- 1 Definition / Scope
- 2 Market Overview
- 3 Key Metrics
- 4 Market Risks
- 5 Top Market Opportunities
- 6 Market Drivers
- 7 Market Restraints
- 8 Industry Challenges
- 9 Technology Trends
- 10 Regulatory Trends
- 11 Other Key Market Trends
- 12 Market Size and Forecast
- 13 Market Outlook
- 14 Technology Roadmap
- 15 Distribution Chain Analysis
- 16 Competitive Landscape
- 17 Competitive Factors
- 18 Key Market Players
- 19 Strategic Conclusion
- 20 Further Reading
- 21 Appendix
Definition / Scope
Secure Content Management includes protecting a company from viruses, spam, and undesirable web pages to not only provide enhanced security, but also address productivity and potential human resources issues.
Even after limiting the avenues which information can enter your network via proper perimeter security, there still exists the need to filter further as attackers continue to find ways to “piggyback” across valid communication channels. Reasons for a secure content management solution include:
Lost productivity Introduction of malicious code Potential liability Wasted network resources Control over intellectual property Regulatory Compliance
Secure Content Management solutions are gaining traction due to the increased need for handling voluminous content that is getting generated in organizations on a daily basis. The rising adoption of digitalization, Bring Your Own Device (BYOD), growth of e-commerce, and social media has increased the amount of content generated in inter-organizations and intra-organizations. SCM solutions offer clients with the benefit of paper-free workflow, accurate searching of required information, and better information sharing, and also addresses required industry standards and regulations. SCM solutions enable clients with handling essential enterprise information, and save time and cost associated with searching for the required business data for making key business decisions.
The security of external-facing infrastructure is critical for organisations when considering the security of their network as a whole. Even if external-facing infrastructure does not host sensitive information, there is still a significant risk to the reputation of organisations if external-facing infrastructure is tampered with.
Security vulnerabilities within content management systems (CMS) installed on web servers of organisations are often exploited by adversaries. Once a CMS has been compromised, the web server can be used as infrastructure to facilitate targeted intrusion attempts.
Australia witnessed steady growth in the Secure Content Management market. With the growing complexity of the threat landscape, email remains a highly targeted attack vector, with employees being vulnerable to attacks on an organization’s security. The outbreak of Wannacry in 2017 urged enterprises to invest in email security to protect against common attacks through email, be it ransomware, phishing, spear phishing, or even Business Email Compromise (BEC).
Segmentation by product type
Cloud Based Secure Content Management is concerned with collecting, delivering, retrieving, governing and managing information within a cloud-based hosting environment. Cloud content management systems provide data storage and related automated processes for enterprises to monitor text, images, video, audio or other multimedia content throughout the digital content lifecycle – this includes everything from creation, organization and storage to editing, publishing, archiving or deletion. Services typically include enterprise document management, web content management, web hosting and technical support. installing and maintaining a cloud-based content management system can theoretically be cheaper and simpler to implement than on-premises content management
On-premise Secure content management requires in-house staff to manage and implement solutions for managing information. It involves the management and securitisation of content in-person by cyber-security specialists. It involves Protecting from viruses, spam, and undesirable web pages to not only provide enhanced security, but also address productivity and potential human resources issues
Segmentation by Application
Web app Secure Content Management is a set of tools that provides an organization with a way to manage digital information on a website through creating and maintaining content without prior knowledge of web programming or markup languages. Managing web content effectively can have useful business applications in the enterprise, producing insights for decision-making and delivering results, as well as value.
Mobile App Secure Content Management is set of technologies that provide secure access to corporate data on smartphones, tablets and other endpoint devices. The main component of a mobile content management system is a file storage and file sharing service. Some services are entirely based in the cloud; others take a middleware approach that connects existing data repositories, such as network file shares, to a mobile-friendly front end.
- Australian Secure Content Management solutions market is expected to grow at a CAGR of 5.8% in the period 2018 to 2025.
- Australian Secure Content Management market had garnered market revenue of USD 661.54 Million in 2018.
- The email security segment recorded flat growth of 4.2% and market revenue of USD 203.06 Million in 2018
- Email remains the popular attack vector as an initial entry point for cyber-attacks that are targeting organizations in the region.
- Based on Organization size. Large enterprises with a market share of around 65% held the dominant position in 2018 and are expected to continue with its growing trend until 2025 and further.
- The Common attacks in the Australia in 2018 included Spamming, Phishing, Spoofing, and Business email Compromise (BEC).
- Web Security Solutions continued to experience stronger growth compared to email security posting a healthy CAGR of 7.7%
- Web Security Solutions recorded market revenue of USD 425.05 Million in 2018
|Base Year||2018||Researched through internet|
Malware, or malicious software, is any program or file that is harmful to a computer user. Malware includes computer viruses, worms, Trojan horses and spyware. These malicious programs can perform a variety of functions, including stealing, encrypting or deleting sensitive data, altering or hijacking core computing functions and monitoring users' computer activity without their permission.
The risk involved includes uploading of malware to the web server to facilitate remote access, for example, web shells or remote administration tools (RATs) (Akamai: Web Shells, Backdoor Trojans and RATs)
Increased complexities in network infrastructure
Network architectures are becoming more distributed and complex. Where networks were once largely built around isolated data centers, they now connect with the cloud, applications, and various IoT devices. This trend promises to continue moving forward, with the number of connected devices in use expected to grow to 125 billion by 2030. While distributed networks built around different ecosystems, such as physical or cloud environments, present many opportunities, there are numerous ways in which they also create risks for the customers.
Complex networks have more entryways and points of interaction than ever for cybercriminals to target, making it more likely they will be able to find a vulnerability to exploit, that inconsistent security measures can slip, and that threats can spread rapidly once the perimeter has been compromised.
Ransomware is a type of malicious software from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.
In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash and cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult. Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment.
However, one high-profile example, the "WannaCry worm", traveled automatically between computers without user interaction.
Top Market Opportunities
Offering of Advanced Technologies
Email security vendors are developing their solutions with machine learning technologies to make the solutions learn and adapt themselves; this helps increase protection efficiency. In addition, vendors are also trying to provide their solutions with cloud services. Local vendor, Kiwontech, is providing SCM Cloud, which integrates email security solutions with anti-fraud solutions.
Security Platform Integration
Customers are expecting at solutions to be integrated with other security features, such as DLP, authentication, advanced malware detection, AEDR, UEBA to protect businesses from malware-born emails and embedded malicious URLs, businesses are showing less demand for standalone legacy SCM solutions, but looking at a more integrated security approach toward email and Web security.
Move to Cloud-based Security Solutions
Enterprises are shifting their preference from on-premise solutions to cloud-based security solutions because of the large investments and in-house expertise required in the case of on-premise solutions. This is specifically seen in the case of SMBs that prefer cloud-based solutions.
Better awareness of the threat landscape
The threat landscape has changed significantly from simple cyber-attacks to massive ransomware attacks. As the complexities of threats are increasing so is the need for complexity of tools that deal with the security attacks. The evolution of threats and attacks has created more awareness on the threat landscape and hence has created imminent need for adoption of Secure Content Management solutions.
The increasing risks associated with email and Web gateways
The email and web gateway faces risk of intrusion when the attacker tries to hack the system. This can be avoided by using Secure Content Management solutions such as SWG Proxies, SSL and firewalls. SWG Proxies identifies the threat in the web traffic that would otherwise be found by firewalls and other stream-based security solutions. SWG proxy will eliminate all threats and monitors the entire session.
It is the only viable solution to uncover and stop attacks before they occur. Constantly monitoring and incorporating new attack signatures into detection capabilities. Web-Intelligence tools that is augmented with latest file, email and threat intelligence will provide superior efficacy to uncover attacks. The risks associated with email and web gateways push organizations to adopt Secure Content Management solutions.
Increasing adoption of mobility in the workplace
Because of the advantages offered by mobility such as increased collaboration, improved flexibility, enhanced communication, tailored user experience, reduced talent churn and increased revenue potential, employees are embracing mobility for their work. Increasing adoption of mobility in the workplace requires organizations tighten control over online content to enhance productivity and to prevent threats.
Stringent regulations and ongoing security initiatives in the region
The recently legislated Cybercrime Act provides elaborate regulations and definitions on legal liability. The Cybercrime Act emphasises on the protection of all kinds of information be it sensitive or non-sensitive and also lays framework on the implementation of email and web gateways. Hence Organisations are compelled to abide by the Cybercrime Act and hence are prompted to adopt secure content management services. Strict compliance requirements drive investments in security to prevent litigation and legal liabilities and in turn drive adoption of cybersecurity.
High need for securing confidential data and protection against data loss
With more data being created in and sent to the cloud every day, it is more important than ever to have a set of consistent Data Loss Prevention (DLP) policies that protect data everywhere it lives—in the cloud and on corporate endpoints, networks, or even unmanaged devices. Secure Content Management extends policies from the devices to the cloud, providing a seamless data protection experience across multiple environments.
Concerns over the constant evolving threats
The constant evolution of complexity of the threats such as phishing attacks, targeted malware and ransomware such as NotPetya and WannaCry serves as restraint for the adoption of Secure Content Management as it involves delegating secured information to third-party vendors.
Handling of Sensitive data
For the initiation of Secure Content Management Customers are required to share their Information with the SCM provider, the information shared includes Sensitive data such as banking information and health information. Due to security and compliance reasons Customers shy away from sharing sensitive data with the Secure Content Management service provider.
Existence of functional content data silos
Data silos are bad and should be eradicated. Unfortunately, after decades of criticism and proposed solutions, silos remain stubbornly intact at all too many organizations, impeding the free flow of data and strangling analytics. The voluminous accumulation of data in a single storage location is an headwind in accessing and managing the data This acts as a restraint for the adoption of Secure Content Management.
Data migration from legacy systems to new systems
Data migration from legacy systems such as databases and data warehouses to new systems is the main and the painful process involved in the process of migrating to Secure Content Management. This is the pain-point as it consumes more time in the form of man-hours and the complexity involved in the form of portability and the operability of the platform used for the migration of data. Hence, this acts as a Challenge.
Rise in security issues associated with cloud and mobile technologies
The risks associated with cloud computing such as weak cloud security measures of the services such as storing data without controls such as encryption, or lack of multi-factor authentication to access the service. With organisations encouraging employees to adopt policies such as Bring Your Own Device, the risks associated with mobile devices are multi-fold which includes Mobile devices have threats from malware, threats based on device vulnerabilities, and threats associated with data theft. The risks associated with cloud and mobile technologies pose challenge in the implementation of Secure Content Management services.
Lack of technical proficiency among enterprises
SCM implementation requires higher level of technical proficiency and expertise, as the threat environment is evolving, so does the need for equipping technical skills to counter the threats. The shortage of skilled labour is a challenge for the implementation of SCM solutions.
Omnichannel Drives Experience-as-a-Service (EaaS)
Considering content is the heart and soul of every strategy, omnichannel marketing strategy has become one of the main focus areas for technology providers as well as content creators.Though personalization, micro experiences, machine learning and omnichannel sound like buzzwords, the underlying idea of orchestrating them through a single platform may help organizations set their businesses up to remain with or ahead of the curve not only in 2018 but also over the next 5 years.
Offering of Cognitive & Analytical Capabilities
- In 2018, we will see more and more content management software providers adding artificial intelligence and natural language technologies to their platforms through acquisitions in an effort to simplify unstructured content management and related processes. Some of the benefits of utilizing cognitive analytics include:
- Predict a likelihood of conversion through a particular content before it is even published.
- Understand which content topic is the most relevant for each customer across channels through the integration with customer relationship management systems and marketing automation systems.
- Deliver user-specific content experiences via metadata that can help them retrieve every occurrence of a specific type of content, such as all product descriptions, positioning statements, value propositions, setup instructions, etc.
- Eliminate biased decision making processes by taking the guesswork out of what content to produce and which platform to be on.
Adaptive Process Isolation
As the pace of business and the need for collaboration persist to accelerate, companies are struggling with managing and protecting their sensitive content as well as enabling their expanding teams to collaborate on the same project in real time. On top of that, with cybercriminals becoming more sophisticated and organized, businesses are inevitably faced with data security issues at some point, and sometimes even many large enterprises fail at securing their intellectual property. Adaptive Process isolation comes out as a solution for the rising sophistication of threats
In the Federal sphere the law is codified by Criminal Code Act 1995 (Cth) which was amended in 2001 by the Cybercrime Act 2001(Cth)
The particular provisions of the Cybercrime Act criminalise activities such as computer hacking, denial of service attacks, spreading computer viruses and interfering with websites, regulate these offences and provide remedies to victims. Cyber related offences replacing those previously found in the Crimes Act are noted in the first Schedule to the Act:
- Unauthorised access to or modification of data stored in a computer with intent to commit a serious offence;
- Unauthorised impairment of electronic communication to or from a computer with intent to commit a serious offence;
- Unauthorised modification of data to cause impairment;
- Unauthorised impairment of an electronic communication;
- Unauthorised access to, or modification of restricted data (i.e., data protected by a password or other security feature), where the restricted data is either held for or on behalf of the Commonwealth or the access to or modification of it is caused by means of a telecommunications service;
- Unauthorised impairment of data held on a computer disk etc;
- Possession or control of data with intent to commit a computer offence;
- Producing, supplying or obtaining data with intent to commit a computer offence
Investments in Cybersecurity by the Government of Australia
The Australian Government has recognised the strategic potential of cyber security as part of the nation’s security and economic growth. The Government’s four-year national Cyber Security Strategy, backed around A$230 million of funding, established the development of Australia’s cyber security capability as a national priority issue. This has set Australia on a path to enable all local businesses to grow and prosper through cyber security innovation.
Other Key Market Trends
Issues with handling Breaches
Although major breaches such as Yahoo and Equifax dominate the headlines, Australian organisations are also constantly battling similar attacks. According to CSO, Nine out of every 10 organisations dealt with an attempted or successful cybersecurity breach during the 2018 financial year and 58% of those were successfully compromised. The two major issues facing the Australian government's approach to breaches.
The first is that the bar at which a breach becomes disclosable has been raised very high, which means it is less likely about small or medium-sized breaches. The second is that information that is not directly attributable to an individual isn’t personal information following a recent court decision. So even if the information could be linked to an individual through a third party, it isn't strictly classed as personal.
Shortage of Cyber Security-Specialists
According to a review of job openings that suggests Australia only have 7 percent of the cybersecurity skills it needs. A year ago, interest in cybersecurity-related job postings was meeting 17.5 percent of demand – but with the number of postings surging 173 percent in the past year, it is noted, the market was now supplying just 7 percent of demand.
A range of initiatives have tried different approaches to fix the issue of Skill Shortage. Recent projects have included popular speed-networking events by AustCyber; a program called WithYouWithMe that focuses on retraining skilled military veterans; a recent $600,000 government grant uniting the University of Sydney and the banking industry to develop a Cyber Security Challenges for High School program.
Market Size and Forecast
- USD 661.54 Million - Market revenue of Secure Content Management market in Australia in 2018.
- 4.2% - The growth rate recorded by email security segment in 2018
- USD 203.06 Million - Market Revenue of email security segment in 2018
- Email - the popular attack vector as an initial entry point for cyber-attacks that are targeting organizations in the region.
- Spamming, Phishing, Spoofing, and Business email Compromise (BEC) - The Common attacks encountered in Australia in 2018
- USD 425.05 Million – Market Revenue generated from Web Security Solutions in 2018.
- 5.8% - The expected CAGR of the Australian Secure Content Management market in the period 2018 to 2025
- USD 981.65 Million – The expected market size of the Australian Secure Content Management market in 2025
- USD 270.83 Million – The expected market size of the Australian email security segment in 2025
- 7.7% - The expected CAGR of the Australian Web Security Solutions in 2025
- USD 714.41 Million – The expected market size of the Australian Web Security Solutions in 2025
- 65% - market share held by Large enterprises based on Organization size in the Secure Content Management market in 2018
- Hosted and cloud based deployment - maximum CAGR held among the deployment type in the forecast period (2018-2025).
- 30% - Market share held by banking and financial sector and has emerged as the dominating segment in the Australian SCM market by vertical type.
- 22.6% - CAGR of Healthcare sector which is the highest during the forecast period (2018-2025).
To learn and adapt themselves email security vendors are developing their solutions with machine learning technologies; this helps increase protection efficiency. In addition, vendors are offering cloud services to improve their security performance. Machine learning can help businesses better analyze threats and respond to attacks and security incidents. It could also help to automate more menial tasks previously carried out by stretched and sometimes under-skilled security teams.
Artificial Intelligence (AI)
Artificial intelligence is being used more and more in vendor security products and solutions. In cyber security training, for example, AI can be used to simulate attacks based on recent data compiled by recent incidents — making training courses as relevant as possible. AI systems can also monitor employees’ security awareness and provide information about what types of attacks would employees fall for, and where an organisation is more susceptible.
Distribution Chain Analysis
The Secure Content Management is offered in both stand-alone and Integrated platforms. As more and more customers tend towards the offering of SCM solutions in the form of Integrated solutions the Integrated Platforms is gaining prominence. The solutions offered for Secure Content Management includes:
- Anti-Spam: Spam Filters are introduced for spam e-mail which not only consumes time and money, but also network and mail server resources.
- Web Surfing: Limiting the websites that end users are allowed to access will increase work productivity, ensure maximum bandwidth availability and lower the liability issues.
- Instant Messaging: Convenient and growing, but difficult to handle, this technology serves as a back door for viruses and worms to enter your network. It also provides way for sensitive information to be shared over the network.
Competitive Product Mapping
The offering of tools and services of higher quality encompassed with cutting-edge technologies that counter increasingly complex cyber-attacks is an alarming need of the customers and they expect the same to be offered by the Secure Content Management Service Providers.
The race for positioning of Market leader is gaining prominence among the Secure Content Management Service Providers, hence they offer differentiating products and services in the form of value-added service. The Service Provider that understands the need of the customer and offering solution for the same is expected to come out as the market leader.
Understanding the needs of the customer
Australian Secure content Management providers should not be sensitive to the hype in the news. Successful providers are the ones that stay closer to the customers , thereby identify the requirements and issues of the customers and providing solutions. Although not attractive the service providers that stay closer to the customers are the most successful.
Customers expect solutions that solves problem and not just add to the number of alerts to be addressed. The most successful Secure Content Management Services provider will with a unique solution attribution such as big data analytics or unique sensory data collection.
Value-added Services offered by the Secure Content Management Service Providers
The link between the Secure Content Management Service Providers and the consulting, Professional and Technical services is inevitable and imminent. Providing Consulting, Professional and Technical services is not a niche of the Secure Content Management Services Providers, unless the provider is to outshine the competition
Key Market Players
Axway Software is a publicly-held information technology company that provides software tools for enterprise software, Enterprise Application Integration, business activity monitoring, business analytics, mobile application development and web API management. It has been listed on Compartment B (for companies with market capitalizations between €150 million and €1 billion) of the Paris Euronextsince June 2011.
Barracuda Networks, Inc. is a company providing security, networking and storage products based on network appliancesand cloud services. The company's security products include products for protection against email, web surfing, web hackersand instant messaging threats such as spam, spyware, trojans, and viruses. The company's networking and storage products include web filtering, load balancing, application delivery controllers, message archiving, NG firewalls, backup services and data protection
IronPort Systems, Inc., headquartered in San Bruno, California, was a company that designed and sold products and services that protect enterprises against internet threats. It was best known for IronPort AntiSpam, the SenderBase email reputation service, and email security appliances. These appliances ran a modified FreeBSD kernel under the trademark AsyncOS. On November 24, 2003, IronPort acquired the SpamCop filtering and reporting service, which it ran as a stand-alone entity. Cisco Systems announced on January 4, 2007 that it would buy IronPort in a deal valued at US$830 million, and completed the acquisition on June 25, 2007. IronPort was integrated into the Cisco Security business unit.
Forcepoint, previously known as Websense or Raytheon Websense, is an Austin-based company owned by U.S. defense contractor Raytheon and private equity firm Vista Equity Partners. It develops and markets cybersecurity software to prevent employees from viewing inappropriate or malicious content, or leaking confidential data. It also sells firewall, cloud access, and cross-domain IT security products.
McAfee, LLC formerly known as McAfee Associates, Inc. from 1987–2014 and Intel Security Group from 2014–2017) is an American global computer security software company headquartered in Santa Clara, California and claims to be the world's largest dedicated security technology company
Clearswift is an information security company based in the UK. It offers cyber-security services to protect business's data from internal and external threats. Clearswift extended the MIMEsweeper line to include web and instant messaging filtering. These were marketed as protecting against the leakage of confidential company information on social networking sites - Clearswift argues that instead of banning Web 2.0 sites and services entirely, businesses can actually gain a competitive advantage by making use of them, provided their use is monitored.
Sophos Group plc is a British security software and hardware company. Sophos develops products for communication endpoint, encryption, network security, email security, mobile security and unified threat management. Sophos is primarily focused on providing security software to the mid market and pragmatic enterprise from 100- to 5,000-seat organizations. Whilst not a primary focus, Sophos also protects home users, through free antivirus software (Sophos Home) intended to demonstrate product functionality.
Symantec is an American software company headquartered in Mountain View, California, United States. The company provides cybersecurity software and services. Symantec is a Fortune 500 company and a member of the S&P 500 stock-market index. The company also has development centers in Pune, Chennai and Bengaluru (India).
Trend Micro is a Japanese multinational cyber security and defense company with global headquarters in Tokyo, Japan, a R&D center in Taipei, Taiwan, and regional headquarters in Asia, Europe and the Americas. The company develops enterprise security software for servers & cloud computingenvironments, networks, end points, consumers, and small & medium businesses. Its cloud and virtualization security products provide cloud security for customers of VMware, Amazon AWS, Microsoft Azure, Oracle and vCloud Air.
The market size of the Australian Secure Content Management market is estimated to be USD 661.54 Million in 2018 and is expected to grow at a steady CAGR of 5.8%, to reach a market size of USD 981.65 Million in 2025.
The Rise in security issues associated with cloud and mobile technologies, Data migration from legacy systems to new systems, Lack of technical proficiency among enterprises are the challenges being faced by the SCM service providers.
Handling of Sensitive data, Concerns over the constant evolving threats, Existence of functional content data silos are the restraints crippling the growth of the Secure Content Management market.
The increasing risks associated with email and Web gateways, Better awareness of the threat landscape, Increasing adoption of mobility in the workplace, Stringent regulations and ongoing security initiatives in the region, High need for securing confidential data and protection against data loss are the driving factors for the growth of the SCM market.
- USD – US Dollar
- IoT – Internet of Things
- e-commerce - Electronic Commerce
- e-mail - Electronic Mail
- DLP - Data Loss Prevention
- SCM - Secure Content Management
- AI – Artificial Intelligence
- BYOD - Bring Your Own Device
- BEC - Business Email Compromise