Key Product/Solution Subdomains

Key Governance product and solution and solution areas vary in existing market analyst literature.  Key market sub-categories (both product and service-oriented) discussed here include:

(1) Governance Risk and Compliance (GRC) Solutions

(2) Managed Security Services (MSS)

(3) Security Information and Event Management (SIEM)

(4) Security Consulting and Integration Services (SCI)

(5) Business Continuity Management Solutions (BCM)

Focus: Organisations reach a size where coordinated control over governance, risk management and compliance (GRC) activities is required to operate effectively. Each of these three disciplines creates information of value to the other two. Each of the three GRC disciplines also touch and impact the same technologies, people, processes and information in any organisation. Hence GRC solutions support streamlining and reduced duplication of effort and reporting across siloed GRC initiatives. Typical solutions include:

(1) A relational database for storing GRC data and its organisational context.

(2) Workflow support for facilitating GRC process management and execution.

(3) Content management capabilities to store critical documents.

(4) Reporting and risk analysis capabilities to drive understanding and decision making.

Historically, silo solutions dealing with risk in each organisational division existed (e.g. IT, finance, health and safety), however many vendors are increasingly targeting broad solutions in order to capture deals with largest clients. This has resulted in a complex marketplace of diverse competitors in the GRC space. Support for PACs-specific GRC issues may exist within broadest enterprise level GRC tools, within IT GRC solutions, or within PACs specific solutions in the market, often built around ISO 2700x or similar PACs standards frameworks.

Leading Players (Products): Leading solutions in space include:

(1) MetricStream (MetricStream GRC)

(2) EMC/RSA (RSA Archer)

(3) Bwise (Nasdaq OMX)

(4) Rsam (Rsam GRC Platform)

(5) Enablon (Enablon Risk Management Suite)

(6) IBM (IBM Openpages) among many other competitors

Niche PACs-specific GRC solutions include Neupart (SecureAware ISMS), Onformonics (PCI-DSS focussed) and IT Governance Ltd (VS-Risk). 

Focus:Many PACs technologies traditionally installed and managed internally by end-users are now provided and managed directly by third parties on a pay as you use basis across Infrastructure, Systems, Content and Governance solution types in PACs. Such providers are viewed as being crucial to allowing organisations to reduce capital spending on security technology and in allowing them to increase bandwidth for handling security issues within corporate IT teams.

Typical services provided include: APT detection and remediation, distributed denial of service (DdoS), email filtering, emergency response services, endpoint AV, endpoint patch management, firewall management, host and network IDS/IPS management, IAM services, log management and monitoring, server patch management, SIEM managed services, threat intelligence, vulnerability testing, web application firewall, and web application monitoring.

Key characteristics of leading MSSP providers include significant breadth of security technology skills, effective cost structures, strong customer services, experienced and trained staff, and strong operational flexibility depending on client needs.

Leading Players: See section 5.1 for summary of key leading and emerging players.

Focus: Security information and event management (SIEM) market is defined by the customer's need to analyse security event data in real time for internal and external threat management, and to collect, store, analyse and report on log data for incident response, forensics and regulatory compliance. While larger enterprises and government organisations will typically staff and maintain their own SOC, small and mid-sized players are increasingly looking to MSSPs to provide SIEM-based support.

SIEM technology aggregates event data produced by security devices, network infrastructures, systems and applications. The primary data source is log data, but SIEM technology can also process other forms of data, such as network flows and packet capture. Event data is combined with contextual information about users, assets, threats and vulnerabilities. Data is normalised so that events, data and contextual information from disparate sources can be correlated and analysed for specific purposes, such as network security event monitoring, user activity monitoring and compliance reporting. SIEM technology provides realtime security monitoring, historical analysis and other support for forensics, incident investigation and compliance reporting. Forensics support within SIEM tools is typically oriented around drill-down support for investigation compound events and individual event logs, as well as support for network forensics and deep packet inspection – similar to standalone tools such as those provided by EnCase, Solera (now Bluecoat) and other specialist data and network forensics vendors. 

Many of the leading edge solutions in the space have been acquired by key influencing ICT companies from pure-play PACs vendors, allowing them bolster their overall security portfolios.

Leading Players (Products): Leading players in the space include:

(1) IBM (QRadar SIEM)

(2) HP (ArcSight)

(3) McAfee (Enteprise Security Manager)

(4) LogRhythm

(5) EMC/RSA (RSA Security Analytics)

(6) NetIQ (Sentinel)

Splunk has also developed its horizontal IT log management solution significantly to support SIEM-type use cases over the past 12-18 months. Blackstratus, Accelops and AlienVault also offer innovative features in their SIEM offerings.  S21sec and Tango are other niche players with focus in Europe and Latin America in particular.

Focus: Provide end-to-end PACs service and solution support to enterprises that are increasingly struggling to acquire necessary security skills and breadth of expertise in-house. A broad number of large and small players provide such PACs consultancy and integration support, both wider ICT and pure-play PACs organisations, assisting the internal CISO and security management function in strategic and tactical initiatives. Strategic support includes aligning business and information security objectives, developing security budgets, supporting buy-in and participation among key business individuals for PACs initiatives, and evaluating and managing third party relationships. Tactical support can include periodic security auditing and testing, implementing new security processes around changing trends (e.g. BYOD), providing third-party assurance around use of cloud services, insuring appropriate integration of security and privacy concerns in rollout of new software and hardware/infrastructure rollout, and ensuring compliant and privacy-preserving use of social media in the corporate context.

This holistic support forms the basis for executing on PACs strategy and planning initiatives, with such players providing product and service rollout themselves or via third party partnerships, providing in-house integration or managed service support.

Leading Players: key players are mainly the large and well-known ICT companies and global consultancies. See section 5.1 for further summary of key global and European players.

Focus: Business Continuity Management (BCM) is defined as a holistic management process that identifies potential threats to an organisation and the impacts to business operations if those threats are realised. Provides a framework for building organisational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities (Source: ISO 22301:2012). As with other security disciplines, BCM procedures can apply to ICT systems specifically (within which PACs-specific concerns will apply), as well as to the wider business context which will typically also include non-technical concerns.

A wide range of market solutions provide platform support for the BCM function within enterprise, with the market in existence for over 20 years. Early solutions were driven by templates generated from word processors, but have now evolved towards highly interactive decision support tools. Key needs include support for reusable recovery plans of all types, and workflow support for plan development and execution. Integration with other BCM solution types is also an increasingly prominent feature (e.g. emergency and mass notification services, crisis and incident management, IT asset management, change and configuration managment databases among others). Common functionality includes:

(1) Support for BCM risk assessment and Business Impact Analysis (BIA).

(2) Business process and IT dependency mapping.

(3) Resource inventory recording.

(4) Plan development and management.

(5) Support for analytics and BCM metrics development to support operations and mitigation planning.

Key Players (Products): Key pure-play leaders in the space include RecoveryPlanner (RPX Suite), and Strategic BCP (ResilienceOne).Other leaders in this space also appear prominently in the Enterprise/IT GRC segment - including MetricStream, EMC/RSA and Modulo.     

Other overlapping areas developing in line with increased technology and infrastructure convergence is that around mobile device management (MDM), often called Enterprise Mobility Management (EMM) - and bring-your-own-device (BYOD). These areas also have significant security and privacy considerations. Key MDM/EMM players include AirWatch, MobileIron, Citrix, Good Technology and IBM.

Key players: Entering the BYOD space include established telco operators such as AT&T, Verizon, Vodafone and Orange, large ICT players such as HP and IBM, and niche specialists such as DMI, Vox Mobile, Tango, Cass and Amtel.

Competitive Trends and Innovation Gaps

Strong market growth is evident across many of the governance market subsegments highlighted here, with opportunities existing for incremental innovation based on some of the key ICT macro trends already discussed (big data, cloud and mobile in particular).

GRC: GRC platform buyers certainly see increased business value in such solutions, but despite being a relatively mature market, there are still perceived shortcomings in solution usability, reliability and aligning available technical functionality with their needs. This makes the overall supporting consultancy and service proposition of GRC vendors highly important aside from the core technology solution – supported by a large breadth of feature capabilities. Much of these market challenges however are due to the highly diverse nature of GRC needs across many business and IT domains of which PACs GRC elements are just one target example. This is reflected in the GRC approach of many larger organisations, where many deploy more than one GRC solution across their organisation to handle such diversity. In the IT/PACs GRC space, Agiliance, IBM, Modulo and Protiviti score highly on analyst ratings.

MSS:  Gartner estimated that the 2013 global market for security outsourcing was $12 billion, with a forecast compound annual growth rate of 15.4% through 2017.TheMSSPmarket place is best segmented by scale of provider organisations and scope of services provided. The largest enterprise carriers typically offer multiple security operations centers (SOCs) in multiple geographies, employ from 100 to more than 1,500 engineers, and have revenues between $70 million and $400 million. Mid-sized players range from 20 to 100 engineers, one or two SOCs, and revenues between $25 million and $70 million, with smaller niche players ranging from a small staff of security analysts numbering no more than 10 and revenues of less than $25 million.Many emerging MSSPs are reporting strong year-on-year revenue growth (between 20-40% per annum). Larger players tend to provide a greater degree of proprietary technology in support of their services, whereas smaller players rely largely on third party partnerships and reseller deals. There can also be great variation in the buyer uptake of different service solutions within the MSSP providers portfolio – typically ranging from anywhere between 2% and 80%.

Newer MSSP service trends include more advanced capabilities around threat intelligence around the most advanced attacks, and distinct service offerings to acquire, retain and analyse large volumes of customer data - so called "security big data" — from IT infrastructure and other sources. 

SIEM: Despite being a mature and competitive market,  demand for SIEM technology has remained strong throughout 2014 with key analyst firms indicating a double-digit growth increase in related inquiry calls from end user clients, and most vendors reporting increases in customers and revenue. The SIEM market is now dominated by relatively few large vendors - HP, IBM, McAfee, EMC (RSA) and Splunk - that command about 60% of market revenue. This has led to increasing stress on smaller vendors, with many consolidating with larger players or exiting the market entirely. During 2013, the SIEM market grew from $1.34 billion to approximately $1.5 billion, achieving a growth rate of about 16%. Demand for SIEM technology in Europe and the Asia/Pacific region is still strong, driven by a combination of threat management and compliance requirements. Growth rates in Asia and Latin America are higher than those in the U.S. and Europe at present. SIEM buyer emphases in recent years are increasingly focused on security use cases, even though compliance continues to be an important driver. The primary focus continues to be targeted attack and breach detection. While vendors can meet the basic log management, compliance and event monitoring requirements of a typical customer, unmet needs still exist around targeted attack and breach detection. Organisations are failing at early breach detection, with more than 9 in 10 breaches are reported still undetected by the breached organisation. Many SIEM vendors have large existing customer bases, and there is an increasing focus on the expansion of SIEM technology deployments within existing accounts.

SCI: Key global leaders in the security consulting space are reporting strong revenue growth (15%+ year on year), with the largest having as many as 14,000 clients globally. They are also in the middle of impressive expansion and training programs to offer new services and provide the necessary skills and bandwidth CISOs need to meet these new challenges. Firms are quickly maturing their security consulting offerings, building up staff resources, and expanding into the wider global marketplace. 

BCM: Most recent market size estimates (FY 2012) estimated a global market of $130m, with strong adoption uptake since then (one Gartner source estimated a 51% uptake increase between 2012 and 2013, indicating that organisations are realising the importance of the use of these products to help standardize and manage recovery plan development, as well as management of the BCM program itself. Typical site sale is estimated around the $50K mark but can vary from this greatly depending on buyer needs. 

Key Source Data: (all downloaded from publically available sources, both online (vendor-based) and via third party libraries):

“Forrester Wave: Governance, Risk and Compliance Platforms”, Q1, 2014

“Forrester Wave: Emerging Managed Security Service Providers”, Q1, 2013

“Gartner Magic Quadrant for Global MSSPs”, July 2014

“Gartner Magic Quadrant for Security Information and Event Management”, June 2014

“Forrester Wave: Information Security Consulting Services”, Q1 2013

“Gartner Magic Quadrant for Business Continuity Management Planning Software”, August 2013