Last May,Ã‚Â antivirus firm Sophos sold a majority stake to the private equity firm Apax Partners for $830 million. That was just one example of robust investor interest in backing tech security companies. In this LastWatchdog guest post, Gary Steele, CEO ofÃ‚Â Proofpoint, outlines the drivers behind this trend. Proofpoint is an e-mail security and compliance vendor.



by Gary Steele

Investor interest in IT security continues strong and both private and public companies in the space can be expected to reap the benefits over the coming year.

Infusions of venture capital are also on the upswing for privately-held security companies. A recent wave of investment in startups focusing on online privacy and reputation defense is just the latest example.

What are the business drivers behind all of this activity? As I see it, there are four main drivers:

Increasingly sophisticated threats

Security threats are becoming both more complex and more costly. The fight against spam, for example, is far from over. Targeted attacks such as spear phishingÃ¢â‚¬â€phishing emails designed specifically to compromise users at a specific organizationÃ¢â‚¬â€affected nearly half of companies in the past year. And, increasingly, attacks leverage multiple vectors, combining email and messaging, Web components such as social media sites and clever social engineering.

The success of these hard-to-detect attacks is forcing enterprises to have to examine their outgoing email streams for spam and malwareÃ¢â‚¬â€something that older or less sophisticated solutions are not equipped to do.

Privacy and data protection becoming a top priority

HasnÃ¢â‚¬â„¢t it always been? Well, not really. In the past, the ramifications of data breaches werenÃ¢â‚¬â„¢t actually that big. Privacy and data protection regulations were loosely enforced and fines were assessed only infrequently.

But the situation has changed dramatically over the past 18 months. Governments are stepping in with privacy legislation that actually Ã¢â‚¬Å“has teeth.Ã¢â‚¬Â And individual states have gotten into the act with strict privacy regulations that, in some cases, even mandate encryption for any of their residentsÃ¢â‚¬â„¢ personal data, making almost any significant business engaged in interstate commerce (not just financial services or healthcare organizations) a regulated entity.

Simultaneously, consumers have become more informed and concerned about privacy risksÃ¢â‚¬â€in part because of high-profile media coverage around data privacy breaches involving popular social media services and the latest Ã¢â‚¬Å“must haveÃ¢â‚¬Â gadgets, such as the iPad. Consumers are starting to demand that their privacy and private data be protected.

All of this is driving new enterprise requirements and new investments in data loss prevention, encryption and compliance technology.

Electronic discovery gaining attention

Awareness of issues around Ã¢â‚¬Å“eDiscoveryÃ¢â‚¬Â hasnÃ¢â‚¬â„¢t yet permeated the popular culture like privacy has, but it may be about to. This has to do with the legal requirement to produce documents stored digitally. In addition to being one of the biggest environmental disasters ever, the BP oil spill is turning out to be the biggest electronic discovery event in history. Previously, Ã¢â‚¬Å“shoddyÃ¢â‚¬Â email retention practices at brokerage firm Piper Jaffray made headlines and resulted in a $700,000 fine.

WhatÃ¢â‚¬â„¢s the big deal? Email is the lifeblood of a company and everything is captured there. So any court case requires companies to have sophisticated tools to manage and sift through huge volumes of email to be able to quickly figure out where they stand.

Software as a Service gaining traction

Why? Because it radically changes the IT cost model, and IT security is no exception. Companies that bought solutions three years ago and are running them on-premises are now realizing that they can move those services to the cloud and do things much more cheaply.

Security vendors that provide their solutions as SaaS are taking advantage of commoditization (for example, the constantly decreasing price of storage) and open source technologies and driving down the cost of providing security servicesÃ¢â‚¬â€driving down TCO for their customers. With the advent of these Ã¢â‚¬Å“next-generationÃ¢â‚¬Â SaaS solutions, enterprises canÃ¢â‚¬â„¢t afford not to re-evaluate how they deploy security components.

These are just a few of the factors that are driving both near-term and long-term growth for security vendors like Proofpoint. Keep an eye on the cybersecurity market in the next 12 months, because it will only get hotter.

About the author

Before joining Proofpoint, Gary Steele served as the CEO of Portera, an applications company delivering solutions for the professional services industry. Prior to Portera,Ã‚Â Steele served as the vice president and general manager of the Middleware and Data Warehousing Product Group at Sybase, Inc.Ã‚Â Steele’s prior experience includes business development, marketing, and engineering roles at Sun Microsystems and Hewlett-Packard. He holds a B.S. degree in computer science from Washington State University.

July 9th, 2010 | Guest Blog Post