Data security market holds untapped potential

DQW Bureau
23 Mar 2010


According to a

survey report compiled by the Data Security Council of India (DSCI) along with

KPMG and released in December last year, 87 percent of the more than 150

respondents rated Information Security as either 'top priority' or 'critical' to

their business. When it comes to doing something about it, more than 80 percent

of them are earmarking budgets to address the need to secure their information

bank. 64 percent of the respondents also felt that the non-seriousness of their

employees when it comes to data security is a major challenge they have to deal

with. 32 percent of those surveyed experienced some sort of compromise in their

user accounts while 29 percent reported some kind of data loss or theft from the

organization. More than 70 percent of respondents specified compliance as the

major driver toward adopting data security solutions while an encouraging 63

percent stated it would act as an enabler in their business. Around 60 percent

cited that their customers were concerned about data privacy. Sending e-mails

without encryption, printing of information and use of USBs and external storage

media were rated among the biggest concerns when it came to data leakage.

Leakage by employees was also a factor for around 44 percent of respondents. DLP

or data loss prevention was a method of securing data as used by 40 percent of

those surveyed. While anti-virus was the most preferred solution used (94

percent), a technology like Public Key Infrastructure (PKI) was opted for only

by 29 percent.

We feel that most of the data leakage happens at the

endpoint level either via USB drives, e-mail, or Wi-Fi and that customers

want protection from their current concerns and are not looking too far


Amit Nath

Country Manager, Trend Micro

Market Demographics

While it becomes difficult to quantify the size of the data security market

in India there are some estimates based on what industry players are saying.


Ram Krishna G-Technical Head, Sanvei Overseas said, "The

market size is estimated at $500 million and is growing at 20-30 percent. The

growth of critical data, plus the fear or threat perception is driving the

market. Data security concern is still limited to enterprise customers." Sonit

Jain, CEO, GajShield Infotech agreed on the fact that, SMBs view security more

as a cost center rather than as an investment. Verticals like BFSI and

government will also spur growth according to Rana Gupta, Business Head-India

and SAARC, SafeNet India. "A lot of e-governance projects like UID for instance

requires digitization of paper documents and therefore security becomes an

integral part of the infrastructure. The enterprise segment is already looking

at data security seriously and are as always the early movers," predicted Gupta.

Vishal Dhupar, MD, Symantec India said, "Though there is

growing awareness among the SMB segment in the country towards the threats to

their data, deployment of relevant solutions to counter this threat has not

matched up. This is because though security in IT infrastructure is high

priority for SMBs but due to limited budgets the spending is also limited."

Market Trends

A lot of companies out there are increasingly concerned about the threat of

data leakage from an internal source. A recent Symantec survey conducted by IDC

revealed that 79 percent of Indian enterprises find data loss to be their top

information security concern, even more than viruses or spam. "We have seen that

companies are now more concerned about the internal threat of data leakage more

than the external threat," said Jain of GajShield. McAfee's Karthik Shahani,

Regional Director, McAfee (India and SAARC) noted, "Around 70 percent of the

breaches in data security have had some internal element to it. Clearly, certain

segments find it more relevant to adopt data security solutions. For instance,

in Pharma, the leak of Intellectual Property like patents can mean a loss

running in millions of dollars. When it comes to things like IPOs if the

information regarding the financial health is known before the IPO is announced

it can create problems."


Amit Nath, Country Manager, Trend Micro (India and SAARC)

confirmed the same from documented research, "According to a recent report by

Trend Micro, 67 percent of respondents felt that the major threat to data

security comes from the inside. The verticals where we are seeing early traction

includes IT/ITeS where information on legal policies and financial data are

sensitive in nature and also manufacturing where it becomes relevant for the

design department." Dhupar highlighted some statistics from the study conducted.


The lack of awareness and referable clients is a challenge vendors have to

contend with in this market. Also the lack of any kind of mandates in terms of

regulatory compliance is a major barrier for the next phase of growth to take

off. Gupta said, "We have had scandals like Enron in the USA and they have

implemented compliance requirements like Sarbanes-Oxley and Health Insurance

Portability and Accountability Act (HIPAA). Take the example of health

insurance, do customers want the information on their medical documents to be

publicly available on the Internet. There has to be some sort of regulatory

framework governing this. At the moment the attitude is such that data security

is just an escape route for customers, which they can bank upon if required and

is not on their business priority." Agreed Ram Krishna of Sanvei, "As of now

there is a lot of mindshare that needs to be developed because there is a lack

of awareness of product availability and low threat perception on consequences

of data loss. The other challenges are budgetary limitations for new technology

deployments." Nath of Trend Micro analyzed, "Challenge is that this space still

needs more acceptance from both channels as well as customers. The issue of

awareness arises because no one comes to know about incidents relating to data

loss because companies prefer to sweep it under the carpet." Dhupar also shared,

"From our research, we found that nearly 50 percent of respondents do not see

the significance and need for DLP solutions and another third of respondents are

unaware of what DLP is. In order to overcome these challenges, data security

needs to be identified as an issue at the CXO level. As information grows in

volume and importance, and threats to this data continue to evolve, we are

likely to see increased CXO-level involvement in ensuring data security."

Shahani highlighted the challenges from a DLP perspective.

"The DLP market is around 15-20 million USD but is still at the nascent stage

and can take off once teething issues are dealt with. The problem is not with

execution of the solution, but how do you know what data to tag and what not to

tag, as what is critical for some may not be for others.


Vendor Plans

Many vendors are increasing traction in the DLP space in order to tap growth

therein. Sonit Jain shared the plans for GajShield, "We are launching the only

UTM device with DLP capability in March. The solution is a hybrid of both cloud

and on-premise and offers much better performance than erstwhile solutions out

there. We are offering this as a product as well as service for customers who

can't make the initial capex in DLP." Sanvei also offers DLP products as a part

of its overall portfolio. "We have tied up with three partners-a security

technology supplier, a consulting and services company and a data integration

platform provider. Right now we have orders worth 200K USD but there is

reasonable traction and we are doing site survey and studies," said Ram Krishna

of Sanvei. Nath of Trend Micro pointed it from his perspective.

Channel plans

Dhupar said that training Symantec partners will be one of their primary

focuses. He said, "We have realized that the biggest challenge is awareness and

it can only be created through education. Hence, to facilitate the growth and

technical expertise of our channel partners we have a training academy. Every

quarter we conduct training across cities on different products and

technologies." Trend Micro on the other hand are looking to increase their

partner base. "We have a total base of more than 200 partners in the value space

which targets the enterprise customer. We will grow this by 15 to 20 percent,"

said Nath. Sanvei too wished to add more partners. "We want to add more

deployment partners and consultancy partners. We need one partner to support $5

million worth of business and since our target is $100 million, we would need

around 20 partners," said Ram Krishna. SafeNet's Gupta said that their partners

can up sell their solutions along with other security devices.

Finally the road ahead will see the data security space

getting integrated with storage and data management products and services. As

more of top management executives begin to see data security as an integral part

of data management, they will be able to invest more on the same. For those

partners wanting to enter the space, this is the right time to do so as there is

growth waiting to be tapped.

John Jacob