Japanese SMBs: IT Security and Storage Opportunities
IT security spending by Japanese SMBs is expected to grow from a projected $824 million in 2005 to $1.5 billion by 2009 (a CAGR of 13.3 percent), according to AMI-Partners' report "Japan SMB Total IT Security Investment and Security-Related Service Spending Forecast: 2004-2009." Growth will be faster in high-tech security and external services, and late-adopter small businesses will have to pay to catch up. Japan's Personal Data Protection Law, which took effect April 1, 2005, makes business owners and managers responsible for security lapses in consumer and employee identification data, with significant fines for failure. Yuki Uehara, an AMI-Partners research analyst and author of the report, says, "Since a failure to satisfactorily protect customer contacts data will result in legal penalties, Japan SMBs are now desperate to upgrade outdated or inadequate products and services to more effective solutions."
Small businesses will likely be hardest hit by the new law's requirements. The study predicts that among small businesses that have been slow to add security due to lack of resources, spending on external security-related technologies and services will grow at a CAGR of 17.3 percent, a rate even higher than that for medium businesses (13.9). Resources also will determine the sorts of technologies adopted by individual Japanese SMBs, according to Uehara. Medium businesses, with their generally higher volumes of data and larger IT staff, will find value in storage area networks (SAN) and network attached storage (NAS), technologies that are budget-stretchers for smaller businesses. However, Uehara notes that Japan's midsize businesses lag behind their German and American counterparts in SAN/NAS adoption, with an adoption rate half that of those two markets during 2004.
Small businesses will make extensive use of password-protected external storage media, at least in the short term, as Uehara indicates that these are easy and affordable, although not ideal for data management and access control. These are stopgap methods, though. "In the longer run, the demand for centralized storage systems, which will facilitate more comprehensive data management, should increase steadily," the report states.
"The Personal Data Protection Law impacts the results, not just the adoption of technology. Much data crime is done inside the company with human hands, so SMBs in Japan must also adopt access controls and log analysis systems," Uehara says. This indicates an opportunity for external consulting and support services, as well as for managed security outsourcing and centralized security software management applications. "Adoption of antivirus and desktop firewall solutions by Japan SMBs is comparable with their counterparts in the USA. But this is inadequate for business."
The Top Three Business Security Targets
Small Businesses Lack IT Security