The digital security market

Evolving end-user expectations, new business opportunities, technological advances and changing threats are driving significant growth in the variety, scope and value of digital security services.

Growth potential in mobile 3G

circle-dotCurrent subscribers
orange-dot-2Growth potential
intro_security_worldmap
Source: Morgan Stanley

Digital dynamics

Virtually every human activity can now be expressed as digital data – whether it’s the simplest conversation or the most complex financial transaction. We can communicate, monitor, view, access and enable a vast range of information in the digital realm.

Convergence creates convenience

At the same time, technologies are converging. Until recently, devices had fixed roles – a cellphone to make a call, a computer to manipulate data. Those distinctions have blurred. Now, we expect the digital world to revolve around us as individuals, regardless of the device we’re using. We’re starting to make payments and access our email with our cellphones, and using our bank cards as a travel pass.

Telecommunications

Smartphone adoption has created new markets for wireless services, on top of continued organic growth in areas such as voice and messaging. These ongoing revenue opportunities are supported by a more pervasive digital lifestyle and businesses that now integrate mobile communications into their products and marketing.

High-speed mobile data and multi-function smartphones, for example, are creating demand for more advanced SIM cards allowing users secure access to a host of new applications in sensitive areas such as banking and retail.

For mobile users, value no longer resides purely in their handset. They expect to be able to access upgrades, applications and content Over-the-Air (OTA), regardless of the device.

They also want to protect their digital lives, safeguarding their contacts, their identities and their contents. The SIM card is the only universal and secured application platform working with 100% of handsets.

Machine-to-Machine (M2M)

In a growing world of smart applications and things, M2M is the key enabling technology for the Internet of Things. M2M is used to optimize business processes by connecting machines to one another. It’s used in an astonishing array of vertical markets and industries such as remote maintenance and control; metering; payment systems; routers and gateways; security systems; healthcare; automotive and eToll; tracking and tracing; environmental monitoring and more.

Companies around the world are discovering the power of M2M technology to save money, increase revenue or generate new sources of income by leveraging new channels to their customers. Further growth comes from governments that are forced to save money, increase income and meet carbon emission targets. Legislation favoring the implementation of M2M in eCall, smart metering for smart grids, stolen vehicle tracking and intelligent traffic systems is increasing. Furthermore, the aging population wishing to live an independent and healthy lifestyle is driving growth in mobile healthcare applications.

With increasing penetration of M2M into all aspects of business and life, security of the network and data privacy will be increasing in relevance for M2M adopters.

Financial services and retail

There are already around one billion EMV(*) cards in circulation. Some of the fastest-developing economies in the world (such as Brazil, South Africa and Turkey) already have EMV in place. But potentially huge markets such as China, India and much of the Americas remain largely untapped.

There are signs that US issuers – with a base of more than 700 million credit cards and 460 million debit cards – are being won over by the anti-fraud and user benefits of chip payment cards. In February 2009, American Express became the fourth member of the EMV consortium, massively expanding its reach. And even in the more mature European market, the Single Euro Payments Area (SEPA) initiative could also drive higher uptake.

Aside from enhanced security, convenience is a key driver for EMV. Contactless cards and faster, more reliable authentication are delivering in-store efficiencies that create real competitive advantage for retailers.

  • (*)
  • EMV: EuroPay, MasterCard, Visa: the industry standard for international debit/credit cards

Mobile voice has already been surpassed by mobile data traffic worldwide, driven by the rapid adoption of smartphones. By 2012, their shipments are predicted to exceed those of both Desktop and Notebook PCs combined.

intro_global-unit-shipments-graph

Source: Morgan Stanley
E:estimate

Government programs

Governments need systems that offer efficient interactions with their citizens, who in turn demand security and convenience from their authorities. That’s why nations around the world are investing in digital identity. Regulatory pressures – for instance, the visa waiver scheme to gain entry to the US, which now mandates biometric passports – are also driving growth in this market, such that more than 100 countries already have an ePassport program in place.

Electronic ID schemes go one stage further, since they require every citizen to carry an eID card. Many governments are already deploying them for access to health and social security services, and as drivers’ licenses. In a growing number of cases, they are also combining functions to derive even more efficiency and convenience for users. The potential here is immense. For example, India, with a population of 1.2 billion, has initiated a scheme to provide multipurpose national identity cards (MNIC) to every citizen by 2011.

Beyond such card schemes, there is a widespread move towards “eGovernment”. Ministers from the EU and EFTA recently approved a declaration recognizing that this “increases efficiency and effectiveness...to constantly improve public services” and set priorities in this area to be achieved by 2015.

Top internet markets – percentage of penetration

Digitalsecurity_percentage-penetration

“IDC has forecast the identity and access management market to reach over $5 billion by 2014. Gemalto is positioning itself to capitalize on market and convergence opportunities. It has expanded beyond its traditional smart card roots to create end-to-end solutions for digital security.”

  • (IDC, Gemalto: Secure authentication for Securing the Cloud, June 2010)

Online authentication

Cloud computing services – data and applications that are accessed via the internet or virtual private networks – are going mainstream. IDC expects spending on IT cloud services to reach $42 billion in 2012. By then, it will represent 25% of IT spending growth and nearly a third of growth the following year.(*)

But freedom of access places a huge additional burden on security. It’s essential to verify the identity of authorized users without hampering the convenience and efficiency of cloud computing. At the same time, complex software tends to have more security vulnerabilities, not fewer. This is increasing demand for ‘strong’ (two- or even three-factor) authentication. For example, a user might need a password as well as a physical component like a fingerprint; or an ultra-secure one-time password generated by a smart card and reader.

The need to meet compliance regulations is by far the greatest market driver. According to IDC this accounted for approximately 85% of all online authentication sales in 2009. Other factors contributing to market growth in this area are:

  • Continued issuance and enforcement of regulatory requirements worldwide;
  • Steadily increasing need for secure, scalable identity-driven cloud models for both private and public cloud deployments;
  • Increased demand for strong authentication for both enterprise and consumer interactions.
  • (*)
  • Source: IDC

Securing the cloud

intro_security_securingthecloud

"Today some 21 countries worldwide issue eID cards to their citizens, and over 60 countries issue ePassports."

eBanking and eCommerce

Secure online banking comes with the potential for increased revenue and new business opportunities. Switching focus from low-value transactions, such as cash withdrawals and check deposits, to high-value sales, such as loans and eCommerce, as well as financial and business advice, is the future in this domain.

The business case for eBanking rests on four pillars:

  • Cost control: when customers do more online, they can cut the cost of a transaction by up to 80%.
  • Increased utilization: spending increases when people prefer a particular provider’s services and cards – the ‘top of wallet’ effect. Similarly, people will do more online with a provider they trust.
  • Competition: banks are facing increased competition from online payment providers such as PayPal, and from mobile operators offering payment services. Non-traditional businesses, such as supermarkets, are also promoting a growing range of banking services. By improving their eBanking offer, banks can differentiate themselves and increase loyalty.
  • Security: increased security makes each customer more valuable and more profitable by enabling greater uptake of online services. It lets branches and call centers focus on high-value relationship banking and high-touch services. It also enables new services such as electronic invoicing, for example, by utility companies.

“Cloud computing” simply means internet-based computing. Your data and applications aren’t stored on your PC, but on servers located elsewhere (in “the cloud”) which provide resources, software and so on, on demand. Users benefit from greater convenience and lower cost. They can consume computing resources as a service and only pay for what they use; access data, applications and services from any location; and employ greater computing power than they might otherwise be able to afford.

The global market for enterprise cloud-based services will grow from US $12.1 billion (€9.4 billion) in 2010 to US $35.6 billion (€27.5 billion) by 2015(*). Yet while many enterprises are embracing cloud computing, others are resisting, held back by security concerns.

In the old days, security meant putting a firewall around the physical network in your office and giving people a password to access it. But it’s in the nature of cloud services that you can access them from anywhere, so there’s been a shift from “border” security to “identity-based” security. And the simplest way of strengthening this is to deploy a two-factor Single Sign On (SSO) solution. This requires both a password and a physical token, such as a smart card or encrypted USB key, before the user can be logged in. Even if the password is discovered, access is denied if the unique hardware token is not present. Two-factor authentication greatly enhances network security and allows enterprises to ensure that employees can securely access company information and networks, both locally and remotely.