Indian enterprises aren't spending too much on security,
the awareness and interest levels have certainly increased
attitude of Indian corporates towards security is reactive
rather than proactive. A company takes security seriously
but invests in security solutions only after it is affected
by a virus or a hacker. The exceptions to this are companies
that adhere to quality standards like SEI-CMM, organizations
that are service-oriented, and those that need to abide
with RBI regulations.
Security is regarded as an important infrastructure
area, and has high interest levels. Security seminars
are well attended and security consultants are a much
sought after breed. But when it comes to investing,
few companies are spending top dollar on security.
Worldwide (and in India too), enterprises do not spend
too much on security. Some security consultants believe
corporates allocate just 2.5 percent to 8 percent of
the total IT budget. Some even go so far as to say that
Indian corporates spend less than one percent on security.
many Indian organizations, security is limited to an
anti-virus package installed on desktops, and maybe
on the server. While the larger companies allocate funds
for security, most SMEs seem content with anti-virus
Companies who need to protect their business data and
are afraid of letting it fall into the wrong hands,
will set up firewalls or intrusion detection systems
The price of firewalls ranges from Rs 1,840 (per user)
to Rs 2 lakh (for an enterprise solution).
Security now involves tasks like vulnerability testing/risk
assessment, intrusion detection and packet filtering.
The network faces threats from both internal and external
hackers. Security Authorization, Authentication, and
Administration (3A) become imperative for e-commerce
That's why 84 percent of the survey respondents (whose
main focus area was security) said their requirement
in this category has increased. About 37 percent of
all respondents said Security was a main focus area.
Overall, Security is among the top three interest areas
this year. The average rate of increase in requirement
is 45 percent. Security is now taken more seriously
(especially among the SMEs) and 59 percent of the companies
surveyed said they had a security policy in place.
All respondents in the survey said they use an anti-virus
solution. In fact anti-virus commands the biggest share
in this segment. The strong dependence on messaging
solutions and the proliferation of viruses/worms through
e-mail has led to adoption of anti-virus solutions in
all enterprises. It is estimated that 93 percent of
viruses are transmitted through e-mail.
However, the demand for anti-virus solutions is on the
decline. In 2002-03, 43 percent of the respondents said
they plan to go in for an anti-virus solution. Since
all companies surveyed already have an anti-virus solution,
they are likely to spend money on upgrades and patches
or on buying additional licenses.
Firewalls, VPN (Virtual Private Network) and IDS (Intrusion
Detection System) are increasingly being adopted in
the enterprise. About 59 percent of the respondents
said they had a firewall solution and 64 percent said
they have a requirement. A similar trend is observed
for VPN32 percent said they use VPN and 38 percent
said they had a requirement.
Organizations are connecting internal networks to the
Internet to facilitate e-commerce transactions, hence
the demand for Firewall and VPN solutions.
The survey also indicates that the demand for encryption
tools remains stable and that biometrics security solutions
are slowly coming to the enterprise. The increased usage
of IT by banks and financial institutions will boost
demand for encryption security solutions.
Last year, 51 percent of the respondents invested up
to Rs 25 lakh in security. This year the figure drops
to 45 percent. We observe that very few companies have
invested over Rs 25 lakh in security.
The average amount allocated last year for security
was Rs 18 lakh and for the current year it is Rs 23
lakh. These amounts are the least among all categories,
indicating that spending on security is the lowest.
The IT/Telecom sector is the biggest adopter of security
solutions. In fact 9 percent of the respondents in this
sector said their current budget allocation for security
is between Rs 1 - 5 crore. This is because the level
of security awareness among IT/Telecom companies is
high. The same could be said for IT-savvy companies
in other industry verticals.
Firewall is one area that is gaining mindshare. There
is high requirement for firewalls in all sectors. About
73 percent of respondents from the manufacturing sector
said they require a firewall.
The Banking and Finance sectors, due to the inherent
nature of their transaction-oriented business, will
drive the demand for security solutions.
There is certainly more awareness about security, especially
in the SME segment. But this awareness has still to
translate into significant budget allocation for security.
Enterprise security has also become so complex, that
the focus has shifted from security products to security
solutions. Many CIOs are also considering Outsourcing
and Managed Security Services (managed firewalls, online
IDS, online anti-virus scanning etc). However, it will
take some time for outsourcing and managed services
to become widespread.
There will also be demand for 3A solutions, firewalls
and IDS. The market for Encryption and Authentication
tools is expected to pick up with the increase in e-commerce
transactions in banks, financial institutions and government
As the market matures and security awareness levels
increase, enterprises will follow international security
standards like BS7799 and ISO 17799. More companies
are expected to opt for vulnerability testing and risk
assessment, which are conducted by security consultants
percent of the survey respondents (whose main
focus is Security) said their requirement in
this category has increased
59 percent of the companies surveyed
said they had a security policy in place
The average amount allocated last year
for security was Rs 18 lakh and for the current
year it is Rs 23 lakh
The IT/Telecom sector is the biggest
adopter of security solutions
The demand for anti-virus solutions is
on the decline. Most spending on anti-virus
solutions is going to be on incremental upgrades/patches
and on buying additional licenses
Firewalls, VPN (Virtual Private Network)
and IDS (Intrusion Detection System) are increasingly
being adopted in the enterprise
4 benefits CIOs seek
Better data management
Improvement in operational efficiency