For several years many companies, particularly small businesses, had a blasé attitude towards computer security. The apparent lack of concern was partially caused by ignorance, and partially by cost and a misguided belief that "it will never happen to me".
But with viruses and hackers continually attacking computer users throughout the world, "security" has become the buzzword of the new millennium. Nowadays, according to a 2000 Global Security Study conducted by InformationWeek Research and PricewaterhouseCoopers, 71 per cent of executives, IT managers and security professionals surveyed ranked information security as a high priority for business.
And with good reason. According to an international survey by Omni Consulting Group, companies are losing an average of more than 5.5 per cent of annual gross revenue as a result of network security breaches.
As IDC's new Internet Security in Australia report suggests: "Nothing will convince a company to adopt security technology faster than a major security breach within its organisation."
Attacks in Australia
Last year, according to the Australian Computer Emergency Response Team (AusCERT), the number of security incidents reported by its members - breaches ranging from virus attacks to hacker intrusions - more than quadrupled. University of Queensland director of information technology services and AusCERT, Nick Tate, said that 8197 computer security incidents had been reported. That compared with 1816 in 1999 and 1342 in 1998; and there are already indications that this year will be worse still.
Already in 2001 there have been numerous national and international computer security incidents. The Anna Kournikova virus hit an estimated 100,000 PCs in Australia; the US Federal Bureau of Investigation reports Russian criminals have stolen a million credit card numbers in a systematic 12-month attack on e-commerce Web sites; and Microsoft recently reported that someone representing themself as a Microsoft employee had fraudulently obtained two VeriSign digital certificates. These certificates are used to verify the authenticity and security of programs and e-mails, so they could be used to wreak havoc on any system using any version of Windows from 95 onwards.
As if that is not enough to send companies scurrying for security software, Gartner is forecasting "at least one incident of economic mass victimisation of thousands of Internet users will occur by the end of 2002". The research organisation expects the perpetrator of this global, Internet-based theft to remain undetected.
So it is little wonder that IDC predicts Australian businesses spending on packaged security software to grow at an exceptional compound annual growth rate (CAGR) of 48 per cent -from $206 million in 2000 to $1,443 million in 2005.
New core requirements
Along with a recognition of security breaches' impact, companies' security demands are being driven by factors including the continued uptake in Internet technologies such as intranet, extranet, and eCommerce-enabled Web sites; the increasing use of Virtual Private Networks to extend the corporate network; and more decentralisation of a workforce armed with corporate data at its fingertips.
IDC's program manager for the Australian Enterprise and Internet Software market intelligence program, Natasha David, says that for companies implementing e-business initiatives, security and privacy options are not value-added features - they are core requirements for conducting business. "While the adoption of security mechanisms like anti-viral tools is ubiquitous, enterprises are already looking ahead exploring technologies such as digital certificates to enhance their e-commerce operations," she says.
IDC expects anti-viral products to
disappear into suites. "AV software tools will migrate from a market to becoming a feature in other products and services," David says, "and the increasing availability of Internet-based AV technology will sharply reduce retail sales. ISPs and ASPs will increasingly provide AV protection as a value-added service and this will eliminate the need for corporations and consumers alike to purchase and update these products".
David's prediction is backed by senior vice-president, worldwide sales, marketing and services for Symantec Corporation, Dieter Giesbrecht, who says that instead of buying products, consumers will use ISPs to provide security to their computers. "We are developing products that allow ISPs to manage the security and provide a clean pipe by ensuring that everything sent down the pipe has already been scanned for viruses. There is a change in the market dynamics in general and we have to adapt to these behavioural changes," he says.
According to IDC, the majority of growth in spending on security software over a five-year period will be driven by the adoption of 3As (authorisation, authentication, administration) security software, which is expected to achieve a 2000-2005 CAGR of 54 per cent to reach $1,040 million in 2005.
The major emerging sectors in the 3A software market are intrusion detection and vulnerability assessment, and Public Key infrastructure/certificate authority as well as access and management tools.
"Intrusion detection and vulnerability assessment sub-segments will become extremely popular, due to increasing customer concern with both external and internal threats," predicts IDC. "Access control will re-emerge as a new market to address internal threats and rising concern about the vulnerability of corporate data."
The Australian security solutions market in the past has been divided into two main sectors: anti-virus (which includes Symantec, Network Associates, VET and Leprechaun) and enterprise solutions (including RSA, Internet Security Systems, Baltimore, Tivoli and others). However, the recent takeover of Axent by Symantec has seen the latter organisation becoming a serious force in both sectors.
Giesbrecht says the Axent takeover will provide Symantec with a new enterprise customer base, allowing it to offer a much wider range of security solutions.
"The advantage Axent had with their products, which include intrusion detection, vulnerability assessment, single sign-on products and so on, was that they were extremely successful in very large enterprises and the government arena. Symantec, meanwhile, had been very successful with its virus protection solution and had been particularly successful in the middle market, an area Axent had not been addressing," says Giesbrecht.
"The combined company with Symantec's channel sales and marketing force can bring those new products we inherited from Axent into the middle market. It is a great opportunity for our customers in the middle market to get additional security products.
"We will be going head-to-head with the likes of Internet Security Systems and RSA.
"In the past, our focus was primarily on content security, the biggest part of which was virus protection, e-mail scanning and URL filtering. At the end of last year we also brought out a personal firewall for enterprise customers," says Giesbrecht. "Besides the personal firewall we now have an enterprise perimeter firewall, intrusion detection and vulnerability assessment.
"With the merger we also got a huge professional services organisation and that is an area where we will invest heavily over the next 12 to 18 months. We hear from enterprise customers that they need much more support from their suppliers, whether it is in assessment vulnerability, planning security infrastructure or implementation."
Growth in the channel
Shelley Houghton of Check Point Technologies Software believes the security market presents growing opportunities for the channel. "The trend in the SME market is towards outsourcing the management of companies' security policies because they don't have the skills in-house to develop or manage them themselves. That is creating a demand for managed service providers (MSPs)," says Houghton, who was recently appointed as Check Point's MSP business manager for Australia and New Zealand.
"The channel can benefit because a lot of the companies that are setting themselves up to be MSPs don't have the bandwidth to go and sell the products," she says. "So I see the channel forming partnerships with MSPs where the channel would sell an appliance product that has security software preinstalled.
"There are also partnership opportunities with broadband providers, and some resellers will take advantage of the growing trend toward broadband technologies such as DSL, providing the DSL connection and the security to go with it. Broadband has increased the need for security. Any bandwidth that is always on requires a security policy, so it makes perfect sense to have a firewall appliance at that gateway," she says.
Internet Security Systems (ISS) a world leader in the Intrusion Detection and Vulnerability Assessment market, has established a security training and certification course for resellers. The course, which is operated through Com Tech, provides resellers with training in a wide range of security issues and ISS products.
ISS general manager, Kim Duffy, says all indications point to a big increase in security spending. "In the past, organisations have been able to conceal cases of fraud and embezzlement, but that is not possible now with the Internet and the nature of hackers - once they break something, they tell everyone about it."
Duffy says ISS is offering "managed security services", providing all the security expertise for organisations. "The MSS is sold through the channel, with the channel getting the deep technical information from us, and then providing that to the customer.
"An SME needs firewall protection as the fundamental, but that is only the first step. They need server protection, intrusion detection, anti-virus and database scanning capability," he says.
As companies become more aware of security issues, new opportunities will open for the channel. And unlike other areas of IT where predictions of future growth have been made with foundation, data and network security is a very real problem. It will not go away.
Nokia unveils two families of security productsNokia recently unveiled two groups of network security products - one aimed at boosting performance while maintaining security, and one intended to tighten security at the network perimeter.
Nokia's Internet Communications group offers a new family of SSL (Secure Sockets Layer) appliances that promises to speed up secure traffic delivery. The products, rack-mountable hardware units known as the CA200 and CA600, are designed to handle SSL encryption duties, thereby relieving overworked Web servers.
"Decrypting SSL is very CPU-intensive," says Dan MacDonald, vice president and general manager of Nokia's security application division. "Software and dedicated cards don't scale well for SSL. They involve faults and interrupts, and you have to configure every server you have. It's troublesome and error-prone."
In contrast, Nokia's units terminate SSL traffic before it ever reaches the servers. The units then provide servers with native HTTP traffic.
Nokia is also claiming significant performance increases over alternative SSL decryption methods. According to McDonald, a dedicated card can handle 150 to 200 simultaneous sessions per node, but the CA200 and CA600 can handle as many as 16,000 concurrent sessions per node.
Moreover, the CA200 and CA600 offer subsecond failover, allowing security associations to be picked up by other nodes if a given cluster member fails. According to company officials, the failover features allow another appliance in the stack to take over if another appliance fails, while maintaining all active sessions.
The company also announced a set of devices that will integrate with firewall software from Check Point Software Technologies. The IP51, IP55, and IP530 platforms are hardware solutions that use Check Point's FireWall-1 SmallOffice solution - a centralised, policy-based VPN/firewall package - to provide secure network access.
The IP51 and IP55 are targeted at small businesses and enterprises that maintain satellite offices. Noting recent "back door" network attacks, Nokia officials said that the platforms are ideal for sealing off unauthorised access at the edge of the network.
The IP51 is an Ethernet-to-Ethernet platform, while the IP55 can connect to the Internet via a built-in ADSL (asymmetric DSL) modem. In all other respects, the two platforms are identical. Both products ship with four 10/100 Ethernet ports, a DHCP (Dynamic Host Configuration Protocol) server, and a Web-based management tool.
The IP530 is an enterprise-grade platform that provides firewall traffic at 500Mbps.
Nokia's security products are distributed by:
Westcon - 02 9432 1199, www.westcon.com.au.
Express Data - 02 8336 5100, www.expressdata.com.au.