www.idc.com

Copyright 2006 IDC Reproduction is forbidden unless

authorized. All rights reserved.

Information Security Trends

IAM Market Drivers 2004/2005IAM Market Drivers 2004/2005

Compliance Regulations

Enterprise SSO

Password Management

NAC

2006 and Beyond: Trends in Identity and Access Mgt2006 and Beyond: Trends in Identity and Access Mgt

Compliance still a primary driver, will enter SMB Proliferation of Partnerships: IAM infrastructure +

Adv. Auth. technologies Hybrid USB tokens, Smart Cards continue to evolve Viable consumer market emerges in 2007/2008 Suite providers continue to do well, provide

necessary foundation for full SOA-enabled environments

Worldwide IAM Compliance 2005–2010 Revenues and Year-to-Year GrowthWorldwide IAM Compliance 2005–2010 Revenues and Year-to-Year Growth

0

500

1,000

1,500

2,000

2,500

2005 2006 2007 2008 2009 2010

(US$M)

Worldwide Authentication Token Revenue by TypeWorldwide Authentication Token Revenue by Type

0

50

100

150

200

250

2004 2009

HW Token

USB Token

SLAT*

Auth. Server

Source: IDC, 2005

$492. $764.

($M)

*Software Licensing Authentication Tokens

Application-Centric; An Emerging Approach to IAMApplication-Centric; An Emerging Approach to IAM

Companies such as SAP and Sun partnering for more cohesive application-centric Identity Infrastructure solutions

Example: Sun’s Java System Identity Mgt Suite now integrated with SAP’s Virsa Access Enforcer

Provides customers with:– realtime insights into user access and resources– automates manual process for prov./deprov.– enhances compliance capabilities– automatic detection, notification and remediation

App-centric IAM, continuedApp-centric IAM, continued

Oracle also leading this charge

Will be migrating IAM suite over time to function not only as part of app-server solution, but will integrate with Oracle apps suite as well.

Will provide customers with following benefits:– automate account creation with role privileges – part of a single business process within org.– reduces maintenance– reduces man hours– reduces cost

Web-Services and IAM Come of AgeWeb-Services and IAM Come of Age

Companies migrating towards Web Services. This will allow IAM vendors to:

Morph access control technology into a set of container-based functions

Have these functions will be delivered as part of a standards-based middleware policy framework

Eventually enable IT professionals to deliver security as as set of services, eliminating the need for separately upgrading each and every system on the network

ID&AM Trends and DirectionsID&AM Trends and Directions

Multi-Factor Authentication

System Mgt-Centric ID Application-Centric ID

SOA & WS

NAC Wireless

Information Security Trends (1 of 3)Information Security Trends (1 of 3)

External and Internal Criminals Will Begin Fixing Security Vulnerabilities on Attacked Sites

Attackers Will Exploit Vulnerabilities in Previously Installed Spyware and Other Malicious Code

Skype and Other VoIP Products, Along with Associated Instant Messaging Applications, Will Receive More Attention from Corporate Customers

Customers Will Build Internal Policy Controls That Extend Previous Regulatory Compliance Efforts

Information Security Trends (2 of 3)Information Security Trends (2 of 3)

In Response to Growing Consumer Issues such as Privacy Disclosures, Identity Fraud, and Rising Public/Private Oversight, Online Financial and Merchant Services Will Require Stronger Authentication Methods Beyond Simple PINs and Passwords

Attackers and Legitimate Security Researchers Will Broaden Their Scope

As Network Devices Embed More Security Features, We Believe That the Market Will Move Toward Proactive Management to Handle Increasingly Heterogeneous Security Environments

Information Security Trends (3 of 3)Information Security Trends (3 of 3)

Unified Threat Management Will Increasingly Dominate Security Appliances, and Other Software Security Products Will Increasingly Migrate to Appliance-Based Platforms

Consumer Security Will Move from Products to Services

Over the Next Five Years, We Believe That IT Security Will Slowly Start to Assimilate Physical Security such as Door Systems and Video Surveillance

Server Security Requirements for Vertical MarketsServer Security Requirements for Vertical Markets

Financial Server requirements have 50% mainframe

Mainframe tends to be more centralized.

Healthcare is less IT intensive, less centralized

Healthcare is further behind financial services in developing IT

Financial Service data is more secure and GLBA affects privacy

Emerging Killer Apps in Security?Emerging Killer Apps in Security?

Virtual hosted desktops — not a killer and not even a mainstream.

Virtual Hosted Clients — with virtualized server contain many copies of desktop. No local data availability just bring home the RDP client. Very limiting.

Conclusion: killer apps do not come along very often.

OS & Security?OS & Security?

OS Vendors MUST be perceived as secure.

Today’s security products are tomorrow’s features.

Pop up blockers are not part of IE and toolbars.

Anti-spyware is now part of IE and toolbars.