According to a
survey report compiled by the Data Security Council of India (DSCI) along with
KPMG and released in December last year, 87 percent of the more than 150
respondents rated Information Security as either 'top priority' or 'critical' to
their business. When it comes to doing something about it, more than 80 percent
of them are earmarking budgets to address the need to secure their information
bank. 64 percent of the respondents also felt that the non-seriousness of their
employees when it comes to data security is a major challenge they have to deal
with. 32 percent of those surveyed experienced some sort of compromise in their
user accounts while 29 percent reported some kind of data loss or theft from the
organization. More than 70 percent of respondents specified compliance as the
major driver toward adopting data security solutions while an encouraging 63
percent stated it would act as an enabler in their business. Around 60 percent
cited that their customers were concerned about data privacy. Sending e-mails
without encryption, printing of information and use of USBs and external storage
media were rated among the biggest concerns when it came to data leakage.
Leakage by employees was also a factor for around 44 percent of respondents. DLP
or data loss prevention was a method of securing data as used by 40 percent of
those surveyed. While anti-virus was the most preferred solution used (94
percent), a technology like Public Key Infrastructure (PKI) was opted for only
by 29 percent.
|
We feel that most of the data leakage happens at the endpoint level either via USB drives, e-mail, or Wi-Fi and that customers want protection from their current concerns and are not looking too far ahead Amit Nath |
Market Demographics
While it becomes difficult to quantify the size of the data security market
in India there are some estimates based on what industry players are saying.
Ram Krishna G-Technical Head, Sanvei Overseas said, "The
market size is estimated at $500 million and is growing at 20-30 percent. The
growth of critical data, plus the fear or threat perception is driving the
market. Data security concern is still limited to enterprise customers." Sonit
Jain, CEO, GajShield Infotech agreed on the fact that, SMBs view security more
as a cost center rather than as an investment. Verticals like BFSI and
government will also spur growth according to Rana Gupta, Business Head-India
and SAARC, SafeNet India. "A lot of e-governance projects like UID for instance
requires digitization of paper documents and therefore security becomes an
integral part of the infrastructure. The enterprise segment is already looking
at data security seriously and are as always the early movers," predicted Gupta.
Vishal Dhupar, MD, Symantec India said, "Though there is
growing awareness among the SMB segment in the country towards the threats to
their data, deployment of relevant solutions to counter this threat has not
matched up. This is because though security in IT infrastructure is high
priority for SMBs but due to limited budgets the spending is also limited."
Market Trends
A lot of companies out there are increasingly concerned about the threat of
data leakage from an internal source. A recent Symantec survey conducted by IDC
revealed that 79 percent of Indian enterprises find data loss to be their top
information security concern, even more than viruses or spam. "We have seen that
companies are now more concerned about the internal threat of data leakage more
than the external threat," said Jain of GajShield. McAfee's Karthik Shahani,
Regional Director, McAfee (India and SAARC) noted, "Around 70 percent of the
breaches in data security have had some internal element to it. Clearly, certain
segments find it more relevant to adopt data security solutions. For instance,
in Pharma, the leak of Intellectual Property like patents can mean a loss
running in millions of dollars. When it comes to things like IPOs if the
information regarding the financial health is known before the IPO is announced
it can create problems."
Amit Nath, Country Manager, Trend Micro (India and SAARC)
confirmed the same from documented research, "According to a recent report by
Trend Micro, 67 percent of respondents felt that the major threat to data
security comes from the inside. The verticals where we are seeing early traction
includes IT/ITeS where information on legal policies and financial data are
sensitive in nature and also manufacturing where it becomes relevant for the
design department." Dhupar highlighted some statistics from the study conducted.
Challenges
The lack of awareness and referable clients is a challenge vendors have to
contend with in this market. Also the lack of any kind of mandates in terms of
regulatory compliance is a major barrier for the next phase of growth to take
off. Gupta said, "We have had scandals like Enron in the USA and they have
implemented compliance requirements like Sarbanes-Oxley and Health Insurance
Portability and Accountability Act (HIPAA). Take the example of health
insurance, do customers want the information on their medical documents to be
publicly available on the Internet. There has to be some sort of regulatory
framework governing this. At the moment the attitude is such that data security
is just an escape route for customers, which they can bank upon if required and
is not on their business priority." Agreed Ram Krishna of Sanvei, "As of now
there is a lot of mindshare that needs to be developed because there is a lack
of awareness of product availability and low threat perception on consequences
of data loss. The other challenges are budgetary limitations for new technology
deployments." Nath of Trend Micro analyzed, "Challenge is that this space still
needs more acceptance from both channels as well as customers. The issue of
awareness arises because no one comes to know about incidents relating to data
loss because companies prefer to sweep it under the carpet." Dhupar also shared,
"From our research, we found that nearly 50 percent of respondents do not see
the significance and need for DLP solutions and another third of respondents are
unaware of what DLP is. In order to overcome these challenges, data security
needs to be identified as an issue at the CXO level. As information grows in
volume and importance, and threats to this data continue to evolve, we are
likely to see increased CXO-level involvement in ensuring data security."
Shahani highlighted the challenges from a DLP perspective.
"The DLP market is around 15-20 million USD but is still at the nascent stage
and can take off once teething issues are dealt with. The problem is not with
execution of the solution, but how do you know what data to tag and what not to
tag, as what is critical for some may not be for others.
Vendor Plans
Many vendors are increasing traction in the DLP space in order to tap growth
therein. Sonit Jain shared the plans for GajShield, "We are launching the only
UTM device with DLP capability in March. The solution is a hybrid of both cloud
and on-premise and offers much better performance than erstwhile solutions out
there. We are offering this as a product as well as service for customers who
can't make the initial capex in DLP." Sanvei also offers DLP products as a part
of its overall portfolio. "We have tied up with three partners-a security
technology supplier, a consulting and services company and a data integration
platform provider. Right now we have orders worth 200K USD but there is
reasonable traction and we are doing site survey and studies," said Ram Krishna
of Sanvei. Nath of Trend Micro pointed it from his perspective.
Channel plans
Dhupar said that training Symantec partners will be one of their primary
focuses. He said, "We have realized that the biggest challenge is awareness and
it can only be created through education. Hence, to facilitate the growth and
technical expertise of our channel partners we have a training academy. Every
quarter we conduct training across cities on different products and
technologies." Trend Micro on the other hand are looking to increase their
partner base. "We have a total base of more than 200 partners in the value space
which targets the enterprise customer. We will grow this by 15 to 20 percent,"
said Nath. Sanvei too wished to add more partners. "We want to add more
deployment partners and consultancy partners. We need one partner to support $5
million worth of business and since our target is $100 million, we would need
around 20 partners," said Ram Krishna. SafeNet's Gupta said that their partners
can up sell their solutions along with other security devices.
Finally the road ahead will see the data security space
getting integrated with storage and data management products and services. As
more of top management executives begin to see data security as an integral part
of data management, they will be able to invest more on the same. For those
partners wanting to enter the space, this is the right time to do so as there is
growth waiting to be tapped.
John Jacob
johnj@cybermedia.co.in