- Related Stories
-
A new day for business security
March 19, 2007 -
Politicians press for antispyware law yet again
March 15, 2007 -
Seagate ships hard drives with encryption
March 11, 2007 -
PC hardware can pose rootkit threat
February 28, 2007 -
Microsoft's own antivirus fails to secure Vista
February 6, 2007 -
Phishing overtakes viruses and Trojans
January 30, 2007 -
10 things to know about info security in '07
January 5, 2007
Security isn't something that's isolated to the network, desktops or applications; rather, it spans every layer of the technology stack. That said, an extremely large percentage of security dollars is spent on PC security tools such as firewall, antivirus and antispyware software. The global market for these tools exceeds $5 billion.
PC security used to be a cozy, high-margin oligopoly dominated by three vendors: Symantec (Norton), McAfee and Trend Micro, which together owned 80 percent of the market. While these vendors sat at the top of the pyramid, others such as CA, Kaspersky Lab, Panda and Sophos did quite well in specific geographic areas or with certain types of customers.
That was then; this is now. Enterprise Strategy Group believes that the PC security market will go through a profound transition over the next few years for several reasons:
• Microsoft is crashing the party. Microsoft has become a PC security player with OneCare for consumers and Forefront for the commercial market. Just ask Netscape, Novell, Sybase and WordPerfect whether Microsoft can change market dynamics.
• Users have unique requirements. Firewalls, antivirus protection and antispyware tools are now table stakes. Consumers want features for child safety and identity protection; small businesses want built-in disk encryption; and large organizations want network access control functionality. Vanilla products are passe.
• The threat landscape is more ominous than ever. Melissa viruses and Blaster worms are still out there, but today's threats are dominated by things like blended threats, rootkits and crimeware. Users need stronger locks.
Now, I know what you're thinking: another dopey prediction from an industry analyst. Industry analysts' predictions on things like "push" technology, the "telecosm" and Internet business models were about as accurate as "Dewey defeats Truman." To avoid typical analyst hyperbole, Enterprise Strategy Group recently surveyed 206 North American-based security professionals working in organizations with 1,000 employees or more. Their plans and opinions support our "desktop security at the crossroads" hypothesis.
The first thing we uncovered is that most security professionals believe that their current desktop security software suites are no more than commodity products. In fact, only 22 percent of security professionals disagreed with this statement. It didn't matter whether respondents came from the smallest or largest organizations surveyed; they all looked at security software as the classic "widget" of business school textbooks.
When it comes to new security software features, you start to see a growing need for market segmentation. The biggest organizations want to see more antiphishing protection and integration with two-factor authentication, while smaller companies want full disk encryption built into their security software products. Different skills, different threats, different requirements, so why not different products?
Here's a real metric of a market in transition--40 percent of organizations are either "extremely likely" or "likely" to switch desktop security vendors when their annual subscriptions run out. Again, this was true regardless of organizational size. With the exception of PCs, I can't think of another IT category where users are willing to swap products without hesitation.
A combination of new vendors, new requirements, and a lot of product switching will open the market as never before. Obviously, Microsoft will capitalize on this trend, but so can others. That said, the rules of the game have also changed. Market segments are looking for specific products that address their needs and not vanilla protection suites. Large vendors like CA, McAfee, Microsoft, Symantec and Trend will need to tailor product design, marketing and distribution to assorted markets with unique needs. Smaller vendors will most likely focus on a single market segment and try to out-execute the big guys.
One other point worth noting; this desktop security market transition does not mean that today's leaders fade into the sunset. Quite the contrary: CA, McAfee and Symantec were the first to recognize this market segmentation trend and are already responding with new products and strategies. For example, Norton 360 and Confidential have a number of consumer-focused features, CA offers small-business bundles, and McAfee is adding data leakage protection to its corporate desktops. This is the start of a segmentation strategy that will only accelerate over time.
Costs will certainly go up as vendors invest more in market research, segmentation and product design, but margins won't necessarily go down. Users will pay more for differentiated products, but the days of generic desktop security for the masses are dead and gone.
Biography
Jon Oltsik is a senior analyst at the Enterprise Strategy Group.
See more CNET content tagged:
industry analyst, vendor, organization, security, threat
While oldersters still marvel with a critical eye at the IT market and how far we have come, a fresh set of views lay the fault clearly where it belongs. MS has always made claims about 'crash free', 'stability', robustness and resilency and of course "security", that fall flat far from the finish. Even knowing that they are the primary target has not helped them get it right and it will be quite sometime before you see me joining the vista gaggle.
The only way they might gleen any semblence of market share is if they take any sort of responsibility and provide "REMEDY" (put your money where your mouth is dept) for their products. And if the dismissing themselves from the ensurances that the driver market is ready for vista is any indication, they would rather leave it up to the smoke and mirrors excuses and subterfuge ms branch to dispense blame once those eventualities (breaches)[isnt life a breach?] occur, should any prospective customers be deluded by the eternal claims.
When you speak of mass changes in the survey for switching security vendors, you must admit that percentage wise you are not speaking of a very great number by comparison switching from symantec (ugg!) and mcafee, but the whole host of shareware/freeware and flash in the pans that populate the market. Either that or the advertised posturing of businesses wishfully trying to compound their concerns or displeasures with their current providers in hopes of being assured.
I see mcafee as a major force and any provider that can ensure some sort of 'preconditioning' to traffic (offloading any resource consumption and lag) as the bigger winners. Symantec's whine ware, clunkier i/f, lack of deals and consumer support as too inadequate to make much more of a serious run than that.
Encryption predictions are a give away and multi token systems, obvious.
User education enhacements a must and more intelligent front ends are just around the corner, such as analyzing what the users is doing, provider a higher level of intelligence and interceding appropriately without constant false 'concerns' requiring user intervention or responses.
MS has a huge marketing advantage. Between this and name recognition... many common-folk (non- techie, non-security aware) people might jump on the known horse rather than the unknown. This will result in the real security companies shifting gears in advertising and security awareness. In addition to coming down on prices.
It amazes me the number of people that still do not have antivirus or any sort of security software. And act like it is no big deal... even though they are storing all sorts of private data. If someone was to tell em that the Big Giant (aka MS) software company will give them 2 years of security for a 2cents a day... they would jump. (regarless of how *good* it is)
On MSFT's WLOC, I agree with the author - this useless piece of garbage security suite will continue to pick up sales momentum just because it's got MSFT's brand on it and it's cheap. Let's hope that MSFT improves WLOC to make it at bare minimum security standards compliant and competitive with the middle quality suites offered by its American competitors.
- A SEA OF CHANGE
- by joelkruissink March 26, 2007 5:35 PM PDT
- THE TERM 'SECURITY' IS STILL UNREASONABLY AMBIGUOUS EVEN WHEN IT IS PART OF A CONSUMER PRODUCT ARTICLE.
- Reply to this comment
-
(7 Comments)THE MORE PRECISE INDUSTRY TERM 'TRUST' PROVIDES THE AUTHOR A TERM THAT HAS MORE PRECISE GRAMMAR AND IS STRUCTURED WITH A SET OF INDUSTRY ACCEPTED TERMINOLOGY AND DEFINITIONS.
IT IS ABOUT TIME THAT CONSUMERS SHARPEN THEIR PERCEPTIONS REGARDING THEIR MANAGEMENT OF THE UTILITY OF THEIR COMPUTING TOOL.
THE TERM 'TRUST' EXPLICITLY DEFINES THE ROLES OF THE COMPONENTS, PLAYERS AND COMPONENTS THAT CONSUMERS REFER TO IN THEIR QUEST FOR 'SECURITY'.
A PERCEIVED SECURE HARDWARE/OPERATING SYSTEM WITH 'SECURE' OPERATING ENHANCEMENTS-NORTON, ETC. DOES NOT NECESSARILY PROVIDE THE DESIRED AND DEFINED LEVEL OF TRUST.
CAVEAT EMPTOR-- KNOW WHAT YOU HAVE AND KNOW IF THAT MEETS YOUR EXPECTATIONS
JK