Buying into SCM -- The Price of Protection

Download our in-depth report: The Ultimate Guide to IT Security Vendors

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Things may be hard financially for many areas of IT... but not so muchfor security.

In fact, Secure Content Management (SCM) is one of the few areas of ITspending which continues to expand in this sluggish economy. Accordingto IDC, a Framingham, Mass.-based analyst firm, worldwide revenue forSCM software grew 34 percent to $2.7 billion in 2002 and another 25percent to $3.4 billion in 2003. IDC expects the market will reach $7.5billion by 2008.

There is an even faster growing market for SCMappliances. See sidebar.

IDC analyst Brian E. Burke says major virus and worm outbreaks,continued growth in spam, and corporate deadlines for compliance withgovernment regulations are some of the factors driving the purchase ofSCM solutions. Spyware is yet another important element.

''Spyware is no longer just a consumer nuisance,'' says Burke. ''It isquickly becoming a major concern in the corporate environment. The factthat spyware can gather information about an employee or organizationwithout their knowledge, is causing corporate security departments totake notice.''

Taking Security Seriously

It's taken a while for the corporate world to wrap its collective headaround computer security. But, now, companies are treating the subjectvery seriously.

''Five years ago, if you told people they were doing something insecure,they wouldn't mind,'' says Neal Krawetz, Ph.D., a senior researcher atSecure Science Corp. in San Diego, Calif. ''Today, it is a verydifferent climate. Companies are taking preventative measures that youwouldn't have heard of before.''

According to the 2004 CSI/FBI Computer Crime and Security Survey, 99percent of respondents have antivirus software, 98 percent havefirewalls, 68 percent are using intrusion detection and 42 percent usefile encryption.

On the vendor side, Microsoft's Windows XP Service Pack 2 is making thedesktop more secure. Even the wild west of the wireless world may becalming down some with the release of IEEE's 802.11i security standardfor wireless networks.

While that is all good news, the battle is far from won.

Statistics from the CERT Coordination Center at Carnegie MellonUniversity's Software Engineering Institute show that the number ofvulnerabilities reported this year is running slightly below the 2002peak, but it is still 50 percent higher than it was in 2001. Meanwhile,hackers are building faster and more powerful attacks, such as lastJanuary's MyDoom -- a worm which has installed backdoor Trojans oncountless computers. And we can't foget the virulent Netsky or Bagleviruses, or even 2003's SQL Slammer, which took a mere 10 minutes toinfect more than 100,000 database servers.

''As security becomes more sophisticated, coming up with more patchesand closing more holes, attackers have to become more creative,'' saysKrawetz.

To meet this new generation of threats, more companies are realizingthat piecemeal actions won't provide the level of security they need.For a more complete approach, they are turning to SCM software, whichconsists of a combination of elements such as antivirus programs, emailfiltering, Intrusion Detection Systems (IDS) and firewalls.

''You always want to keep multiple layers of defense,'' says OrestResitnyk, director of IT for National Insurance Programs in Woodbridge,N.J.

Reasons to Adopt

The SCM market includes most of the familiar names in the securitybusiness. The top four software vendors, each with more than $100million in 2002 SCM revenue, were Symantec Corp. based in Cupertino,Calif.; Network Associates, Inc. of Santa Clara, Calif.; Trend Micro,Inc. based in Cupertino, Calif., and Computer Associates, Inc. ofIslandia, N.Y. These firms accounted for two-thirds of the total SCMmarket.

Four other companies had greater than $40 million in SCM revenue. Theyinclude SurfControl PLC of England; Websense, Inc. based in San Diego,Calif.; Sophos PL of Abingdon, UK, and Panda Software Internationalbased in Bilbao, Spain. Panda and Websense had the highest growth rates-- both exceeding 50 percent.

Worms, viruses, spyware and other outside attacks are not the onlyreasons to adopt SCM. Convenience, privacy, bandwidth conservation andpolicy enforcement also play their role. Downloading music and movies,for instance, doesn't just waste company payroll and bandwidth, it alsocan lead to legal threats.

''The RIAA, the Motion Picture Association of America, and other groupsrecently warned CEOs of Fortune 1,000 companies that their enterprisescould be liable for breaking copyright laws if employees use companynetworks to download, store or distribute music or movies illegally,''says IDC's Burke

Porn is another aspect of the problem.

Employees can sue a company for a 'hostile work environment' if theyreceive unsolicited porn e-mails or are subjected to working in anoffice where other employees are viewing porn online. In a wonderfulCatch-22 situation, the American Library Association has been fightinglaws requiring the installation of porn filters, but employees at aMinneapolis library just won $500,000 in a harassment lawsuit becausepatrons were viewing and printing out porn on the library's computers.Fortunately, private enterprises have a greater legal right to installfilters than public institutions.

But beyond meeting security needs, SCM also helps companies achievetheir business goals. Providing better service to fans is what led DavidCurry, director of information services for the Seattle Marinersbaseball organization to set up Computer Associates' SCM software tomanage the 60,000 emails his organization receives weekly.

''On some email accounts, 95 percent are spam and it takes a long timeto delete them,'' Curry explains. ''Some are offensive and employeescomplain, but mainly we wanted to guarantee customer service.''

Submit a Comment

Loading Comments...