In a worsening market for vendors of Internet security products, a third area of e-security is emerging as a must-have for corporations opening up access to applications through intranet and extranet portals: the control of Web-access procedures for employees and partners.
Much of the commercial interest in e-security in the current IT spending climate has been restricted to firewalls and antivirus software. But as corporations look to address the added managerial problems of allowing new users secured access to their commercial applications, this could all be about to change.
Firewalls are becoming much easier to install and use, and are spreading beyond the border of the corporate LAN and on to LAN switches and routers, data center products, WAN routers and other access devices. Firewalls are also evolving into comparatively cheap products that solve an easily identifiable problem, unlike many other Internet security products.
Antivirus products, meanwhile, are enjoying most of the hype in the e-security market, as a result of the Code Red and SirCam viruses, which occupy column inches that are vastly out of proportion to their actual impact. Reports that the Code Red virus, for instance, has already cost organizations $1.2 billion and seem supported by a combination of hyperbole and fuzzy math. Such figures are rarely backed up with solid examples, despite being widely reported. Most often, it is simply a case of IT managers applying the correct security patches as quickly as possible to solve the problem.
But while Web-access control security products enjoy far less mainstream publicity than firewalls or antivirus products, both security vendors and corporate buyers are focusing on access control as never before. Why? Because managing the security of large corporate networks is becoming a more costly and complex task, particularly as corporations open up their systems to users that don't own the files being accessed. Web-access control products allow corporations to extend enterprise-wide security policies beyond the firewall.
That Web-access control is likely to be the next big area in the security market is reflected by the increase in the number of mergers and acquisitions that have taken place in the sector during the last few months. For example, this week, RSA Security paid $136.5 million in cash for access-control specialist, Securantk. And this acquisition follows on from Entrust's buy of enCommerce, Baltimore's of Nevex and Symantec's of Axent, which have all taken place during the last few months.
Security vendors are moving to cover access control as quickly as possible by acquiring authorization products, rather than building their own, because interest is heating up so quickly. Other vendors that address the area include IBM subsidiary Tivoli, Netegrity and Ubizen.
Market analyst IDC predicts that the market for these authorization products will grow at a compound annual rate of nearly 70% over the next four years. Researcher Datamonitor believes the need for secure Web transactions, coupled with the growth of wireless communications, will drive spending in the overall market for authentication, authorization and administration technologies to $4.6 billion by 2006.
Frost & Sullivan analyst Jose Lopez thinks that Tivoli, whose parent company is IBM, is emerging as the market leader in the access-control space - particularly in Europe - because it can use IBM's distribution channels. Given that IBM is also carving out a leadership position in the intranet and extranet portal space following its acquisition of TopTier, it certainly seems to be the vendor everyone needs to catch.
the451 (www.the451.com) is an analyst firm that provides timely, detailed and independent analysis of news in technology, communications and media. To evaluate the service click here.