CNET también está disponible en español.

Ir a español

Don't show this again

Security

A sea change for desktop security

Analyst John Oltsik says new vendors, new needs and a lot of product switching will open the PC security market as never before.

One of the most difficult aspects of dealing with information security is the overwhelming scope of it all.

Security isn't something that's isolated to the network, desktops or applications; rather, it spans every layer of the technology stack. That said, an extremely large percentage of security dollars is spent on PC security tools such as firewall, antivirus and antispyware software. The global market for these tools exceeds $5 billion.

PC security used to be a cozy, high-margin oligopoly dominated by three vendors: Symantec (Norton), McAfee and Trend Micro, which together owned 80 percent of the market. While these vendors sat at the top of the pyramid, others such as CA, Kaspersky Lab, Panda and Sophos did quite well in specific geographic areas or with certain types of customers.

That was then; this is now. Enterprise Strategy Group believes that the PC security market will go through a profound transition over the next few years for several reasons:

• Microsoft is crashing the party. Microsoft has become a PC security player with OneCare for consumers and Forefront for the commercial market. Just ask Netscape, Novell, Sybase and WordPerfect whether Microsoft can change market dynamics.

Forty percent of organizations are either "extremely likely" or "likely" to switch desktop security vendors when their annual subscriptions run out.

• Users have unique requirements. Firewalls, antivirus protection and antispyware tools are now table stakes. Consumers want features for child safety and identity protection; small businesses want built-in disk encryption; and large organizations want network access control functionality. Vanilla products are passe.

• The threat landscape is more ominous than ever. Melissa viruses and Blaster worms are still out there, but today's threats are dominated by things like blended threats, rootkits and crimeware. Users need stronger locks.

Now, I know what you're thinking: another dopey prediction from an industry analyst. Industry analysts' predictions on things like "push" technology, the "telecosm" and Internet business models were about as accurate as "Dewey defeats Truman." To avoid typical analyst hyperbole, Enterprise Strategy Group recently surveyed 206 North American-based security professionals working in organizations with 1,000 employees or more. Their plans and opinions support our "desktop security at the crossroads" hypothesis.

The first thing we uncovered is that most security professionals believe that their current desktop security software suites are no more than commodity products. In fact, only 22 percent of security professionals disagreed with this statement. It didn't matter whether respondents came from the smallest or largest organizations surveyed; they all looked at security software as the classic "widget" of business school textbooks.

When it comes to new security software features, you start to see a growing need for market segmentation. The biggest organizations want to see more antiphishing protection and integration with two-factor authentication, while smaller companies want full disk encryption built into their security software products. Different skills, different threats, different requirements, so why not different products?

Here's a real metric of a market in transition--40 percent of organizations are either "extremely likely" or "likely" to switch desktop security vendors when their annual subscriptions run out. Again, this was true regardless of organizational size. With the exception of PCs, I can't think of another IT category where users are willing to swap products without hesitation.

A combination of new vendors, new requirements, and a lot of product switching will open the market as never before. Obviously, Microsoft will capitalize on this trend, but so can others. That said, the rules of the game have also changed. Market segments are looking for specific products that address their needs and not vanilla protection suites. Large vendors like CA, McAfee, Microsoft, Symantec and Trend will need to tailor product design, marketing and distribution to assorted markets with unique needs. Smaller vendors will most likely focus on a single market segment and try to out-execute the big guys.

One other point worth noting; this desktop security market transition does not mean that today's leaders fade into the sunset. Quite the contrary: CA, McAfee and Symantec were the first to recognize this market segmentation trend and are already responding with new products and strategies. For example, Norton 360 and Confidential have a number of consumer-focused features, CA offers small-business bundles, and McAfee is adding data leakage protection to its corporate desktops. This is the start of a segmentation strategy that will only accelerate over time.

Costs will certainly go up as vendors invest more in market research, segmentation and product design, but margins won't necessarily go down. Users will pay more for differentiated products, but the days of generic desktop security for the masses are dead and gone.