In 2010, we published our research report on Security as a Service, examining the expansion of managed and professional IT security services, as well as the growth in what the report called “Security SaaS” or hosted security technologies. This report captured the appeal of hosted technologies that offer a number of advantages over on-premises approaches. In exchange for a predictable subscription, hosted approaches allow businesses to offload many of the burdens of security technology deployment and maintenance and the demands of keeping up with a dynamic threat environment. Hosted services also combine economies of scale with the centralization of much-needed security expertise, giving hundreds or thousands of businesses access to knowledge that can be difficult to find and retain.
In that 2010 report, the segment of the hosted security technology market where survey respondents reported the highest growth in use was one of the longest-established domains in the field: Hosted Message Security (HMS) services. Originally brought to market as antispam filtration, these services filter out the enormous volumes of messages, mostly email, that burden organizations with unwanted content and bring potentially malicious threats directly into the business. With the acquisition of a number of HMS leaders by major vendors over the last several years, the HMS landscape has entered the mainstream of vendor offerings for both the small- to medium-sized business (SMB) and the enterprise.
Today, HMS has become an important function of messaging, for businesses as well as for those who offer a broader range of hosted technologies such as hosted email services. It has become a well-established market that continues to show significant growth, making HMS an anchor for “Security as a Service” initiatives among a number of leading vendors, and deserves attention for the fuel it provides for the continued expansion of these initiatives in other domains.
Next week, we plan to publish a significant follow-on to Security as a Service, with the release of our 2011 EMA Radar Report on Hosted Message Security Services. In this report, we profile nine leading HMS vendors through our distinctive approach to vendor ranking that measures performance in five overall domains of Functionality, Architecture and Integration, Deployment and Administration, Cost Advantage and Vendor Strength. (For more information on the nature of our Radar Reports and how to use them, check out How to Use the EMA Radar Report in our research library.) Among the overall trends we’ve seen in this study:
- Breadth of functionality: From their roots in antispam and virus filtration, HMS services have expanded to embrace message encryption and messaging continuity in addition to services such as archiving and e-discovery that many offer. Outbound filtration has also become more prevalent, with many offering dictionaries of commonly regulated content for out-of-the-box policy application.
- Alignment with close adjacencies: This is one of the more significant factors influencing this market, particularly in the alignment of HMS with Web content filtration. HTML-enabled email has been a reality for years, and links embedded in messages expose users – and the business – to Web-borne threats, from malicious content and harmful or restricted Websites as well as from legitimate sites that have been compromised. In addition, messaging is becoming a more significant aspect of many popular Web-based platforms such as social networks, collaboration systems, hosted office productivity solutions, and other SaaS offerings. EMA expects this alignment to become convergence over time, and we have factored Web content filtration capabilities offered by profiled vendors into our HMS analysis. We have also seen an expansion of outbound filtration, with some vendors having strength in Data Loss Prevention (DLP) converging HMS with their DLP strategies. And of course, hosted messaging services are another clear complement to HMS, enhancing the value of turnkey services for email outsourcing among leading vendors in that field.
- Hybrid approaches: HMS is part of a message security landscape that includes on-premises technology for message content filtration, archiving and storage, and strategies that seek to integrate or extend on-premises techniques with HMS are becoming common. For vendors with strength in closely aligned areas such as Web content filtration and DLP, a hybrid strategy represents an opportunity to build on existing strength and customer traction. It also allows customers to select the options, on- or off-premises, that best suit their needs. This may be significant in the realm of DLP, for example, where some customers may feel more comfortable enforcing outbound filtration on-premises.
- The relevance of complementary security services: One area where we have highlighted differentiation is in the realm of security expertise that supports HMS services. Phishing, for example, is one of the most significant threats businesses face through messaging – yet it often requires a systematic process to mount an effective response. HMS service providers who supplement their offerings with relevant managed and professional services can play a significant role in helping their customers to combat message-borne threats.
- Enterprises and SMBs: We also noted some distinctions in approach between those with strength in serving the small- to medium-sized business, and those who primarily target the enterprise. Both these markets favor solutions that are easy to adopt and use, reducing burdens of administration and leveraging the advantages of centralized expertise and performance that hosted technologies can offer. In addition, enterprises may have more complex requirements for policy definition among users and groups, particularly for outbound filtration. They may have more extensive requirements for message retention, scalability in serving a single customer, and keeping sensitive content internal. The advantage for the more distributed or heavily regulated SMB – or an SMB with significant involvement with large enterprises as partners or customers, for example (which may qualify them more as a small- to medium-sized enterprise) is that HMS service providers that serve these priorities may be able to cater to their needs as well.
- Continued growth: Despite the maturity of this field, many HMS vendors report growth that is more than respectable. Many measure growth in multiple ways between 25 and 50 percent annually, while longtime vendor AppRiver claims revenue growth in excess of 7x over the last five years. In March of this year, Symantec reported an impressive 171% year-on-year growth rate from 32,000 customers to 55,000 for its Symantec.cloud services, of which the former MessageLabs HMS service is a centerpiece. Clearly, hosted messaging and HMS represent centers of gravity for leading vendors, from which they can expand their reach into the potential of hosted technologies and “Security as a Service” alike.
This coming Tuesday June 28 at 11 AM Pacific / 2 PM Eastern / 7 PM BST, I’ll be hosting a webinar discussing this research and summarizing our findings, along with a look at the nine participating vendors profiled in this study. I invite you to join me for this discussion (you can sign up here) and hope to (virtually) see you then.