In-Depth

Security's Future: Letting the Good Guys In

It may not be long before businesses differentiate themselves on the basis of security

• By Stephen Swoyer
• 05/13/2008

If there's a silver lining to high-profile security breaches, data losses, or "misplacements" of data, it's that they've help educate organizations about the importance of securing -- or spending money to secure -- their infrastructures. One upshot, analysts say, is that organizations must become adept at separating security software wheat from security software chaff in an increasingly competitive marketplace.

Not all security solutions are equal, researchers say, and we may soon find businesses differentiating themselves from their competitors on the basis of security, an approach that involves hardening their IT assets against theft or breach and ensuring interoperability with customers and partners.

First, the good news: security software revenues are growing by leaps and bounds, according to market watcher Gartner Inc.: worldwide security software revenues should hit $10.5 billion this year, the firm says. That translates into an 11.2 percent rise over 2007.

Gartner predicts that security software sales will grow by nearly one-third over the next four years, surpassing $13.1 billion by 2012.

The not-so-good news is that all of that growth translates into an abundance of "noise" in the security software space.

"Organizations are increasingly accepting the need to have a more 'open' connectivity with business third parties," said Ruggero Contu, principal research analyst at Gartner, in a statement. "Consequently, assessing third-party security and defining how to securely communicate are becoming critical factors for businesses."

SMBs, especially, are becoming more interested in security technology and services, according to Gartner: many are in the process of moving away from stand-alone solutions in favor of more integrated offerings.

Currently, compliance, governance, and other largely defensive considerations factor most heavily into security spending decisions. Over time, Gartner expects security spending to shift from "How do I keep the bad guys out?" to "How can I let the good guys in?"

The shift in mentality is how Gartner expects businesses to differentiate themselves from their competitors -- in many cases by judicious adoption of security solutions that protect against attack from without while simultaneously facilitating access by trusted sources.

"Security spending is driven by a variety of pressing concerns, the most immediate of which is the need to 'keep the bad guys out' through defensive measures such as next-generation firewalls," Contu said. "However, the 'let the good guys in' discipline, such as identity and access management, is where business benefits and return on investment can be more clearly shown."

Another trend that could reshape the security status quo and provide a means of differentiation -- either in terms of improved security or better business agility -- is security-as-a-service, according to Gartner.

"Organizations are looking to optimize their IT infrastructure and trying to minimize the complexity of their product portfolios," Contu concludes. "In the long run, we expect to see more-converged security products, with increased pricing pressure on vendors."