Gartner analysts speaking at the company's Security 2003 conference in London on Monday predicted that although the security software market will continue to grow slowly over the next five years, public key infrastructure (PKI) encryption products are expected to take a hit.
Overall, the security software market is expected to grow by just over ten percent a year during the next five years. The fastest-growing segments will be content-filtering, antivirus and access-management software, all of which are expected to grow between 12 percent and 16 percent between now and 2007.
The biggest loser will be PKI, which is forecast to fall by over 16 percent over the same period, with companies growing disillusioned about the management and infrastructure costs associated with using the encryption technology, according to Gartner. Firewall and VPN software will also take a hit, but by less than two percent, the analysts said.
Gartner analyst Fabrizio Biscotti said that the recent spate of virus and worm attacks, combined with regulations such as Sarbannes-Oxley in the US, have helped to increase awareness of security requirements. "This summer was the first time three different viruses struck at the same time, which was big news. The impact of regulations have increased awareness and have helped push companies to standardise their security products," he said.
However, Biscotti believes that the general economy will have the greatest influence on security spending. If the economy continues on its current path -- slow but steady growth -- security licence revenues will increase from $3.5bn (£2.18bn) in 2002 to $5.7bn in 2007. "The market is not going to skyrocket, because it is directly dependent on the economy. If the economy doesn't start to pick up soon, we will see some slowdown," he said.
The consumer antivirus market is expected to enjoy healthy growth, because only about half of home users currently use an antivirus product, Gartner said.
Talkback
While the general message of this article very realistic, it is unfortunate that "PKI encryption" and PKI generally are so closely associated with the standalone, consulting-heavy PKI offerings of traditional vendors and not with lighter, more innovative and compliance-oriented security software being introduced by new players such as Tekki AB. PKI is just another IT risk management technique, but nevertheless one that plays an important and irreplacable role in certain areas. In the EU, new compliance schemes such as the e-invoicing directive generally leave businesses no choice but to deploy a form of PKI. The time has come for PKI to be demystified and the blame for its commercial malfunctioning up until now placed on the misjudgment of vendors rather than the technique itself. PKI must be easy to integrate with applications, easy and inexpensive to deploy, and it must include policy and legal document automation that allow well-targeted and customized signatures and encryption, both for external transactions and internal workflow -- if those conditions are fulfilled, PKI is a very smart way to deal with the rapidly growing body of business and legal security requirements.