The complexity of IT security projects in Russia to grow in the next years

The launch of government and commercial electronic services, the fast penetration of broadband internet services, as well as the growing importance of IT systems in companies’ everyday operations, feed the development of the IT security market in Russia. The increasing complexity and size of corporate IT infrastructures force Russian CEOs to change their approach towards IT security projects and to build technological protection of the data and applications on the solid framework of identified threats.

The sales of IT security products and services in Russia were not heavily affected, even by the overall cuts of the corporate IT budgets and consumer spending in 2008 and 2009, when the crisis hit the Russian economy. The IT security market in the country increased from RUB 13.7bn (€376m) in 2008 to RUB 20.3bn (€505m) in 2010, according to LETA, and this growth is expected to continue over the next several years.

With the fast development of e-commerce and e-government applications, the number of Web-based IT systems and computers in the country is increasing, rapidly facilitating an organic growth of the demand for their protection.

2010 and 2011 brought higher interest in IT security projects addressing the issue of the corporate information security and data loss risk evaluation. Such projects are not limited to antivirus software and firewalls installation -- they do include in their scope the development of necessary policies, continuous re-evaluation of threats and bring, in general, a broader vision of the IT security challenges the companies face.

Future to heat up IT security sales

As a result, we expect this growing demand for complex IT security projects to impact the market and the way decisions related to the purchase and implementation of IT security tools and applications are taken in both corporate and public sectors. In particular, we consider the following changes in the market to take place in the next three years.

Firstly, there will be a growing demand for specialized, professional IT security consulting and consultants will become an important channel for the sales of security software and hardware tools. At the moment, according to statistics provided by LETA, slightly more than 40% of all IT security projects in Russia are implemented with the help of external system integrators, while the rest are done by in-house teams or with the support of security software vendors -- and this proportion will not remain stable. In the coming years, the share of in-house IT security projects is expected to decrease, in order to build, and even operate, a reliable security system the companies will need more skills and competences which often are not available in their IT departments.

Secondly, the suppliers of IT security services are to experience a trend of specialization. While large, diversified system integrators currently are dominating in the reviewed market now they will need to spinoff their IT security divisions and to develop them as separate businesses. One of the background reasons for the growing specialisation is an exclusion of IT security tasks from the scope of the projects related to implementation of corporate application or development of hardware infrastructure. IT security issues are increasingly being solved via the launch of separate projects with different objectives.

Finally, we also must consider that the dominating market segment of IT security software in Russia will become more diversified. In 2010, almost 80% of the products sold under this category were antivirus solutions, followed by DPL software. However, the needs of the companies are not limited to the protection of workstations and servers from viruses or malware. Therefore, the share of other software security tools, including threats monitoring, access control or data encryption solutions, is expected to grow over the coming years.

Personal Data Law to favour IT security market

The Personal Data Law amendment, signed by the Russian president in July 2011, restricted requirements regarding personal data protection, which the act applies to organisations from both the public and corporate sectors. As a consequence of the recent amendment, the storage of personal data is under special fire. Not only are certified protection means required, but also handling the technical tasks of data storage needs a separate license. Since the law, along with the amendment, came into force in July, significant sales growth of IT security solutions can be expected soon, driven by higher IT security budgets of the Russian enterprises.

According to Andrei Konusov, CEO of LETA Group, in the middle of 2011, only about 50% of large companies in Russia had sufficient IT security protection and management. Alexandre Sanin, deputy head of the audit and consulting department in LETA, adds that in mid-size businesses the share of protected companies does not exceed 5-10% and this relatively low maturity promises the dynamic development of the IT security market in Russia over the next few years. The vendors mentioned that, as a result of the implementation of the Law, the corporate budgets for IT security doubled in 2010.

An important factor that supports the changes in the market is the new generation of Russian IT managers which are already focused, not only in the technical areas, but are also looking at procedures and proper management.

Serghey Tkachenko
ICT Market Analyst, PMR Correspondent