Last month Jim McCue analyzed the results of the ILTA’s 2011 Technology Survey from the Server Operations and Data Center point of view in his Serve & Secure blog post. Our PG and blog does cover more ground and today I’ll try to disseminate and understand what the Security side of the survey tells us. And since Jim already covered all the disclaimers, I’ll just refer you to his post for that and get right into it.
I’ll start with the no brainier; with over 51% SaaS solutions such as Postini dominate the email security and spam gateway, as it should in my opinion. In fact, almighty Cisco has started to completely fall off the charts this year as IronPort did not report any entry for security gateway (although it did for spam - this is in part because of Cisco’s focus on large enterprise with this particular product), and other traditionally big players such as TrendMicro continue their steady decline. In addition, Postini’s steady slide seems to be directly related to Mimecast’s market share gain, which aligns with what I see in the eGroups discussions. I think that we will continue to see this trend and perhaps others such as ZScaler or ProofPoint will make their debut in the upcoming years. The ability to natively provide Business Continuity a-la-Mimecast will be critical for other vendors to penetrate our industry.
Continuing on the email path, we then hit the second layer, the mail server. It seems like firms are starting to leverage their Microsoft ELA and making more use of Forefront which seems like a solid solution that can also aid your budget strategy. In addition, Sophos continues to make strides into the market and it should continue to get stronger with their Astaro acquisition, while McAfee stays still and Symantec and Trend slide (I will refer to these vendors as “The Big Three”). I think that the solution that can offer a complete and easy to use management suite would continue to gain supporters. However, I don’t necessarily think that this is the best approach from a pure security stand point because in my opinion, it is better to have different sensors\engines at different levels; that is, if you use say Sophos as your email gateway, and you also have them at mail server and endpoint as well, then aren’t the chances to miss something on the first scan the same for the subsequent ones? Yet if for example you have the same SaaS solutions at the email and web gateways, and then a different one at the endpoint and server layers which can give you a uniform management console, then that might work best. To close this area I see that outgoing email scanning for malware and sensitive data encryption continues to grow as well, this time by 6 points. This is probably driven by regulations hitting our industry such as HIPAA HITECH or state regulations that protect Personal Identifiable Information, PII.
Web and Perimeter Security
This is another area where I believe that we will start seeing some convergence happening. As with email security and spam, firewalls and web content filters are naturally evolving into one, and some vendors will even include the email protection features in their offerings as they start moving from traditional firewalls to Unified Threat Management systems (UTMs). These appliances combine features such as firewalls, content filters, DLP, and more into one solution that is easier to manage while still effective. While Cisco continues to dominate this area with 45% of the share, mostly in larger law firms, the likes of SonicWALL, Check Point, Palo Alto Networks and Sophos\Astaro continue to make their way in with their UTM offerings and have collectively gained about 7%, while the likes of Websense or Microsoft ISA are declining. SaaS solutions such as ZScaler have also made their debut here and I think that will continue to penetrate the industry as will Security Manage Service Providers, such as IBM or DELL SecureWorks services, which could take the burden of managing many of these solutions by your workforce.
Here Microsoft is again gaining a bigger piece of the pie. I suspect that the primary reason is budget related as previously stated, however, they are delivering a solid product with Forefront and firms are noticing that as well. Non-traditional vendors also continue their steady way into legal with Sophos again gaining and Kapersky making its debut while The Big Three continue their decline. I think that what this tells us is that now CIOs and Operation Managers have adopted the way of using resources better and not let vendors drive their strategies and just say yes to them because their products work or are better known. We were forced into this new way of doing business during the recession and there is no way back, and from a business perspective this is just a better way to do it; specially so when you see that it is paying off in the operations area as 29% of firms report that they are spending less or significantly less time fighting viruses, malware, etc. compared to 19% in 2010.
Encryption of any form, although slowly, continues to grow as well in all areas. Laptop, USB or email encryption all grew by at least 8 points. In addition, there is also a significant increase in the number of firms adopting security measures such as IDS\IPS, Multi-Factor Authentication or even Biometrics Identification. I think that we will soon see the next step in evolution, namely Identity Management. It looks like legal is finally starting to catch up and pay attention to the evolution of “the bad guys” and threats.
Finally, I am stunned by the fact that over 35% of responding firms either don’t have a solution for asset management\inventory or rely on a spreadsheet. This is an important area folks; it can help in many ways especially in disaster recovery, compliance and incident response. I think that this is an area where you can look at solutions that you have in place or own but not use to its full capabilities such as Microsoft SCCM and take advantage of it.
To conclude, I think that the survey is telling us that law firms are getting more serious about protecting themselves as well as their clients. This is good, but again, it is driven by compliance? Or does it mean that the legal industry is finally getting serious about information security? Is it driven by higher client demands shown by the increasing number of security related RFPs? I believe it is a combination and that we as an “subject area experts” within our firms and collectively as an association are educating management more than ever so that they can make better business decision when it comes to protecting their assets, and I expect to see growth and evolution in this area in the future. Finally, while the traditional vendors such as The Big Three, Check Point or Websense are holding steady on the larger firms with their enterprise offerings we are starting to see newer players who offer great solutions, and some of them such as Palo Alto Networks, SonicWALL and Sophos have strong products for firms of all sizes.
As Jim mentioned in his last post, I encourage you to take some time and read the Survey for yourself. You can download it here. You can find some good information and trends in it.
Carlos Rodriguez, Server Operations & Security PGVP#USA #Microsoft #FutureandEmergingTechnologies #Australia #Firm #Small(under151) #DesktopandApplicationServices #RiskManagement #ServerOperationsandSecurity #UK #Medium(151-250) #Canada #VeryLarge(over500) #Large(251-500)