web security, and now DLP technology.

Midsize businesses should reevaluate their traditional threat protection solutions, comparing the cost and management requirements of a unified messaging platform to traditional email security and Web security appliances that are purchased and managed separately. When Internet-based threats are cross-pollinating between the two protocols (email and Web), a unified platform leveraging broader threat intelligence makes a lot of sense.

Charlotte Dunlap is a senior analyst with the Enterprise Strategy Group.