Analysis of the Security Management Market in Hong Kong

analysis of the Security Management Market in Hong KongThe Security Management fabricationINTRODUCTIONSecurity wariness is the combination of hardw argon, softw be program, and function that normalizes, aggregates, correlates, and visualizes data from different bonifaceage products. Security worry is a broad term that encompasses several(prenominal) currently distinct commercialise segments.With the armorial bearing of the net profit, spam is adequate progressively costly and dangerous as spammers deliver more virulent payloads done email attachments. harmonize to a recent IDC (2004) study, the volume of spam messages s demise daily worldwide jumped from 7 one million million in 2002 to 23 billion in 2004.The Hong Kong Population has increasingly cyberspace substance abusers. This boom in the electronic commerce creates ease in communication and on course legal proceeding however this has to a fault compromised the inseparable data shelter with the presence of h ackers. patience analysts believe that ontogenyd spending on mesh guarantor products and the brass of a bodily data protective cover policy is equ tout ensembley classic in avoiding development leakage. Estimated information hostage spending in Hong Kong leave alone reach USD 231 million in 2003 and go out say a shelter development to reach USD 252 million in 2004. U.S. security measure measures products enjoy an subtile reputation in Hong Kong and should continue to dominate the market.According to Braunberg (2004), a study early driver for security management products is the wish to get a handle on even upt data emanating from impingement espial systems. m any(prenominal) a(prenominal) security management products argon chiefly occupyed with the consolidation, correlation and prioritization of this sheath of data. These event management and correlation products address the volume of data and its sundry(prenominal) origin, both in terms of doohickeys an d vendors.SECURITY MANAGEMENT MARKET IN HONG KONGMarket HighlightsThe continuous increase in ingest for communication internationally, net profit has been increasingly in direct. With the internet in logical argument transactions, companies work outed gross sales opportunities by e-commerce and reduce business costs. With the presence of mesh, companies fuel broadly expand customer base.However, in spite of all these benefits that companies experienced with cyberspace, it has also brought close to costs to companies. Internet opens up network and bonifaces to external and internal onrushs. In order to guard against these attacks, Hong Kong companies hire increasingly felt the need to bribe Internet security.According to the trace of HKCERT (2004), the number of PCs installed in Hong Kong has skewed to the wiped out(p) end. In the plenty conducted, it shows that 63.5% of the surveyed companies had installed 1-9 PCs and only 1.3% had installed 100 PCs or above.Consu mer AnalysisIn the report of HKCERT (2002), labor players estimated that the Hong Kong market for meshwork security products and aids in 2001 was USD 231 million and forget reach USD 252 million in 2004. Generally U.S. internet security products be the study(ip) players and atomic number 18 enjoying an excellent reputation in Hong Kong and argon continually dominating the market.Industry EstimatesThe survey of HKCERT in 2004 showed that Hong Kong companies adopt security technologies to secure their computer form attacks. The survey includes 3,000 companies from different industry sectors in Hong Kong. According to the survey anti- virus softw be was the just about popular security measure, being apply by 90.9% of the companies interviewed in 2004. Physical security (65.5%), Firewall (65.4%) and discussion (60.6%) were the next three common security measures adopted (HKCERT, 2004). The information security consciousness of the companies in Hong Kong has increase consi derably as the percentage of companies without any security measures in place dropped from 10.1% in 2003 to 3.6% in 2004 (HKCERT, 2004)As the survey shows, the use of firewall has significantly increased in 2004. This is due to the increasing aw arness of a number of companies that the basic security tools can not completely stop virus and because softw ar vendors pay great effort in promoting their products.From the table above, US rank number one in the name showing that US is the study host of malwargon in 2006. On the opposite hand, Hong Kong only is on the 9th place however it is still a major contributor of malware in the world.Sophos notes that up to 90% of all spam is today relayed from zombie computers, hi-jacked by Trojan horses, worms and viruses under the control of hackers. This means that they do not need to be based in the same surface area as the computers being utilize to send the spam (IET, 2007).Sophos found that the well-nigh prolific email threats durin g 2006 were the Mytob, Netsky, Sober and Zafi families of worms, which together accounted for more than 75% of all infected email (IET, 2007).According to the report, email allow continue to be an important vector for malware authors, though the increasing adoption of email penetration security is making hackers turn to opposite routes for infection (IET, 2007). Malware infection go forth continue to affect many websites. SophosLabs is uncovering an average of 5,000 unexampled URLs hosting vixenish code each day (IET, 2007).In 2006, it has been discovered that there is a decrease in use of spyware due to multiple Trojan d confessloaders. Statistics identify that in January 2006 spyware accounted for 50.43% of all infected email, while 40.32% were emails linking to websites containing Trojan downloaders. By celestial latitude 2006 the figures had been reversed, with the latter now accounting for 51.24%, and spyware-infected emails reduced to 41.87%.(IET, 2007)Market ChannelsIn Hong Kong, consumer-oriented products much(prenominal) as anti-virus, overseas companies usually market their products via local distributors who will then channel the products to resellers and in roughly cases directly to retailers. For try-oriented products, which require value-added attend tos such as system integration and after-sales support, overseas companies can go by dint of local distributors and/or resellers. (Chau, 2003)Competitive AnalysisThe internet security market has four segments anti-virus, firewall, encryption software program, and Security Authentication, Authorization Administration.Anti-virus packetAnti-virus software identifies and/or eliminates harmful software and macros. Anti-virus are mostly software based. The major players in Hong Kong for the consumer market includes Symantec/Norton which possesses 50% of the market share in Hong Kong, Norman, Nai/McAfee, and course of action micro which are basically US origin (Chau, 2003). According to Chau (2003), consumers of Anti-virus are generally scathe sensitive and usually seek for products with established notice name.In the enterprise market of anti-virus, the major players include turn out small, NAI/McAfee, Norman and Symantec (Chau, 2003). According to the analysis, enterprise users will usually seek professional opinions from their I.T. service provider and are more likely to concentrate on on taint reputation and offered features and pricing is not the main concern, although with the downturn in the economy, companies are becoming more price-sensitive (Chau, 2003)FirewallFirewall software/ hardware identifies and blocks access to certain applications and data. at that place are two categories of firewall products software and hardware. The players in Hong Kongs software firewall market are Check Point Software which dominates the market of 60% market share, computing device Associates, Symantec and watertight reckoning (Chau, 2003).In the hardware firewall ma rket, the major players are Netscreen with 50% market share, Cisco (PIX) with 20% market share, Sonic Wall, Watchguard and Nokie of Finland (Chau, 2003).According to the report, the price for software firewalls averages USD 20 per user. On the hardware firewalls side, the number of users and the kinds of features determine the price. A low-end firewall horde costs USD 600 to USD 700, a mid-range server costs USD 2,000 to USD 4,000, and a high-end server costs USD 10,000 and above. Netscreen and Sonic Wall are quite common in small to medium-sized enterprises. Cisco targets large corporations. Brand reputation and price are the prime concerns for buyers. According to industry players, there is an increasing preference for hardware firewalls over software firewalls because the hardware firewall has a speed advantage and is easier to maintain. (Chau, 2003) encodingEncryption software is a security product that uses crypto-graphical algorithms to protect the confidentiality of data, ap plications, and user identities. According to the study, the most normally- apply standards in Hong Kong are SSH, SSL, PGP, RSA, and DES. Different standards are used for different objectives. SSH is mostly used to secure TCP connections between impertinent sites. SSL is commonly used in web browsers to secure web traffic. PGP is used for email encryption. RSA is for PKI system authentication and authorization. DES or 3DES are commonly used in the banking sector. (Chau, 2003)According to the report of Chau (2003), the major players in encryption in Hong are PGP, Utimaco, F-Secure, SSH (Security Shell), and RSA.Security 3A SoftwareSecurity 3A (administration, authorization, and authentication) software is used for administering security on computer systems and includes the processes of defining, creating, changing, deleting, and auditing users.Authentication software is used for confirm users identities and avoiding repudiation. Authorization software determines data access accordi ng to somatic policy. administrative software includes internet access control, email scanning, intrusion detection and photograph assessment, and security management. The major players in PKI system in Hong Kong are Baltimore of UK, Verisign, and dedicate (Chau, 2003).Intrusion Detection Systems (IDS)An intrusion detection system (IDS) examines system or network activity to find possible intrusions or attacks. Intrusion detection systems are either network-based or host-based. Network-based IDS are more common.According to the report of Chau (2003), the major players of IDS in Hong Kong are ISS (Real Secure) which dominate in the market of 65% market share, Enterasys (Dragon), Symantec (Intruder Alert), Tripwire (Tripwire), Computer Associates (Entrust Intrusion Protection) and Cisco (Secure IDS). In the analysis it has been cognise that IDS end-users are mostly medium to large enterprises and the most significant buy criteria for end users are reliability and compatibility an d price is not a underlying factor (Chau, 2003).Content Security ProductsThe major players of content security products includes Clearswift which has 50% market share, Websense which has 25% market share, form little and Serve manage (Chau, 2003).Market make outsAccording to the report, on embodied side, the ingest for network-based anti-virus would likely to increase than the demand for desktop-based anti-virus products since mostly viruses attacks are usually via internet (Chau, 2003).On the other hand, in the consumer side, consumer market would likely to fade away since consumers are downloading note down anti-virus from the Internet. It is expected that ISPs will increasingly provide AV protection as a value-added service to the users (Chau, 2003).In the firewall software, it has been expected that the demand for hardware-based appliance products would likely to increase for small and medium-sized companies. (Chau, 2003)For Intrusion detection and vulnerability assessme nt, it is predicted that it will render very popular as enterprises will shift to a isotropy between internal and external threats. In accompaniment, the distinction between host-based and network-based IDS is becoming blurry with the creation of IDS consoles that receive data from both the network sensors and host agents. Integrated solutions will travel the trend. (Chau, 2003)Market DriverThere are several market drivers of security management market. Chau (2003) identified some of these market drivers. In his report, he enumerated three of these market drivers which includes the Internet growth, telecommuting trend, and giving medication generated awareness of Internet security.Internet GrowthIn Hong Kong, the Internet has become the prevalent communication means between business transaction and even between employees with the increasing trend of orbiculateization. According to Hong Kong Government survey in 2001, 1.25 million households or 61% of all households in Hong Ko ng has PCs of which 80% are connected to the Internet compared to 50% households with PCs in 2000 of which only 36% are connected to the Internet in 2000 (Chau, 2003). Generally, consumers are making use of the internet to send emails, surf the web, carry out research, conduct on variant banking transactions, and make low-value purchases. The survey estimated that around 6% of all persons over 14 had used one or more types of online purchasing function for private matters in the 12 months before the survey (Chau, 2003).On the other hand, on the business side, more than one third of businesses in Hong Kong have internet connections. In 2001, about 12% of businesses had delivered their ripe(p)s, services or information done electronic means which is 4% higher(prenominal) than that in 2000. The estimated amount of business receipts received from selling goods, services or information through with(predicate) electronic means in 2000 was USD 1 billion. Increased connectivity to the internet creates higher chances of hacker attacks, especially if the users have a constant live connection, such as through a DSL line. (Chau, 2003)According to the Hong Kong Commercial law-breakings office, reports of computer-related offenses increased from 235 incidents in 2001 to 210 in the first nine months in 2002. Computer attacks had touch on 5,460 computers in the ancient 12 months. Financial loss caused by computer-related crimes pink wine from USD 195,000 in 2001 to USD 236,000 in 2002. The Computer Crime Section of the Hong Kong Commercial Crimes Bureau believes that only 0.3% of the victims reported hacking incidents, fearing that doing so would damage their reputation. Facing increasing internal and external hacking threats, companies are seeking security tools to protect their network and to maintain worldly concern confidence. (Chau, 2003)Telecommuting Trendanother(prenominal) major driver of security products, according to Chau (2003), is the increasing decen tralization of the work force, such as restless sales teams in the insurance industry who need to access embodied networks via PDAs. There is an increasing trend of businesses and organizations which benefit from employees ability to dial into corporate networks via the internet, however, this often creates information security risk of exposures within the organization, resulting in increased addiction on, and greater deployment of, security products (Chau, 2003).Government-generated awareness of internet securityAnother major driver of security products is the government awareness on the importance of Internet security. With this awareness, government organizations are formed. Like for example the SAR Government. The SAR Government is committed to providing a safe and secure environment to foster the development of e-commerce in Hong Kong in which has built a public key infrastructure (PKI) through the cheek of a public certification authority and a voluntary CA acknowledgemen t scheme in Hong Kong (Chau, 2003).Currently, there are four recognize certification authorities operating in Hong Kong which includes JETCO, Digi-Sign Certification Ltd., HiTRUST.Com and the Hong Kong Postmaster General. In addition to the establishment of the PKI systems, the Hong Kong Government has also engaged substantial resources to educate the public regarding the importance of information security. For instance, the Crime Prevention Unit of the Technology Crime Division of the Hong Kong Police is responsible for providing advice on all aspects of computer security. It also produces educational materials on raising computer security awareness and makes presentations on technology crime prevention topics. (Chau, 2003)In addition to the market drivers in which Chau has enumerated, there are still other market drivers of security management market. Braunberg (2004) identified two major groups of market drivers which are the near-tern market drivers and dour-term market drive rs. Under the near-term market drivers are manage or prevent, circuit management, vulnerability assessment, embracing standards and the brains of the operation. Long-term market drivers include complexity and cost, device and security integration, knowledge database resources, lack of trust, on demand of computing and affectionate engineering.Near-Term Market DriversManage or Prevent. In the analysis of Braunberg (2004), the chief driver of event management solutions is the continuing and hugely annoying number of anticipatey positives pouring out of intrusion detection systems. According to him, a payoff driver to growth in the managed security segment is the emergence of intrusion prevention systems, particularly in-line solutions that can perform real-time data blockade (Braunberg, 2004). The adoption of intrusion prevention system could inhibit spending on event management systems and security management vendors should consider these products competitive to their own (Brau nberg, 2004)Perimeter Management. Security management products has evolve due tot to the demand of securing the perimeter. According to Braunberg (2004), security management solutions are evolving to integrate data from a host of perimeter products in which event management systems often evolved on separate lines with products for firewall, antivirus, and IDS.Vulnerability Assessments. According to Braunberg (2004), one of the near- term drivers for which end-users are of concern is understanding what the security risks are. Generally, guests are looking to leverage vulnerability assessments to encourage prioritize emerging threats. Increasingly vulnerability data is being leveraged in event management systems (Braunberg, 2004).Embracing Standards. According to Braunberg (2004), the industry is a long way from embracing standards for sharing event information but some progress has been made over the last year. The Internet Engineering projection Forces Incident Object Description and Exchange Format (IODEF) draft specification is gaining some traction and its adoption would be a significant step forward for the market (Braunberg, 2004)The Brains of this Operation. According to Braunbergs analysis (2004), the infatuation with IPS will be short-lived unless significant improvements can be made in lessen false positives in events however security management products will increasingly play a major role in providing the analytic smarts lowlife IPS solutions.Long-Term Market DriversComplexity and Cost. With the increasingly complexity in the web-based business models, the more tangled is the security solutions for the end-users. According to Braunberg (2004), businesses patterning online strategies from scratch can be overwhelmed by the initial investment of security solutions, while those stressful to adapt existing solutions to evolving security concerns are besieged by support costs.Device and Security Integration. According to Braunberg (2004), equipment makers are paying much proximate attention to imbedded security functionality in devices and are actively attempting to integrate security as a value-added service in order to change the mentation of the end users of security products as an add-on or an extraneous fragment of infrastructure. In addition, vendors are looking to unite service providers with standards programs that simplify client understanding and reduce the complexity of product buying (Braunberg, 2004).Knowledge Database Resources. Another market driver for security products is to actively secure the knowledge database from attack patterns and other descriptions of the enemies. The security products vendors should reinvent a spendthrifter resolution to the cognise threats. According to Braunberg (2004), multi-product vendors particularly will look to evolve from real-time observe to broader real-time management.Lack of Trust According to Braunberg (2004), end users, whether they are corporate users putting a business plan on a server or a consumer buying a CD, have ingrained habits that they are not necessarily willing to give up. For example, no matter how good an online banks security system is, a consumer will have to be positive(p) that its services are not only as good as a brick and mortar banks services, but better (Braunberg, 2004).On demand Computing According to Braunberg (2004), the availability of ubiquitous computing resources on demand will further drive the need for sophisticated, highly flexible security management solutions that combine both identity management and event management. According to him, the demand for more esoteric offerings such as GRID computing is the major long-term driver for security management solutions (Braunberg, 2004).Social Engineering. According to Braunberg (2004), clients are still facing risks in security that employees represent just through the human desire to be helpful, and hackers exploit this through social engineering. According to him, a component of managed security will need elements of employee training to build awareness of outside threats (Braunberg, 2004).According to the analysis of Braunberg (2004), the security segment will continually be strong in which the diversity of interest ranges from an set up of different types of companies which indicates a leverage of controlling security function.In addition, since end users demand has also evolve in which they demand for more in-depth justificative strategies ad best of breed approaches to purchasing decisions, security solution in turn has become more complex.Case Study Trend little initiativeHistoryIn 1988, Trend Micro Incorporated was founded by Steve Chang and his wife in California. Trend Micro Incorporated is a global leader in network antivirus and Internet content security software and services. The come with led the migration of virus protection from the desktop to the network server and the Internet gatewaygaining a reputation for vision a nd technological transformation along the way. Trend Micro focuses on outbreak prevention and on providing customers with a comprehensive approach to managing the outbreak lifecycle and the clashing of network worms and virus threats to productivity and information, through initiatives such as Trend Micro Enterprise Protection Strategy. Trend Micro ha grown into a transnational organization with more than 2,500 employees representing more than 30 countries around the globe.Many of the hint sophisticated and security industry analysts have tracked Trend Micros growth and performance for the last several years, hailing the company as visionary, citing its leaders and basis in the security industry.According to Brian Burke, IDC Research Manager, Trend Micro has consistently demonstrated a strong position in the Secure Content Management market. To remain achievementful Trend Micro has accommodate quickly to market challenges and the evolution of security threats such as spyware, phishing and spam, in which financial gain has become the number one driving force. given up Trend Micros track record and its strong upward momentum, we expect the company to continue delivering innovative solutions that provide customers with timely protection against unpredictable threats.Trend Micro has earned a reputation for turning great ideas into stylish technology. In recognition of the antivirus companys strategy and vision, the analyst firm Gartner has hailed Trend Micro as a visionary malicious code management supplier for four square(a) years. Citing its flexible and efficient transnational management model, parentageWeek adjudge Trend Micro as one ofa sensitive-fashioned breed of high-tech companies that are defying conventional wisdom. According to IDC, Trend Micro has held the top global market share in internet gateway antivirus for six consecutive years.A history of innovationIn 1995 Trend Micro became an industry pioneer in the migration of virus protec tion from the desktop to the server level, with the effectuate of Trend Micro ServerProtec. In 1997 it launched the industrys first virus protection for the Internet gateway with InterScan VirusWall. Since then, it has demonstrated a history of innovation in server-based antivirus products that has contributed to the leaders position it holds today in this market (according to the recent IDC report world-wide Antivirus 2004-2008 Forecast and 2003 Competitive Vendor Shares.Trend Micro continues to shift the paradigms of antivirus security with cutting-edge products, services and strategies like Trend Micro Network VirusWall, outbreak Prevention usefulnesss, and its Enterprise Protection Strategy. Trend Micro is committed to following(a) its path of innovation to help companies manage todays ever-increasingly complex, fast- feteing malware threats.SWOT AnalysisStrengthsBusiness and security knowledgeTrend Micro has been a pioneer and groundbreaker in the antivirus software market since 1988, anticipating trends and developing products and services to protect information as new computing standards have been adopted around the world.Service and support excellence, that is, Trend Micro products and services are backed by TrendLabs a global network of antivirus research and support centers. TrendLabs monitors potential security threats worldwide and develops the means to help customers prevent the spread of outbreaks, minimize the jolt of new threats, and restore their networks.Flexible workforce through contingent workers for seasonal/cyclical projectsLoyal, hardworking, and diverse workforce who, in addition to good compensation, have an opportunity to do wellMultinational corporation operating through regional subsidiaries to minimize cultural differencesLow employee turnoverRelatively quick product development processes that allow for timely updating and release of new productsRevenues and profits rising at 30% a year with unification/acquisition or inv estment in 92 companies over past five yearsSoftware products have high name recognition, broad-based corporate and consumer acceptance and numerous powerful features that are in use worldwide, thereby promoting standardization and competitive advantage through their ease of integration and cost-effectiveness big top rating from Fortune for best company to work at and most admired companyWorlds largest software company with global name recognition and strong reputation for innovative productsWeaknessesPerceived by many as a cut-throat enemy that uses its dominant market position to marginalize ambition by stealing/destroying the competitions products, stifling product innovation, and decreasing the availability of competitor productsProducts have a single application focus and do not work well with or on-top of other productsReputation has suffered because of entanglement in antitrust and permatemps Vizcaino litigationMisperceptions of securitys value or purposeOpportunitiesCheape r global telecom costs open new markets as people connect to the Internet in which in turn increases the need for security productsMobile phone applications and exploitation of personal digital assistants represent a growth industry so that strategic alliances could provide the company with opportunity in a market where it currently has little or no significant presenceBusiness ContinuityReduced CostsPotential Revenue OpportunitiesTrend Micro holds the top market share for both worldwide Internet gateway and email-server based antivirus sales.ThreatsCurrency exchange rates affect demand for application/operation software and hardware, and fluctuating currencies can negatively impact revenues in the global marketplaceRecession or economic retardent in the global market impacts personal computer equipment sales and their need for an operating systems which in turn would slowdown the need for security systemsSoftware piracy of commercial and consumer applications software on a global outperform threatens revenue streamsTechnology life cycle is shorter and shorterInconsistency across the enterpriseLoss of sponsorship or visibilityCurrent StrategyThe continuous success of Trend Micro is guided by its strategies. Innovation was always been the strategy of a technological company however in Trend Micro, innovation was not the only strategy implemented. There are many crucials that are to be considered. The current strategy of Trend Micro are the following. pore On the Essentials and Sacrifice the RestIt is known that focus is important and essential for the success of any business. According to Steve Chang, strategy is about focusing on essential and sacrificing the rest. (Chang, 2002) in addition, according to Peter Firstbrook, program director, security risk strategies, META Group, Trend Micro has done just that, having an amazing laser-like focus on their business. And the authors of a Harvard Business School case study commented Although very entrepreneurial , Steve Chang held fast to a single strategic focus for over a decade. kind of than attempt to provide all security products to all customers, Trend Micro concentrated on developing best-of-breed antivirus solutions. (Pain and Bettcher, 2003)Trend micros consistent and persistent focus allowed the company to build their strengths and consistently leading the market.Innovation Isnt Just astir(predicate) Your Software ProductsTrend Micro has many product firsts under its crash the first antivirus product for a server in 1993 the first Internet gateway protection antivirus software in 1996 the first e-mail anti-virus software product in 1998 the first Internet content security service in 1999.However, for the Trend Micro innovation applies to more than just the products. It is a pervasive notion that applies to other areas of your business as well. Innovation should be seen new type of global organization and in a new service offering.According to Steve Hamm in a 2003 Business Week article, Borders are So 20th Century, Trend Micro is an example of a new form of global organization, transnational organization in which aimed to transcend nationality altogether.Hamm quotes C. K. Prahalad, a professor at the University of Michigan Business School, who says Theres a fundamental rethinking about what is a multinational companyDoes it have a home country? What does provide mean? Can you fragment your corporate functions globally? (Hamm, 2003)According to Hamm (2003) Trend micro was one of the first responder to viruses which can deliver services in 30 minutes before the market leader Symantec. He commented that Trend Micro is able to respond so quickly because its not organized like most companies. (Hamm, 2003)The strategy of Trend Micro is to spread its top executives, engineers, and support staff around the world. The main virus response center is in the Philippines,