While Indian enterprises aren't spending too much on security, the awareness and interest levels have certainly increased

The attitude of Indian corporates towards security is reactive rather than proactive. A company takes security seriously but invests in security solutions only after it is affected by a virus or a hacker. The exceptions to this are companies that adhere to quality standards like SEI-CMM, organizations that are service-oriented, and those that need to abide with RBI regulations.

Security is regarded as an important infrastructure area, and has high interest levels. Security seminars are well attended and security consultants are a much sought after breed. But when it comes to investing, few companies are spending top dollar on security.

Worldwide (and in India too), enterprises do not spend too much on security. Some security consultants believe corporates allocate just 2.5 percent to 8 percent of the total IT budget. Some even go so far as to say that Indian corporates spend less than one percent on security.

For many Indian organizations, security is limited to an anti-virus package installed on desktops, and maybe on the server. While the larger companies allocate funds for security, most SMEs seem content with anti-virus solutions.

Companies who need to protect their business data and are afraid of letting it fall into the wrong hands, will set up firewalls or intrusion detection systems (IDS).

The price of firewalls ranges from Rs 1,840 (per user) to Rs 2 lakh (for an enterprise solution).

BEYOND ANTI-VIRUS
Security now involves tasks like vulnerability testing/risk assessment, intrusion detection and packet filtering. The network faces threats from both internal and external hackers. Security Authorization, Authentication, and Administration (3A) become imperative for e-commerce transactions.

That's why 84 percent of the survey respondents (whose main focus area was security) said their requirement in this category has increased. About 37 percent of all respondents said Security was a main focus area. Overall, Security is among the top three interest areas this year. The average rate of increase in requirement is 45 percent. Security is now taken more seriously (especially among the SMEs) and 59 percent of the companies surveyed said they had a security policy in place.

All respondents in the survey said they use an anti-virus solution. In fact anti-virus commands the biggest share in this segment. The strong dependence on messaging solutions and the proliferation of viruses/worms through e-mail has led to adoption of anti-virus solutions in all enterprises. It is estimated that 93 percent of viruses are transmitted through e-mail.

However, the demand for anti-virus solutions is on the decline. In 2002-03, 43 percent of the respondents said they plan to go in for an anti-virus solution. Since all companies surveyed already have an anti-virus solution, they are likely to spend money on upgrades and patches or on buying additional licenses.

Firewalls, VPN (Virtual Private Network) and IDS (Intrusion Detection System) are increasingly being adopted in the enterprise. About 59 percent of the respondents said they had a firewall solution and 64 percent said they have a requirement. A similar trend is observed for VPN—32 percent said they use VPN and 38 percent said they had a requirement.

Organizations are connecting internal networks to the Internet to facilitate e-commerce transactions, hence the demand for Firewall and VPN solutions.

The survey also indicates that the demand for encryption tools remains stable and that biometrics security solutions are slowly coming to the enterprise. The increased usage of IT by banks and financial institutions will boost demand for encryption security solutions.

MARGINAL INCREASE
Last year, 51 percent of the respondents invested up to Rs 25 lakh in security. This year the figure drops to 45 percent. We observe that very few companies have invested over Rs 25 lakh in security.

The average amount allocated last year for security was Rs 18 lakh and for the current year it is Rs 23 lakh. These amounts are the least among all categories, indicating that spending on security is the lowest.

The IT/Telecom sector is the biggest adopter of security solutions. In fact 9 percent of the respondents in this sector said their current budget allocation for security is between Rs 1 - 5 crore. This is because the level of security awareness among IT/Telecom companies is high. The same could be said for IT-savvy companies in other industry verticals.

Firewall is one area that is gaining mindshare. There is high requirement for firewalls in all sectors. About 73 percent of respondents from the manufacturing sector said they require a firewall.

The Banking and Finance sectors, due to the inherent nature of their transaction-oriented business, will drive the demand for security solutions.

OUTLOOK
There is certainly more awareness about security, especially in the SME segment. But this awareness has still to translate into significant budget allocation for security.

Enterprise security has also become so complex, that the focus has shifted from security products to security solutions. Many CIOs are also considering Outsourcing and Managed Security Services (managed firewalls, online IDS, online anti-virus scanning etc). However, it will take some time for outsourcing and managed services to become widespread.

There will also be demand for 3A solutions, firewalls and IDS. The market for Encryption and Authentication tools is expected to pick up with the increase in e-commerce transactions in banks, financial institutions and government departments.

As the market matures and security awareness levels increase, enterprises will follow international security standards like BS7799 and ISO 17799. More companies are expected to opt for vulnerability testing and risk assessment, which are conducted by security consultants or MSSPs.

Research Snapshots 84 percent of the survey respondents (whose main focus is Security) said their requirement in this category has increased 59 percent of the companies surveyed said they had a security policy in place The average amount allocated last year for security was Rs 18 lakh and for the current year it is Rs 23 lakh The IT/Telecom sector is the biggest adopter of security solutions The demand for anti-virus solutions is on the decline. Most spending on anti-virus solutions is going to be on incremental upgrades/patches and on buying additional licenses Firewalls, VPN (Virtual Private Network) and IDS (Intrusion Detection System) are increasingly being adopted in the enterprise

Top 4 benefits CIOs seek Data/System security Better data management Reliability Improvement in operational efficiency