Even though the year 2006 started out on a somber note for the
network security market (Firewall/IP SEC VPN, SSL VPN, IDS/IPS) in India as it
tumbled for two consecutive years (21.4 percent down in Q1 2006 and a marginal
0.2 percent in Q2 2006) after three quarters of high spending (as per the Frost
& Sullivan report), there is still no doubting the fact that security
continues to be the buzzword among Indian enterprises. Riding on the back of
network infrastructure expansion coupled with the growing demand for adherence
to regulatory compliance, growing investments into network security will boost
the market over the next few quarters.
With growing traction towards Unified Threat Management (UTM),
which is emerging as one of the hottest segments within the security market, the
internal dynamics of the network security space is in for some marked
transformation. Bundling most components of the network security space in a
single appliance, whether UTM ends up becoming a part of the network security
space or ends up posing a threat to it, will drive the dynamics within the
network security market.
Market Meter
As per the Frost & Sullivan report, total revenues of the Indian network
security market stood at $90.5 million for calendar year 2005. It is expected to
touch $168.3 million in 2007. The overall Asia Pacific network security market
totaled $920.3 million in 2004 and is forecasted to reach $2.22 billion in 2011.
Firewall/IP SEC VPN comprises the bulk of the Indian network security market,
followed by IDS/IPS and SSL VPN.
_dec.jpg) |
"Compared to
yesteryears, today, enterprises, big or small, recognize security as a key
element of the network and imperative for business success"
-Mohammed Hayath
National Business
Development Manager, India |
As per Frost & Sullivan, the market totaled $19.6 million in
Q1 2006, down from $24.9 million in Q4 2005. This was in line with the downturn
in the annual spending cycle. Another reason for the decline was due to product
revamps done by several vendors, wherein they released more product lines,
resulting in more competition in the market, pressing down prices and profit
margins. On the other hand, Q2 being the first quarter of the fiscal year in
India most enterprises were planning their IT budgets in the quarter. However,
Frost & Sullivan sees positive growth for the segment over the third quarter
of 2006 with some major deals expected in the BFSI, telecom and IT/ITeS
verticals. According to Uday Birje, Country Manager and VP-India and ASEAN,
NetDevices Networks India, network infrastructure deployment in banking,
finance, e-governance and telecom sector is one major driving factor for the
growth of network security. On-line financial transactions in banks,
stock-exchanges, e-commerce segments have changed the security landscape to
increase the deployment of secure infrastructure by enterprise and service
provider organizations. With high spending on network security especially among
Indian banks, BFSI continues to be the lead driving force. Other sectors
including manufacturing, government, transportation, healthcare and IT/ITeS are
also witnessing an increased uptake with their spending on security expected to
increase over the next two years.
With the expanding infrastructure and impending build-up of
capabilities for managed security services, spending from service providers is
also expected to continue in the forthcoming quarters. The growing demand for
managed security services will have a resultant effect on further increasing
business from service providers.
Meanwhile, the SMB brigade is also catching on. While in the
past large enterprises have been driving the network security market,
contributing significantly to overall spending, the market is now seeing growing
traction from the small and medium businesses. The spend contribution from large
enterprises is expected to decrease in the future as the SMB market will
experience tremendous growth. Considering the fact that product penetration has
been limited in the SMB segment, it provides huge growth potential for security
vendors. The investment that enterprises are making in security is being
reflected in the growth of security solutions in India," said Mohammed
Hayath, Manager, National Business Development- India (Network Security),
Cisco Systems.
What's Driving it?
Over the years, security threats for enterprises have grown in prominence.
Initially, in the '80s hackers used to target individual computers, then, in
the '90s, individual networks, and today, they are targeting the global
infrastructure. This threat and a direct impact on business has increased the
importance of security among enterprises and increased the complexity of
security solutions as well.
In India, enterprises are getting well connected. Having private
network and centralized set-up is no longer limited to large enterprises. Also,
more and more organizations are getting connected to the world-partners,
suppliers, consumers.
Also, with the rise in e-commerce, India is witnessing serious
business happening over the net. In the last two-three years, India has seen a
very fast adoption of Internet-based online transactions in all areas, led by
banks of all sizes and now the government departments. This has enabled the
growth in investment in security. Globalization of Indian enterprises has
necessitated various regulatory compliances, which in turn has created a
momentum in network security.
|
"Latest trends are
integrated security, evolving intrusion detection systems and SSL VPNs"
-Niraj Kaushik
Country Manager, Trend Micro-India
and SAARC |
 |
According to Dhiren Savla, CIO, Kuoni Travel (India), all this
comes with its own set of challenges-more internal and external threats.
"Few years back, perception of network security was putting one firewall.
Today, some of the progressive organizations clearly define the role of the CSO,
as any security breach can affect clients, business and brand," he
explained.
In fact, network security is going to be the prime concern of
the CIO and CSO in the coming years. According to Radhakrishna Pillai, Head-Team
IT, SRL Ranbaxy, the Internet population is growing very fast in India. This
coupled with the large amount of business predicted to happen through
e-commerce itself shows that network security is going to be the focus in the
next couple of years. The mobile computing initiatives of enterprise as well as
outsourcing work to India will also contribute to its growth.
As per an industry estimate, around 60 percent of the global
workforce in enterprises is located at the company branch offices. However, with
increased applications and services required at the branch office and the use of
public telecom infrastructure like VPNs, MPLS WiMAX etc, the need for network
security has been significantly enhanced.
Integrating Security
According to Niraj Kaushik, Country Manager, Trend Micro India and SAARC
some of the latest trends in technologies are integrated security, evolving
intrusion detection systems and SSL VPNs. Integrated security is basically the
other name to the concept of addressing security from all aspects of the
organization. Every device in the network from desktops to the LAN plays a part
in securing the networked environment through a globally distributed defense. In
fact, in the Indian scenario, firewall-VPN solutions are highly integrated.
According to Hayath, one of the key highlights in the network
security space is the move to an architecture-based approach that will
concentrate on existing infrastructure devices with embedded security solutions
or 'integrated security'; security and networking devices that have native
network intelligence and collaborate with each other to take appropriate action
or collaborative security; security and networking devices that adapt themselves
to mitigate internal and external threats or adaptive security.
Vishal Dhupar, MD, Symantec India too concurs that integrated
appliances is the emerging trend. These are complete solutions that incorporate
core security functions into a single solution to effectively prevent security
breaches of the network. The integrated security functions can be managed from a
single management console included with the appliance. By using this management
console, administrators can manage local and remote appliances over the Internet
including advanced configurations, rule sets and cluster parameters. This is a
very cost-effective way of network protection from a single security expert.
According to Birje, overall, the security market is going to be
driven by next generation security devices like 'Secure Services Gateways'.
The new class of networking devices that are emerging known as 'Services
Gateways', combine the functionality of networking infrastructure devices like
routing, switching and security applications like VPN, firewall, anti-virus,
IDS/IPS, content filtering etc onto a single platform. Services gateways not
only reduce the capital expenditure for deploying secure networks, they also
significantly reduce operating expenditure for CIOs.
Leading the Charge
Firewall/IP Sec VPN: According to Frost
& Sullivan, the Indian firewall/IPSec VPN market has grown by 26.7 percent
YoY. This strong growth was highly driven by infrastructure and hardware
refreshes in the BFSI and government sectors and continued strong growth in
spending by the SMB segment. Within the fireall/IP Sec VPN market, standalone
appliances are still the major contributor in this market especially due to
high-end deployments in the core networks of large enterprises. Integrated
security appliances is expected to grow among SMBs offering the benefits of
convenience and optimal security.
The Debate Continues
SSL VPN: This is gaining foothold in
the Indian market even as the IP Sec VPN vs SSL VPN debate continues. Even as IP
Sec VPN continues to be the mainstay of the VPN market and SSL VPN forms a
minimal share of the overall market, there is no doubting the fact that
acceptance for the latter is growing among enterprises. Q1 2006 witnessed
several good deals happening in the large enterprise segment. BFSI, IT/ITeS and
educational institutions are some of the leading adopters of SSL VPN solutions.
As most IT/ITeS firms work 24x7, remote access is becoming a key tool in
achieving high employee productivity and ensuring swift response to customers.
Remote access based on SSL VPN is emerging as one of the leading trends within
the SSL VPN space. There is high potential from service providers and other
verticals like manufacturing which have a large number of mobile employees.
According to Dhupar, IP Sec VPN has been the standard for some time. However,
there is an increasing demand for the SSL VPN since it is less complicated to
implement, easy to install and, more importantly, does not require any software
to be deployed at the remote user's desktop.
Also, processes, controls and audit-worthiness are common
requirements across a spectrum of regulations. SSL VPN directly supports these
requirements and therefore is becoming a popular tool in the compliance
implementation.
Successful Implementation
Network security forms one of the key components of an enterprise's
overall information security. To begin with, each enterprise should have its
specific security policy, which is well defined. As Savla pointed out, the
success of implementation of network security depends on efforts taken in
defining this policy, regular review and realignment of the policy,
implementation as per the policy and constant/proactive monitoring.
Kaushik felt, "An issue that most corporates need to
understand is that security doesn't only include hardware, software, and
services. It is also about process, and needs to be treated as such.
Enterprises, while planning their Internet/e-business infrastructure, need to
consider a policy-based, network-based comprehensive security policy. This is
important, especially in light of the fact that perhaps the most serious impact
of a security lapse is the less of business opportunity, both in terms of
customers as well as revenue."
Shipra Arora
shipraa@cybermedia.co.in