With Victoria Fodale, an industry analyst at In-Stat [www.instat.com]. Last month, Fodale released survey results showing, among other things, that the security appliance market is growing and that businesses are increasingly interested in security as a managed service.
Question: What did the research show?
Fodale: There are four [main] things we found. In security appliances, the main driver is replacing out-of-date equipment. We found over 50% plan to purchase appliances in the next year to replace out-of-date equipment. When we did the survey in 2004, just 22% had such plans. Indications are that the market is maturing. The other thing I found interesting is that less than 10% of respondents in companies with less than 100 employees were using the integrated secure appliances, the all-in-one appliances that combine firewall, intrusion prevention and gateway antivirus. The [reason may be that] these appliances can be difficult to manage. Just because they are called a managed appliance doesn't mean the interface is easy. The interface is a fairly sophisticated function to manage. Usually folks in small companies have one IT guy who needs to do everything. They might not have enough staff.
Question: What other findings came out of the research?
Fodale: Small businesses -- five to 99 employees -- are making remote management a requirement on future purchases. Almost 90% indicate that their central office IT department or some type of service provider will be managing their equipment. There are a couple of trends here. One is that management of appliances in large distributed organizations is much more centralized. The second is that the standalone small businesses are looking to potentially have someone manage equipment for them. [Another] overall finding had to do with IPS. In this case we were looking at what they are doing now with intrusion prevention. What we found is that IPS has increasingly become distributed in the network at critical segments instead of being concentrated at the network perimeter. This year only 44% of survey respondents are using IPS at the perimeter. In 2004, it was 74%. This indicates that the perimeter of the network is really softening. The indication is the outside and the inside are not clearly demarked. With remote users, partners, contractors [and others], we don't have as clearly a defined inside and outside of the network [as before]. I think the demarcation is disappearing. Too much stuff is going on that is not at the perimeter that can do bad things to the network. Some examples are portable computers, memory sticks and wireless devices.
Question: Is IT approaching security in a more philosophical way, or is it still simply that they put out fires as they occur?
Fodale: We use a technology adoption panel for the pool of respondents for surveys ... They tend to be more or less pragmatic security users. These are mainstream businesses ... I still see the number one appliance they plan to purchase across the board was a spyware appliance. Even though they say security must be integrated and layered, these folks want to solve a particular problem. They want to buy a point product that is a best-of-breed product to solve [a specific] problem. I think they want to solve the problem quickly, and that seems to be the best way to do it.
This 3 Questions originally appeared in a weekly report from IT Business Edge.