Striving to Comply – Security Compliance and Control Market Fueled by New Government and Industry Regulations, According to IDC

FRAMINGHAM, MA – OCTOBER 17, 2006 – As technology-related security threats continue their unrelenting assault on the corporate world, increasingly stringent government and industry regulations are forcing organizations to revamp security policies, adhere to best practices, and more accurately measure and report security issues. This shifting landscape has spawned a new competitive market – aptly labeled security compliance and control (SCC) by IDC – that will reach $7.4 billion worldwide in 2006. The SCC market includes all compliance-related products in the areas of content control, identity and access management, security and vulnerability management, and security compliance services.

In the U.S., the SCC market will experience high growth through 2010 as new security threats emerge and government regulations mandate better understanding about the integrity of the IT infrastructure. To address rising concerns, SCC products are being released that can assist enterprises in handling policy creation, compliance measurements and audits, as well as reporting.

"Regulatory compliance initiatives are quickly becoming part of larger corporate governance and risk management strategies," said Rose Ryan, IDC research analyst, Security Compliance and Vulnerability Management. "Executives are pushing for compliance to protect themselves from security threats, but also to avoid personal liability and the possibility of criminal and/or civil penalties." Civil prosecution can carry substantial financial penalties and seriously damage a company's reputation.

Additional findings from IDC include the following:

— Compliance is not just a U.S. issue. Worldwide, governments have legislated regulations governing privacy and governance, but laws vary from country to country.

— Industry organizations (Visa/MasterCard and FFIEC) are requiring members and partners to adhere to proprietary standards and guidance.

— Compliance represents a new class of internal threats that increasingly concerns most enterprises.

— SCC solutions are not just for compliance because it can reduce loss/leakage of intellectual property and confidential information.

— Forecasting the SCC market is challenging. The North American SCC market will remain strong until late 2010.

— Worldwide SCC markets will continue growing as compliance infrastructures become critical components of global trade

This IDC study, Worldwide Security Compliance and Control 2006-2010 Forecast and Analysis: Going Beyond Compliance to Proactive Risk Management (IDC #203350), examines the increasingly complex environment of government regulations and industry standards that drive concerns about the accuracy and protection of an organization's data and information not only with employees but also with customers, partners, and contractors. This study provides a broad overview of the security compliance and control (SCC) market in 2005 and provides a 2006-2010 forecast as well. It also includes profiles of leading SCC vendors and identifies the characteristics that vendors will need to be successful in the future.

To purchase this study, please contact IDC Sales at 508-988-7988 or sales@idc.com.

About IDC

IDC is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets. IDC helps IT professionals, business executives, and the investment community make fact-based decisions on technology purchases and business strategy. Over 850 IDC analysts in 50 countries provide global, regional, and local expertise on technology and industry opportunities and trends. For more than 42 years, IDC has provided strategic insights to help our clients achieve their key business objectives. IDC is a subsidiary of IDG, the world's leading technology media, research, and events company. You can learn more about IDC by visiting www.idc.com .

All product and company names may be trademarks or registered trademarks of their respective holders.

###