- 1 Definition / Scope
- 2 Market Overview
- 3 Key Metrics
- 4 Market Risks
- 5 Top Market Opportunities
- 6 Market Drivers
- 7 Market Restraints
- 8 Industry Challenges
- 9 Technology Trends
- 10 Regulatory Trends
- 11 Other Key Market Trends
- 12 Market Size and Forecast
- 13 Market Outlook
- 14 Technology Roadmap
- 15 Distribution Chain Analysis
- 16 Competitive Landscape
- 17 Competitive Factors
- 18 Key Market Players
- 19 Strategic Conclusion
- 20 Further Reading
- 21 Appendix
Definition / Scope
Secure content management is the set of processes and technologies that supports the collection, managing and publishing of information. It involves processes for protecting the company from viruses, spam and undesirable web pages to not only provide enhanced security, but also address productivity and potential human resources issues.
Even after controlling the number of avenues through which information can enter, after the implementation of perimeter security, the cyber attackers still find ways to piggyback across valid communication channels. Secure Content Management technologies have evolved rapidly over the last few years due to the complexity of threats associated with email and web gateways. Businesses are increasingly focusing on eliminating this threat by adopting the 2 gateways, rather than the purely productive driven anti-spam and web-filtering techniques.
Secure Content Management solutions are gaining traction due to the increased need for handling voluminous content that is getting generated in organizations on a daily basis. The rising adoption of digitalization, Bring Your Own Device (BYOD), growth of e-commerce, and social media has increased the amount of content generated in inter-organizations and intra-organizations. SCM solutions offer clients with the benefit of paper-free workflow, accurate searching of required information, and better information sharing, and also addresses required industry standards and regulations. SCM solutions enable clients with handling essential enterprise information, and save time and cost associated with searching for the required business data for making key business decisions.
China experienced double digit growth in the Secure Content Management segment. With the growing complexity of the threat landscape, email remains a highly targeted attack vector, with employees being vulnerable to attacks on an organization’s security. The outbreak of Wannacry in 2017 urged enterprises to invest in email security to protect against common attacks through email, be it ransomware, phishing, spear phishing, or even Business Email Compromise (BEC).
Solutions offered for Secure Content Management
The solutions offered for Secure Content Management includes:
- Anti-Spam: Spam Filters are introduced for spam e-mail which not only consumes time and money, but also network and mail server resources.
- Web Surfing: Limiting the websites that end users are allowed to access will increase work productivity, ensure maximum bandwidth availability and lower the liability issues.
- Instant Messaging: Convenient and growing, but difficult to handle, this technology serves as a back door for viruses and worms to enter your network. It also provides way for sensitive information to be shared over the network.
Segmentation by product type
Cloud Based Secure Content Management is concerned with collecting, delivering, retrieving, governing and managing information within a cloud-based hosting environment. Cloud content management systems provide data storage and related automated processes for enterprises to monitor text, images, video, audio or other multimedia content throughout the digital content lifecycle – this includes everything from creation, organization and storage to editing, publishing, archiving or deletion. Services typically include enterprise document management, web content management, web hosting and technical support. installing and maintaining a cloud-based content management system can theoretically be cheaper and simpler to implement than on-premises content management
On-premise Secure content management requires in-house staff to manage and implement solutions for managing information. It involves the management and securitisation of content in-person by cyber-security specialists. It involves Protecting from viruses, spam, and undesirable web pages to not only provide enhanced security, but also address productivity and potential human resources issues
Segmentation by application
- Web App
Web app Secure Content Management is a set of tools that provides an organization with a way to manage digital information on a website through creating and maintaining content without prior knowledge of web programming or markup languages. Managing web content effectively can have useful business applications in the enterprise, producing insights for decision-making and delivering results, as well as value.
- Mobile App
Mobile App Secure Content Management is set of technologies that provide secure access to corporate data on smartphones, tablets and other endpoint devices. The main component of a mobile content management system is a file storage and file sharing service. Some services are entirely based in the cloud; others take a middleware approach that connect existing data repositories, such as network file shares, to a mobile-friendly front end.
- The China Secure Content Management solutions market grew by 8.5% on a YoY basis in 2017-18 and had market revenue of USD 249.81 Million in 2018.
- The email security segment recorded flat growth of 3.2% and market revenue of USD 76.68 Million in 2018
- Email remains the popular attack vector as an initial entry point for cyber-attacks that are targeting organizations in the region.
- Based on Organization size. Large enterprises with a market share of around 65% held the dominant position in 2018 and are expected to continue with its growing trend until 2025 and further.
- The Common attacks in the China Region in 2018 included Spamming, Phishing, Spoofing, and Business email Compromise (BEC).
- Web Security Solutions continued to experience stronger growth compared to email security, and recorded market revenue of USD 160.51 Million in 2018.
|Base Year||2018||Researched through internet|
Increased complexities in network infrastructure
Network architectures are becoming more distributed and complex. Where networks were once largely built around isolated data centers, they now connect with the cloud, applications, and various IoT devices. This trend promises to continue moving forward, with the number of connected devices in use expected to grow to 125 billion by 2030. While distributed networks built around different ecosystems, such as physical or cloud environments, present many opportunities, there are numerous ways in which they also create risks for the customers. Complex networks have more entryways and points of interaction than ever for cybercriminals to target, making it more likely they will be able to find a vulnerability to exploit, that inconsistent security measures can slip, and that threats can spread rapidly once the perimeter has been compromised.
Ransomware is a type of malicious software from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash and cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult. Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the "WannaCry worm", traveled automatically between computers without user interaction.
Top Market Opportunities
Security Platform Integration
Customers are expecting at solutions to be integrated with other security features, such as DLP, authentication, advanced malware detection, AEDR, UEBA to protect businesses from malware-born emails and embedded malicious URLs, businesses are showing less demand for standalone legacy SCM solutions, but looking at a more integrated security approach toward email and Web security.
Offering of Advanced Technologies
Email security vendors are developing their solutions with machine learning technologies to make the solutions learn and adapt themselves; this helps increase protection efficiency. In addition, vendors are also trying to provide their solutions with cloud services. Local vendor, Kiwontech, is providing SCM Cloud, which integrates email security solutions with anti-fraud solutions.
Move to Cloud-based Security Solutions
Enterprises are shifting their preference from on-premise solutions to cloud-based security solutions because of the large investments and in-house expertise required in the case of on-premise solutions. This is specifically seen in the case of SMBs that prefer cloud-based solutions.
The increasing risks associated with email and Web gateways
The email and web gateway faces risk of intrusion when the attacker tries to hack the system. This can be avoided by using Secure Content Management solutions such as SWG Proxies, SSL and firewalls. SWG Proxies identifies the threat in the web traffic that would otherwise be found by firewalls and other stream-based security solutions. SWG proxy will eliminate all threats and monitors the entire session. It is the only viable solution to uncover and stop attacks before they occur. Constantly monitoring and incorporating new attack signatures into detection capabilities. Web-Intelligence tools that is augmented with latest file, email and threat intelligence will provide superior efficacy to uncover attacks. The risks associated with email and web gateways push organizations to adopt Secure Content Management solutions.
Better awareness of the threat landscape
The threat landscape has changed significantly from simple cyber-attacks to massive ransomware attacks. As the complexities of threats are increasing so is the need for complexity of tools that deal with the security attacks. The evolution of threats and attacks has created more awareness on the threat landscape and hence has created imminent need for adoption of Secure Content Management solutions.
Increasing adoption of mobility in the workplace
Because of the advantages offered by mobility such as increased collaboration, improved flexibility, enhanced communication, tailored user experience, reduced talent churn and increased revenue potential, employees are embracing mobility for their work. Increasing adoption of mobility in the workplace requires organizations tighten control over online content to enhance productivity and to prevent threats.
Stringent regulations and ongoing security initiatives in the region
The recently legislated Cybersecurity Law provides elaborate regulations and definitions on legal liability. The Cybersecurity law emphasises on the protection of all kinds of information be it sensitive or non-sensitive and also lays framework on the implementation of email and web gateways. Hence Organisations are compelled to abide by the Cybersecurity law and hence are prompted to adopt secure content management services. Strict compliance requirements drive investments in security to prevent litigation and legal liabilities and in turn drive adoption of cybersecurity.
High need for securing confidential data and protection against data loss
With more data being created in and sent to the cloud every day, it is more important than ever to have a set of consistent Data Loss Prevention (DLP) policies that protect data everywhere it lives—in the cloud and on corporate endpoints, networks, or even unmanaged devices. Secure Content Management extends policies from the devices to the cloud, providing a seamless data protection experience across multiple environments.
Handling of Sensitive data
For the initiation of Secure Content Management Customers are required to share their Information with the SCM provider, the information shared includes Sensitive data such as banking information and health information. Due to security and compliance reasons Customers shy away from sharing sensitive data with the Secure Content Management service provider.
Concerns over the constant evolving threats
The constant evolution of complexity of the threats such as phishing attacks, targeted malware and ransomware such as NotPetya and WannaCry serves as restraint for the adoption of Secure Content Management as it involves delegating secured information to third-party vendors.
Existence of functional content data silos
Data silos are bad and should be eradicated. Unfortunately, after decades of criticism and proposed solutions, silos remain stubbornly intact at all too many organizations, impeding the free flow of data and strangling analytics. The voluminous accumulation of data in a single storage location is an headwind in accessing and managing the data This acts as a restraint for the adoption of Secure Content Management.
Rise in security issues associated with cloud and mobile technologies
The risks associated with cloud computing such as weak cloud security measures of the services such as storing data without controls such as encryption, or lack of multi-factor authentication to access the service. With organisations encouraging employees to adopt policies such as Bring Your Own Device, the risks associated with mobile devices are multi-fold which includes Mobile devices have threats from malware, threats based on device vulnerabilities, and threats associated with data theft. The risks associated with cloud and mobile technologies pose challenge in the implementation of Secure Content Management services.
Data migration from legacy systems to new systems
Data migration from legacy systems such as databases and data warehouses to new systems is the main and the painful process involved in the process of migrating to Secure Content Management. This is the pain-point as it consumes more time in the form of man-hours and the complexity involved in the form of portability and the operability of the platform used for the migration of data. Hence, this acts as a Challenge.
Lack of technical proficiency among enterprises
SCM implementation requires higher level of technical proficiency and expertise, as the threat environment is evolving, so does the need for equipping technical skills to counter the threats. The shortage of skilled labour is a challenge for the implementation of SCM solutions.
Offering of Cognitive & Analytical Capabilities
- In 2018, we will see more and more content management software providers adding artificial intelligence and natural language technologies to their platforms through acquisitions in an effort to simplify unstructured content management and related processes. Some of the benefits of utilizing cognitive analytics include:
- Predict a likelihood of conversion through a particular content before it is even published.
- Understand which content topic is the most relevant for each customer across channels through the integration with customer relationship management systems and marketing automation systems.
- Deliver user-specific content experiences via metadata that can help them retrieve every occurrence of a specific type of content, such as all product descriptions, positioning statements, value propositions, setup instructions, etc.
- Eliminate biased decision making processes by taking the guesswork out of what content to produce and which platform to be on.
Omnichannel Drives Experience-as-a-Service (EaaS)
Considering content is the heart and soul of every strategy, omnichannel marketing strategy has become one of the main focus areas for technology providers as well as content creators.Though personalization, micro experiences, machine learning and omnichannel sound like buzzwords, the underlying idea of orchestrating them through a single platform may help organizations set their businesses up to remain with or ahead of the curve not only in 2018 but also over the next 5 years.
Adaptive Process Isolation
As the pace of business and the need for collaboration persist to accelerate, companies are struggling with managing and protecting their sensitive content as well as enabling their expanding teams to collaborate on the same project in real time. On top of that, with cybercriminals becoming more sophisticated and organized, businesses are inevitably faced with data security issues at some point, and sometimes even many large enterprises fail at securing their intellectual property. Adaptive Process isolation comes out as a solution for the rising sophistication of threats
Cyber Security Law (CSL) which came into effect on 1 June 2017, is the main legislation of a host of regulations aimed at creating a separate and heavily controlled sovereign Chinese cyberspace. Businesses are a key target of this regime. The government is concerned that firms hold a vast amount of the nation's data resources and exerting government control over this data is a key priority. This goal seems at odds with China’s push for a world-leading high-tech economy, but China sees potential for information technology – particularly the information that flows through technology – to undermine its authority over the country’s political and economic development. China is also unique in the challenges it faces domestically. A low level of cyber security maturity and rampant online fraud in China has affected a very large number of Chinese government organisations, businesses and individuals. The CSL is a much-needed attempt to bring attacks and fraud under control by developing a regulatory framework for organisations and companies to adhere to.
The Cyber Security Law applies to Network operators and Critical Information Infrastructure Operators (CII). The term Network Operator is defined very broadly in the appendix to the law as the ‘owner or manager’ of any networks or the network service providers in China, where a ‘network’ is defined as systems of computers and relevant equipment that collects, stores, transmits, exchanges and process information. This leads to a wide scope of application to almost all businesses in China, which own or administer their networks. Therefore, it is safe to assume that any company - regardless of its size - operating its network to conduct business, provide a service, or collect data in China could very likely be in scope.
The Stringent enforcement of Cyber Security law in China has pushed companies to comply with the prescribed standards and hence are potentially adopting Secure Content Management solutions.
China also launched a fund for cyber security with an initial capital of 300 million yuan (USD 44 million) to realize the nation's strategic goal of becoming a strong Internet power.
Other Key Market Trends
The Key trends identified in the Chinese Cybersecurity space includes lesser investment on cyber security and an imminent need to train a large workforce
The country's investment in cyber security accounts for less than 1 percent of the total investment in its information construction. Compared with the U.S. (15 percent) and Europe (10 percent), China still lags behind.
In May, tens of thousands of computers worldwide were crippled by the ransomware attack called "WannaCry." In China, some industries and government computers were impacted by the virus with education research agencies being the worst hit.
The Internet business in China contributed 6.9 percent of the country's economy in 2016, compared with 5.5 percent in 2010
China's investment on cyber security talents accounted for around 10 percent of the total investment on the Internet, far behind the U.S. (more than 30 percent) and member countries of the Organization for Economic Cooperation and Development (more than 20 percent)
As of 2014, China has more than 700,000 cyber security talents working in key information system and infrastructure industries. By 2020, China will need about 1.4 million cyber security talents.
Market Size and Forecast
- 8.5% - The market growth rate registered by the Chinese Secure Content Management solutions market from 2017-2018.
- USD 249.81 Million - Market revenue of Secure Content Management in 2018.
- 3.2% - The growth recorded by rate email security segment
- USD 76.68 Million - Market Revenue of email security segment in 2018
- Email - the popular attack vector as an initial entry point for cyber-attacks that are targeting organizations in the region.
- Spamming, Phishing, Spoofing, and Business email Compromise (BEC) - The Common attacks encountered in the Greater China Region in 2018
- USD 160.51 Million – Market Revenue generated from Web Security Solutions in 2018.
- The Secure Content Management market is expected to clock a healthy growth rate of 14.2% both in terms of value and volume.
- The Web Security Solutions is expected to garner a healthy growth rate of 15.3% in the forecast period 2018 to 2025.
- Based on Organization size. Large enterprises with a market share of around 65% held the dominant position in 2018 and are expected to continue with its growing trend until 2025 and further.
- Among the deployment type, the maximum CAGR would be witnessed in hosted and cloud based deployment during the forecast period (2018-2025).
- with a market share of more than 30%, banking and financial sector has emerged as the dominating segment in the Chinese SCM market by vertical type.
- Additionally,Healthcare sector would witness highest CAGR of 22.6% during the forecast period (2018-2025).
To learn and adapt themselves email security vendors are developing their solutions with machine learning technologies; this helps increase protection efficiency. In addition, vendors are offering cloud services to improve their security performance. For Instance, Local vendor, Kiwontech, is providing SCM Cloud, which integrates email security solutions with anti-fraud solutions.
Artificial Intelligence (AI)
Artificial intelligence is being used more and more in vendor security products and solutions. In cyber security training, for example, AI can be used to simulate attacks based on recent data compiled by recent incidents — making training courses as relevant as possible. AI systems can also monitor employees’ security awareness and provide information about what types of attacks would employees fall for, and where an organisation is more susceptible.
Distribution Chain Analysis
The Secure Content Management is offered in both stand-alone and Integrated platforms. As more and more customers tend towards the offering of SCM solutions in the form of Integrated solutions the Integrated Platforms is gaining prominence.
Competitive Product Mapping
The offering of tools and services of higher quality encompassed with cutting-edge technologies that counter increasingly complex cyber-attacks is an alarming need of the customers and they expect the same to be offered by the Secure Content Management Service Providers.
The race for positioning of Market leader is gaining prominence among the Secure Content Management Service Providers, hence they offer differentiating products and services in the form of value-added service. The Service Provider that understands the need of the customer and offering solution for the same is expected to come out as the market leader.
Understanding the needs of the customer
Chinese Secure content Management providers should not be sensitive to the hype in the news. Successful providers are the ones that stay closer to the customers , thereby identify the requirements and issues of the customers and providing solutions. Although not attractive the service providers that stay closer to the customers are the most successful.
Customers expect solutions that solves problem and not just add to the number of alerts to be addressed. The most successful Secure Content Management Services provider will with a unique solution attribution such as big data analytics or unique sensory data collection.
Value-added Services offered by the Secure Content Management Service Providers
The link between the Secure Content Management Service Providers and the consulting, Professional and Technical services is inevitable and imminent. Providing Consulting, Professional and Technical services is not a niche of the Secure Content Management Services Providers, unless the provider is to outshine the competition
Key Market Players
Symantec is an American software company headquartered in Mountain View, California, United States. The company provides cybersecurity software and services. Symantec is a Fortune 500 company and a member of the S&P 500 stock-market index. The company also has development centers in Pune, Chennai and Bengaluru (India).
Sangfor a manufacturer of Cloud Computing and Network Security solutions including Third Generation HCI (Hyper Converge Infrastructure), Complete VDI solution, IAM (Internet Access Management), WAN optimization, converged Security Solution (NGAF), SD-WAN and Application Delivery Controller (application layer load balance) solution, sells its products mainly to small or midsize enterprises
360 ESG is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.
Fortinet is an American multinational corporation headquartered in Sunnyvale, California. It develops and markets cybersecuritysoftware and appliances and services, such as firewalls, anti-virus, intrusion prevention and endpoint security. Fortinet was founded in 2000 by brothers Ken and Michael Xie. The company's first product was FortiGate, a firewall, later adding wireless access points, sandboxing, and messaging security.
Softnext provides enterprise IT application management and security of data. The company specializes in providing internet application service technologies and introduces dynamic solutions for content security.
3Com Corporation was a digital electronics manufacturer best known for its computer network products. Com provided network interface controller and switches, routers, wireless access points and controllers, IP voice systems, and intrusion prevention systems. The company was based in Santa Clara, California. From its 2007 acquisition of 100 percent ownership of H3C Technologies Co., Limited (H3C) —initially a joint venture with China-based Huawei Technologies—3Com achieved a market presence in China, and a significant networking market share in Europe, Asia, and the Americas
Forcepoint previously known as Websense or Raytheon Websense,is an Austin-based company owned by U.S. defense contractor Raytheon and private equity firm Vista Equity Partners. It develops and markets cybersecurity software to prevent employees from viewing inappropriate or malicious content, or leaking confidential data. It also sells firewall, cloud access, and cross-domain IT security products.
Trend Micro is a Japanese multinational cyber security and defense company with global headquarters in Tokyo, Japan, a R&D center in Taipei, Taiwan, and regional headquarters in Asia, Europe and the Americas. The company develops enterprise security software for servers & cloud computingenvironments, networks, end points, consumers, and small & medium businesses. Its cloud and virtualization security products provide cloud security for customers of VMware, Amazon AWS, Microsoft Azure, Oracle and vCloud Air.
Cisco (Ironport) was a company that designed and sold products and services that protect enterprises against internet threats. It was best known for IronPort AntiSpam, the SenderBase email reputation service, and email security appliances. These appliances ran a modified FreeBSD kernel under the trademark AsyncOS. IronPort acquired the SpamCop filtering and reporting service, which it ran as a stand-alone entity
The China Secure Content Management solutions market grew by 8.5% on a YoY basis in 2017-18 and had market revenue of USD 249.81 Million in 2018 and is expected to grow at a healthy CAGR of 14.2% in the period 2018-2025 and expected to reach a market size of USD 632.81 Million in 2025.
The Rise in security issues associated with cloud and mobile technologies, Data migration from legacy systems to new systems, Lack of technical proficiency among enterprises are the challenges being faced by the SCM service providers.
Handling of Sensitive data, Concerns over the constant evolving threats, Existence of functional content data silos are the restraints crippling the growth of the Secure Content Management market.
The increasing risks associated with email and Web gateways, Better awareness of the threat landscape, Increasing adoption of mobility in the workplace, Stringent regulations and ongoing security initiatives in the region, High need for securing confidential data and protection against data loss are the driving factors for the growth of the SCM market.
- USD – US Dollar
- IoT – Internet of Things
- e-commerce - Electronic Commerce
- e-mail - Electronic Mail
- DLP - Data Loss Prevention
- SCM - Secure Content Management
- AI – Artificial Intelligence
- BYOD - Bring Your Own Device
- BEC - Business Email Compromise
- CSL - Cyber Security Law
- CII - Critical Information Infrastructure Operators