Skip to main content

A Useful Security Software Categorization

A look at a few of the security software categories from IDC's Worldwide Software Taxonomy, 2017.

Blue, yellow, and purple vector cubes floating on a dark blue background with IT Trendz text header.

This week, I continue the computer security topic with a broader focus on software, exploring a few of the security software categories from IDC's Worldwide Software Taxonomy, 2017. The IDC framework is a useful one. Companies have to buy the research from IDC to see the latest study but often a slightly older version of the document is available from companies that have licensed it for product marketing purposes.

Selective Security Software Categories
Let me quickly explore three of the categories with a brief definition, some ideas about the size of the market and some product examples. You will see that there are many interesting and challenging aspects of these three security areas.

Identity and Access Management
Identity and access management (IAM) is the security discipline that "enables the right individuals to access the right resources at the right times and for the right reasons." It helps to make sure that there’s appropriate access to resources across today’s increasingly heterogeneous technology environments along with meeting increasingly rigorous compliance requirements.

According to IDC "The IAM market will continue to be a leader in the security products space, with a strong growth rate of 7.5 percent over the next five years. The need for stronger, modern authentication, privileged access management, and new business enablement will further propel key IAM players into double-digit growth."

Example IAM products include IBM Cloud Identity: IDaaS Family, IBM Security Access Manager and IBM Security Identity Governance and Intelligence.

Endpoint Security
Endpoint security is an approach to the protection of computer systems and networks that are remotely connected to client devices like laptops, tablets, mobile phones and other wireless devices. The goal of endpoint security software is to ensure that use of these devices doesn’t result in security exposures.  

IDC indicates that, "The worldwide endpoint security market is facing declining consumer antivirus revenue and disruption from security startups penetrating the enterprise endpoint security market segment with modern alternatives to traditional antivirus.”

Example endpoint security products include IBM Maas360 (mobile endpoints), IBM Security Trusteed Fraud Protection suite and IBM BigFix family.

Messaging Security
Messaging security programs are part of a set of activities that provide protection for companies' messaging infrastructure. The products and tools in this discipline deploy techniques like IP reputation-based anti-spam, pattern-based anti-spam, administrator defined block/allow lists, mail antivirus, zero-hour malware detection and email intrusion prevention.

Since messaging security is a mature market, it’s increasingly being made part of other offerings. IDC Research writes, "For vendors, having a Software as a Service (SaaS) and hybrid platform options is becoming a necessity for the messaging security market instead of an option."  

Additionally, "SaaS is well positioned to help organizations with a small IT budget and staff keep up with today's continually evolving threat landscape. Thus SaaS is expected to maintain a strong 12.6 percent CAGR from 2016 to 2021."

One aspect of this messaging security category is Secure Email Gateways (SEGs). This peer insight from Gartner reviews the market leaders and indicates that SEG solutions are close to 100 percent in use in enterprises.

What’s Next?
Next week, I’ll continue the computer security topic with a look at what “security people” do on a day-to-day basis. So far, I have discussed hardware and software, and now I want to explore the human aspects of security and security administration.
IBM Systems Webinar Icon

View upcoming and on-demand (IBM Z, IBM i, AIX, Power Systems) webinars.
Register now →