Ah, the silly season of predictions. Rothman has a round up of the early entries, and I’ll have more to say on that particular subject in my monthly Dark Reading column (should be up next week).

Stiennon was a little different this year- he blogged his methodology, took a few days off to ruminate, then blogged the results of his analysis. Chris Hoff described his methods to me over IM (it involves Guiness, a keyboard, and about an hour), and came to very similar results.

Me? I’ve been spending a lot of time talking to clients (mostly on the vendor and investment side) about various data security markets and predicted growth rates. There’s been a ton of acquisition activity in the areas I spend most of my time on and I’m being frequently asked to predict the next “hot” market. I guess with the RSA conference delayed until April people are getting a little impatient.

I won’t be making any predictions today, but like Stiennon it never hurts to share my secret sauce for making educated guesses.

When I look at security markets I generally divide them into three categories which tend to correlate to hype, adoption, and investment trends.

  1. Threat/Response: These markets are driven by a rapid rise in a threat that demands an immediate response in order to effectively continue to engage in business. A jump in worm activity (around Code Red) drove firewall investments. Viruses like Melissa and LoveLetter forced wide adoption of enterprise antivirus. Huge jumps in spam forced a dramatic increase in antispam. And so on. In each case, the threat increased at a rapid enough pace to disrupt normal business operations, forcing a response. These are the markets that creep along, then suddenly explode, resulting in big numbers and year over year revenue increases in the hundreds of percent.
  2. Compliance Driven: In compliance markets the threat driving investment isn’t one of external attack, but of regulatory fines, disrupted business operations due to an inability to meet industry standards, or fears of material negative public perception due to press related to an inability to meet a standard (e.g. HIPAA). Compliance rarely, if ever, drives the same adoption rates as threat/response since daily business operations aren’t disrupted, but these markets see steady growth with increases ranging from 75% to over 100% year over year. Examples include Data Loss Prevention, Security Information and Event Management, Identity Management, and Database Activity Monitoring. More rapid growth rates are tied to solutions for problems leading to audit or compliance failures, then followed by solutions that reduce the cost of compliance, then followed by solutions that are only sometimes required for compliance or otherwise not explicitly required (like DLP).
  3. Internally Motivated: These are tools we buy to improve security, which aren’t demanded by an immediate external force. They often address threats that don’t necessarily disrupt daily business operations but often result in higher losses when they hit. The bad news is these are often the most important tools for improving security and preventing material losses, but since those incidents aren’t as “in your face” as spam or loss of services, the adoption rate is much lower.

This is, of course, only part of the market evaluation process. The real trick is to predict when these market drivers will hit and markets will switch to the next (or previous) category. But if I gave everything away, no one would hire me, I’d end up just a full time blogger, and I’d have to move in with my Mom and learn to speak Klingon.