Top Ten Government IT Security Vendors

Government IT security managers have plenty to keep them up at night. Not only do they contend with the constantly expanding and mutating threats lurking in the wilds of cyber-space, but they also must worry about the potentially costly errors and abuses of their own employees and contractors - and, it must said, sometimes their superiors. Unlike many of their private-sector colleagues, public CIOs and chief information security officers (CISOs) also face the added problems of negative media coverage or being grilled by a congressional, state or local committee following a security breach.

At the same time, government organizations are perennially pushed, prodded and poked to do more with less. As the pressure flows downhill through an organization, IT security guardians are constantly required to justify security's return on investment, despite the above-mentioned dangers - that is, until something happens and the guardians are put on the hot seat for "not doing enough."

The good news for government CISOs, information assurance managers and IT security directors is there are many solutions to choose from to protect their organization's IT infrastructures. The bad news is there are many solutions - and many companies offering those solutions - to choose from. Security professionals are confronted with the prospect of assessing hundreds of security vendors offering hundreds, if not thousands, of products.

Gaining Top Perspective

To help IT security managers get a little more sleep, Government Insights, an IDC company, recently published A Government Perspective of the Worldwide Top 10 IT Security Vendors, which provides a useful baseline for government organizations when making IT security procurement decisions. The report analyzes government products, services, activities, partners, competitors and customers of IDC's ranking of the world's 10 largest IT security software vendors, as measured by revenue across all industries in 2006. These companies are: CA, Check Point Software Technologies, Cisco Systems, EMC, IBM, Juniper Networks, McAfee, Microsoft, Symantec and Trend Micro.

One would expect to find companies such as Check Point, McAfee, Symantec and Trend Micro on any list of top IT security vendors. However, CA, Cisco, EMC, IBM, Juniper and Microsoft are probably not company names that immediately come to mind. In fact, Microsoft is usually perceived as part of the problem when it comes to security. In the area of packaged security software, that perception must change.

Companies such as Secure Computing Corp. and SafeNet Inc. may have higher security revenues from government customers than some of the companies on IDC's list. However, they weren't included because their overall worldwide security revenues didn't place them in the top 10, as determined by IDC.

There is, as yet, no reliable or credible methodology for determining such a top 10 list. For one thing, most integrators that provide IT support to the public sector, including IT security, generally have only the haziest idea of how much of their government revenue come from security-related work - if they have any idea at all. Most companies don't specifically track security-related revenue either because security is wrapped up or embedded in larger programs or due to definitional issues, such as what is and isn't security related - and often it's a combination.

The 10 vendors sell their security products to government customers primarily through distributors, integrators, original equipment manufacturers and resellers, which is another reason it's difficult to determine their government revenues. Only Cisco, McAfee and Symantec have ventured into the realm of selling software as a service.

The companies' revenues were originally analyzed in the 2006 IDC study Worldwide Top 10 Security Vendor Market Share by Vertical Market, which estimated the market shares of the vendors across 18 worldwide vertical markets, including the government market.