ForrTel:The State Of Security In The Enterprise And SMB MarketsNatalie Lambert Michael Speyer
Analyst Senior Analyst
Forrester Research
September 22, 2005. Call in at 10:55 pm Eastern Time
Theme
The demand for security products is strong across all market segments and
product categories.
Agenda
• Overview of included surveys
• Review of results
» SMB security concerns and adoption
» Enterprise security spending and technology adoption
» Enterprise vendor preferences for security technologies
• Summary
Survey scope and purpose
• Data is obtained from three Business Technographics® surveys, including:
» US SMB Software Study
» US and European Enterprise Telecommunications and Network Services Study
» US and European Data Center and Infrastructure Study
• Assess spending, adoption, and vendor preference in enterprise market.
Telecom Survey respondent demographics
Source: Forrester’s Business Technographics® 2005 Telecommunications and Networks Study
Company Size (Employees)
Respondents
5,000-19,999
1,000-4,999
IT or telecom director/manager
CIO, senior IT decision-maker
Executive who reports to senior-most IT decision-maker
N=700 (USA) N=300 (EU)
50%
20,000+
23%
27%
28%
40%
32%
SMB Survey respondent demographics
Company Size Respondents
Source: Forrester’s Business Technographics® 2005 North American SMB Software Study
N=789 (USA)
6-49
26%
500-999
19%
100-199
20%
50-99
17%
200-499
18%
Owner/CEO22%
LOB Exec
32%
Director/Mgr in IT
23%
CIO/Equivalent
11%
VP in IT12%
IT or telecom director/manager
Enterprise Telecom Survey respondent demographics
Source: Forrester’s Business Technographics® 2005 Telecommunications and Networks Study
Company Size (Employees)
Respondents
5,000-19,999
1,000-4,999
CIO, senior IT decision-maker
Executive who reports to senior-most IT decision-maker
50%
20,000+
23%
27%
28%
32%
40%
Enterprise Infrastructure Survey respondent demographics
Source: Forrester’s Business Technographics® 2005 Telecommunications and Networks Study
Company Size (Employees)
Respondents
5,000-19,999
1,000-4,999
IT director/ manager
CIO, senior IT decision-maker
Executive who reports to senior-most IT decision-maker
51%
20,000+17%
29%
27%
38%
35%
SMB Security Concerns And Adoption
Viruses and worms top list of risks; regulatory compliance not seen as an issue
83%
61%
54%
53%
37%
29%
28%
20%
19%
1%Don’t know
Regulatory compliance
Internal hackers/attacks
Employees violating security policies
Security configuration compliance
Identity theft
Outside hackers
Spam
Spyware
Viruses and worms
“Which of the following security issues or risks are you most concerned about?”
Base: 716 technology decision-makers at US SMBs(multiple responses accepted)
59% 57%
45%
37% 37% 36%29%
21% 19% 17% 17%13%
Patchmanagement
Security eventmanagement
Identitymanagement
Securityconfigurationmanagement
Host intrusionprevention/detection
Client/desktopfirewall
Gatewayantivirus
Content/spamfiltering
Network intrusionprevention/detection
Host antivirus
Antispyware
Networkfirewall
(multiple responses accepted)
Source: Forrester’s Business Technographics® June 2005 United States SMB Software And Services Benchmark Study
59% 57%
45%
37% 37% 36%29%
21% 19% 17% 17%13%
Patchmanagement
Security eventmanagement
Identitymanagement
Securityconfigurationmanagement
Host intrusionprevention/detection
Client/desktopfirewall
Gatewayantivirus
Content/spamfiltering
Network intrusionprevention/detection
Host antivirus
Antispyware
Networkfirewall
“Which of the following types of security software are you most likely to invest in this year?”
Base: 510 technology decision-makers at US SMBs that are purchasing security software(multiple responses accepted)
SMBs will purchase a broad range of security technologies… but product categories are slightly out of sync with current threats
Symantec is security software leader
35%
25%
22%
12%
11%
8%
8%
5%
4%
6%
4%Other
Develop in-house
NetScreen
Sygate
Check Point
IBM Tivoli
Computer Associates
Trend Micro
Cisco
VeriSign
McAfee
Symantec
“Which brands will your company consider most for security software?”
Base: 510 technology decision-makers at US SMBs who are purchasing security software (multiple responses accepted)
Source: Forrester’s Business Technographic® June 2005 United States SMB Benchmark Study
66%
Security consulting is in demand, especially among larger SMBs
• It’s the third-most demanded consulting service after app. development and Web design.
31%
39%
43%
500 to 999employees
100 to 499employees
6 to 99employees
“Will your organization purchase IT security assessment and planning consulting services in 2005?”
Base: 616 technology decision-makers at US SMBs
Utilities & telecoms and manufacturing firms lead security software adoption
77%
77%
74%
73%
67%
65%
58%Finance and insurance
Media, entertainment, and leisure
Public sector
Business services
Retail and wholesale trade
Manufacturing
Utilities and telecommunications
“During 2005, will your organization purchase security software,including first-time deployments as well as upgrades?”
Overall average71%
Base: 716 technology decision-makers at US SMBs
Key take-aways in the SMB market
• In 2005, SMBs:
» Will purchase a broad range of security technologies.
» Will look to Symantec for their software security.
» Will use IT consulting services to cope with an increasingly complex security environment.
» Will purchase the most security software (in utilities & telecom and manufacturing firms).
Enterprise Security Spending AndTechnology Adoption
Major themes to the enterprise IT organization
“Which of the following initiatives are likely to be one of your organization’s major themes for the next 12 months?”
Provide support for regulatory compliance
1 3 6
Significantly upgrade your security environment
2 4 1
Upgrade business continuity capabilities
3 NA NA
Consolidate IT infrastructure 4 5 7
Replace or upgrade PCs or laptops
5 7 4
Initiative*
July 2005
November2004
November
2003
*Only the top five initiatives from July 2005 are listed.
Security upgrades — a top priority for the third year in a row
47%
46%
41%
45%
28%
34%
34%
24%
23%
24%
13%
24%
15%
12%Manufacturing
Retail and wholesale trade
Utilities and telecommunications
Business services
Finance and insurance
Public sector
Media, entertainment, and leisure
Base: 700 infrastructure decision-makers at North American enterprises
“Will significantly upgrading your security environment be one of your IT organization’s major themes for 2005?”
Source: BusinessTechnographics® July 2005 North American And European Infrastructure And Data Center Survey
Critical priority Priority
39%17%Overall
Enterprises will see an increase in IT security spending this year
6%
6%
16%
25%
27%
35%
29%
40%
30%
42%
48%
50%
37%
24%
30%
39%
38%
22%
16%
20%
31%
20%
24%Overall
Business services
Retail and wholesale trade
Media, entertainment, and leisure
Finance and insurance
Manufacturing
Public sector
Base: 407 telecom decision-makers at North American enterprises
Significantly lower(10%+ decrease)
Somewhat lower(1-9% decrease)
The sameSomewhat higher(1-9% increase)
Significantly higher(10%+ increase)
“How will your IT security spending in 2005 compare to last year?
Note: “Don’t know” and “not applicable” responses have been excluded.
Source: Forrester’s Business Technographics® May 2005 North American And European Network And Telecommunication Benchmark Study
Infrastructure integration is the most important driver when purchasing security
“How important are the following drivers when purchasing enterprise security technologies?”
4%
2%
3%
3%
13%
16%
17%
20%
46%
48%
45%
43%
36%
34%
34%
33%Integration with other security
technologies
Best price-performance
Simplified manageability
Integration with otherinfrastructure technologies
1 - Not important234 - Very important
Base: 438 infrastructure decision-makers at North American enterprises
Source: Business Technographics® July 2005 North American And European Infrastructure And Data Center Survey
Cost: The unexpected obstacle when adopting a security technology
Expectation versus reality when acquiring security technologies
19%
18%
35%
5%
4%
10%
53%
14%
13%
7%
5%
5%
34%
-4%
-22%
2%
1%
-5%Compatibility
Scalability
Availability
Cost
Manageability
Reliability
“What is the largest obstacle when implementing security technologies?”
“What is the most important factor you consider when acquiring security technologies?”
Difference betweenexpectation and reality
Base: 438 telecom decision-makers at North American enterprises
Source: Forrester’s Business Technographics® May 2005 North American And European Network And Telecommunications Benchmark Study
Cost is the unex--pected obstacle forsecurity adoption.Only 13% of enter-prises consider costthe most importantpre-purchase factor;however, 35% find itthe largest obstaclefor implementation.
Almost a third of enterprises are already using network quarantine
“For the following technologies, please indicate if you are ‘aware’ of it, ‘not aware,’ or ‘already using’ them.”
27%
29%
34%
42%
45%
46%
31%
26%
20%Storage security applications
XML security applications an dgateways for securing Web services
Network quarantine
Already using Aware Not aware
Base: 438 infrastructure decision-makers at North American enterprises
Storage security applications will see little increase in adoption
“What is your level of interest in the following technologies?”
44%
49%
55%
27%
26%
22%
14%
16%
18%
16%
9%
6%Storage security applications
XML security applications andgateways for securing Web services
Network quarantine
Will pilot in the next12 months
Very interested butno plans to adopt
Somewhat interested Not interested
Base: Infrastructure decision-makers at North American enterprises whoanswered “aware” when asked about the previous security technologies
(percentages do not total 100 because of rounding)
Source: Business Technographics® July 2005 North American And European Infrastructure And Data Center Survey
Appliance-based security adoption
“How interested are you in adopting appliance-based security technology in the next 12 months?”
Base: 438 infrastructure decision-makers at North American enterprises
Already using19%
Will pilot in thenext 12 months
9%
Very interested, butno plans to adopt
6%
Not interested42%
Somewhat interested20%
Don’t know4%
Enterprises will put multiple security technologies on appliances
“What security functions are you likely to deploy on a security appliance?”
Base: 123 infrastructure decision-makers at North American enterprises who are currently using or will pilot appliance-based security technology (multiple responses accepted).
81% 75% 74%63% 60%
Applicationfirewall
Web contentfiltering
Email securityNetworkfirewall
Intrusion prevention/detection
Manageability is a key driver in appliance-based security adoption
Source: Business Technographics® July 2005 North American And European Infrastructure And Data Center Survey
“What is the primary driver behind buying appliance-based security technology?”
Base: 123 infrastructure decision-makers at North American enterprises who are currently using or will pilot appliance-based security technology (multiple responses accepted)
79%
73%
58%
52%
15%
4%Other
It was required by Managed Services provider
Convergence of multiple technologieson one device
Better price-performance
Obtaining a higher level of security
Simpler manageability
Key take-aways in enterprise spending and adoption
• In 2005, enterprises:
» Consider upgrading their security environment a top IT priority.
» Believe that integration and manageability are the most important product selection drivers.
» Will increase adoption in network quarantine.
» Will slowly begin adopting appliance-based security.
Enterprise Vendor Preferences ForSecurity Technologies
“Which vendor will you consider most for ... ?”
33%
13%
11%
9%
6%IBM Tivoli
McAfee
Symantec
Check Point
Cisco 44%
15%
8%
6%
4%Enterasys
Microsoft
Symantec
Check Point
Cisco
Network quarantineData center and network security
Base: 165 infrastructure decision-makers at North Americanenterprises who will purchase network quarantine solutions
Base: 209 infrastructure decision-makers at NorthAmerican enterprises who will purchase data centerand network security technologies
“Which vendor will you consider most for . . .?”
“Which vendor will you consider most for ... ?”
23%
9%
9%
9%
7%Novell
Computer Associates
RSA SecurityA
IBM
Microsoft25%
18%
13%
9%
6%Computer Associates
Microsoft
Cisco
McAfee
Symantec
Desktop security Identity management
Base: 127 infrastructure decision-makers at NorthAmerican enterprises that will purchase identitymanagement technologies
Base: 208 infrastructure decision-makers at North Americanenterprises that will purchase desktop security technologies
Key take-aways for enterprise vendor preferences
• In 2005, enterprises:
» Will buy from Cisco for network-centric security technologies.
» Will look to Symantec for desktop security.
» Will go to Microsoft for identity management.
Summary
• In 2005, SMBs:
» Will purchase a broad range of security technologies.
» Will look to Symantec for their software security.
» Will use IT consulting services to cope with an increasingly complex security environment.
• In 2005, enterprises:
» Consider upgrading their security environment a top IT priority.
» Believe that integration and manageability are the most important product selection drivers.
» Will increase adoption in network quarantine.
» Will slowly begin adopting appliance-based security.
Selected bibliography
• July 7, 2005, Data Overview “Software And Services In The SMB Market”
• June 23, 2005, Data Overview “The State Of Network And Telecom Adoption”
• Upcoming Research
» The State Of Security In SMBs And Enterprises
Natalie Lambert
Michael Speyer
www.forrester.com
Thank you
Entire contents © 2005 Forrester Research, Inc. All rights reserved.