Wednesday, June 10, 2020

The security management - Free Essay Example

The Security Management Industry INTRODUCTION Security management is the combination of hardware, software, and services that normalizes, aggregates, correlates, and visualizes data from disparate security products. Security management is a broad term that encompasses several currently distinct market segments. With the presence of the Internet, spam is becoming increasingly costly and dangerous as spammers deliver more virulent payloads through email attachments. According to a recent IDC (2004) study, the volume of spam messages sent daily worldwide jumped from 7 billion in 2002 to 23 billion in 2004. The Hong Kong Population has increasingly Internet users. This boom in the electronic commerce creates ease in communication and on business transactions however this has also compromised the internal data security with the presence of hackers. Industry analysts believe that increased spending on internet security products and the establishment of a corporate data security policy is equally important in avoiding information leakage. Estimated information security spending in Hong Kong will reach USD 231 million in 2003 and will maintain a stable growth to reach USD 252 million in 2004. U.S. security products enjoy an excellent reputation in Hong Kong and should continue to dominate the market. According to Braunberg (2004), a major early driver for security management products is the need to get a handle on event data emanating from intrusion detection systems. Many security management products are chiefly concerned with the consolidation, correlation and prioritization of this type of data. These event management and correlation products address the volume of data and its heterogeneous origin, both in terms of devices and vendors. SECURITY MANAGEMENT MARKET IN HONG KONG Market Highlights The continuous increase in demand for communication internationally, internet has been increasingly in demand. With the Internet in business transactions, companies expanded sales opportunities through e-commerce and reduce business costs. With the presence of Internet, companies can broadly expand customer base. However, in spite of all these benefits that companies experienced with Internet, it has also brought some costs to companies. Internet opens up network and servers to external and internal attacks. In order to guard against these attacks, Hong Kong companies have increasingly felt the need to purchase Internet security. According to the report of HKCERT (2004), the number of PCs installed in Hong Kong has skewed to the low end. In the survey conducted, it shows that 63.5% of the surveyed companies had installed 1-9 PCs and only 1.3% had installed 100 PCs or above. Consumer Analysis In the report of HKCERT (2002), industry players estimated that the Hong Kong market for internet security products and services in 2001 was USD 231 million and will reach USD 252 million in 2004. Generally U.S. internet security products are the major players and are enjoying an excellent reputation in Hong Kong and are continually dominating the market. Industry Estimates The survey of HKCERT in 2004 showed that Hong Kong companies adopted security technologies to secure their computer form attacks. The survey includes 3,000 companies from different industry sectors in Hong Kong. According to the survey anti-virus software was the most popular security measure, being used by 90.9% of the companies interviewed in 2004. Physical security (65.5%), Firewall (65.4%) and Password (60.6%) were the next three common security measures adopted (HKCERT, 2004). The information security awareness of the companies in Hong Kong has increased considerably as the percentage of companies without any security measures in place dropped from 10.1% in 2003 to 3.6% in 2004 (HKCERT, 2004) As the survey shows, the use of firewall has significantly increased in 2004. This is due to the increasing awareness of a number of companies that the basic security tools can not completely stop virus and because software vendors pay great effort in promoting their products. From the table above, US rank number one in the list showing that US is the major host of malware in 2006. On the other hand, Hong Kong only is on the 9th place however it is still a major contributor of malware in the world. Sophos notes that up to 90% of all spam is now relayed from zombie computers, hi-jacked by Trojan horses, worms and viruses under the control of hackers. This means that they do not need to be based in the same country as the computers being used to send the spam (IET, 2007). Sophos found that the most prolific email threats during 2006 were the Mytob, Netsky, Sober and Zafi families of worms, which together accounted for more than 75% of all infected email (IET, 2007). According to the report, email will continue to be an important vector for malware authors, though the increasing adoption of email gateway security is making hackers turn to other routes for infection (IET, 2007). Malware infection will continue to affect many websites. SophosLabs is uncovering an average of 5,000 new URLs hosting malicious code each day (IET, 2007). In 2006, it has been discovered that there is a decrease in use of spyware due to multiple Trojan downloaders. Statistics reveal that in January 2006 spyware accounted for 50.43% of all infected email, while 40.32% were emails linking to websites containing Trojan downloaders. By December 2006 the figures had been reversed, with the latter now accounting for 51.24%, and spyware-infected emails reduced to 41.87%.(IET, 2007) Market Channels In Hong Kong, consumer-oriented products such as anti-virus, overseas companies usually market their products via local distributors who will then channel the products to resellers and in some cases directly to retailers. For enterprise-oriented products, which require value-added services such as system integration and after-sales support, overseas companies can go through local distributors and/or resellers. (Chau, 2003) Competitive Analysis The internet security market has four segments: anti-virus, firewall, encryption software, and Security Authentication, Authorization Administration. Anti-virus Software Anti-virus software identifies and/or eliminates harmful software and macros. Anti-virus are mostly software based. The major players in Hong Kong for the consumer market includes Symantec/Norton which possesses 50% of the market share in Hong Kong, Norman, Nai/McAfee, and Trend Micro which are basically US origin (Chau, 2003). According to Chau (2003), consumers of Anti-virus are generally price sensitive and usually seek for products with established brand name. In the enterprise market of anti-virus, the major players include Trend Micro, NAI/McAfee, Norman and Symantec (Chau, 2003). According to the analysis, enterprise users will usually seek professional opinions from their I.T. service provider and are more likely to focus on brand reputation and offered features and pricing is not the main concern, although with the downturn in the economy, companies are becoming more price-sensitive (Chau, 2003) Firewall Firewall software/hardware identifies and blocks access to certain applications and data. There are two categories of firewall products: software and hardware. The players in Hong Kongs software firewall market are Check Point Software which dominates the market of 60% market share, Computer Associates, Symantec and Secure Computing (Chau, 2003). In the hardware firewall market, the major players are Netscreen with 50% market share, Cisco (PIX) with 20% market share, Sonic Wall, Watchguard and Nokie of Finland (Chau, 2003). According to the report, the price for software firewalls averages USD 20 per user. On the hardware firewalls side, the number of users and the kinds of features determine the price. A low-end firewall server costs USD 600 to USD 700, a mid-range server costs USD 2,000 to USD 4,000, and a high-end server costs USD 10,000 and above. Netscreen and Sonic Wall are quite common in small to medium-sized enterprises. Cisco targets large corporations. Brand reputation and price are the prime concerns for buyers. According to industry players, there is an increasing preference for hardware firewalls over software firewalls because the hardware firewall has a speed advantage and is easier to maintain. (Chau, 2003) Encryption Encryption software is a security product that uses crypto-graphical algorithms to protect the confidentiality of data, applications, and user identities. According to the study, the most commonly-used standards in Hong Kong are SSH, SSL, PGP, RSA, and DES. Different standards are used for different objectives. SSH is mostly used to secure TCP connections between remote sites. SSL is commonly used in web browsers to secure web traffic. PGP is used for email encryption. RSA is for PKI system authentication and authorization. DES or 3DES are commonly used in the banking sector. (Chau, 2003) According to the report of Chau (2003), the major players in encryption in Hong are PGP, Utimaco, F-Secure, SSH (Security Shell), and RSA. Security 3A Software Security 3A (administration, authorization, and authentication) software is used for administering security on computer systems and includes the processes of defining, creating, changing, deleting, and auditing users. Authentication software is used for verifying users identities and avoiding repudiation. Authorization software determines data access according to corporate policy. Administrative software includes internet access control, email scanning, intrusion detection and vulnerability assessment, and security management. The major players in PKI system in Hong Kong are Baltimore of UK, Verisign, and Entrust (Chau, 2003). Intrusion Detection Systems (IDS) An intrusion detection system (IDS) examines system or network activity to find possible intrusions or attacks. Intrusion detection systems are either network-based or host-based. Network-based IDS are more common. According to the report of Chau (2003), the major players of IDS in Hong Kong are ISS (Real Secure) which dominate in the market of 65% market share, Enterasys (Dragon), Symantec (Intruder Alert), Tripwire (Tripwire), Computer Associates (Entrust Intrusion Protection) and Cisco (Secure IDS). In the analysis it has been known that IDS end-users are mostly medium to large enterprises and the most significant purchasing criteria for end users are reliability and compatibility and price is not a key factor (Chau, 2003). Content Security Products The major players of content security products includes Clearswift which has 50% market share, Websense which has 25% market share, Trend Micro and Serve Control (Chau, 2003). Market Trends According to the report, on corporate side, the demand for network-based anti-virus would likely to increase than the demand for desktop-based anti-virus products since mostly viruses attacks are usually via internet (Chau, 2003). On the other hand, in the consumer side, consumer market would likely to fade away since consumers are downloading free anti-virus from the Internet. It is expected that ISPs will increasingly provide AV protection as a value-added service to the users (Chau, 2003). In the firewall software, it has been expected that the demand for hardware-based appliance products would likely to increase for small and medium-sized companies. (Chau, 2003) For Intrusion detection and vulnerability assessment, it is predicted that it will become very popular as enterprises will shift to a balance between internal and external threats. In addition, the distinction between host-based and network-based IDS is becoming blurry with the creation of IDS consoles that receive data from both the network sensors and host agents. Integrated solutions will become the trend. (Chau, 2003) Market Driver There are several market drivers of security management market. Chau (2003) identified some of these market drivers. In his report, he enumerated three of these market drivers which includes the Internet growth, telecommuting trend, and government generated awareness of Internet security. Internet Growth In Hong Kong, the Internet has become the prevalent communication means between business transaction and even between employees with the increasing trend of globalization. According to Hong Kong Government survey in 2001, 1.25 million households or 61% of all households in Hong Kong has PCs of which 80% are connected to the Internet compared to 50% households with PCs in 2000 of which only 36% are connected to the Internet in 2000 (Chau, 2003). Generally, consumers are making use of the internet to send emails, surf the web, carry out research, conduct on line banking transactions, and make low-value purchases. The survey estimated that around 6% of all persons over 14 had used one or more types of online purchasing services for personal matters in the 12 months before the survey (Chau, 2003). On the other hand, on the business side, more than one third of businesses in Hong Kong have internet connections. In 2001, about 12% of businesses had delivered their goods, services or information through electronic means which is 4% higher than that in 2000. The estimated amount of business receipts received from selling goods, services or information through electronic means in 2000 was USD 1 billion. Increased connectivity to the internet creates higher chances of hacker attacks, especially if the users have a constant live connection, such as through a DSL line. (Chau, 2003) According to the Hong Kong Commercial Crimes Bureau, reports of computer-related offenses increased from 235 incidents in 2001 to 210 in the first nine months in 2002. Computer attacks had affected 5,460 computers in the past 12 months. Financial loss caused by computer-related crimes rose from USD 195,000 in 2001 to USD 236,000 in 2002. The Computer Crime Section of the Hong Kong Commercial Crimes Bureau believes that only 0.3% of the victims reported hacking incidents, fearing that doing so would damage their reputation. Facing increasing internal and external hacking threats, companies are seeking security tools to protect their network and to maintain public confidence. (Chau, 2003) Telecommuting Trend Another major driver of security products, according to Chau (2003), is the increasing decentralization of the work force, such as mobile sales teams in the insurance industry who need to access corporate networks via PDAs. There is an increasing trend of businesses and organizations which benefit from employees ability to dial into corporate networks via the internet, however, this often creates information security risks within the organization, resulting in increased dependence on, and greater deployment of, security products (Chau, 2003). Government-generated awareness of internet security Another major driver of security products is the government awareness on the importance of Internet security. With this awareness, government organizations are formed. Like for example the SAR Government. The SAR Government is committed to providing a safe and secure environment to foster the development of e-commerce in Hong Kong in which has built a public key infrastructure (PKI) through the establishment of a public certification authority and a voluntary CA recognition scheme in Hong Kong (Chau, 2003). Currently, there are four recognized certification authorities operating in Hong Kong which includes JETCO, Digi-Sign Certification Ltd., HiTRUST.Com and the Hong Kong Postmaster General. In addition to the establishment of the PKI systems, the Hong Kong Government has also engaged substantial resources to educate the public regarding the importance of information security. For instance, the Crime Prevention Unit of the Technology Crime Division of the Hong Kong Police is responsible for providing advice on all aspects of computer security. It also produces educational materials on raising computer security awareness and makes presentations on technology crime prevention topics. (Chau, 2003) In addition to the market drivers in which Chau has enumerated, there are still other market drivers of security management market. Braunberg (2004) identified two major groups of market drivers which are the near-tern market drivers and long-term market drivers. Under the near-term market drivers are manage or prevent, perimeter management, vulnerability assessment, embracing standards and the brains of the operation. Long-term market drivers include complexity and cost, device and security integration, knowledge database resources, lack of trust, on demand of computing and social engineering. Near-Term Market Drivers Manage or Prevent. In the analysis of Braunberg (2004), the chief driver of event management solutions is the continuing and hugely annoying number of false positives pouring out of intrusion detection systems. According to him, a counter driver to growth in the managed security segment is the emergence of intrusion prevention systems, particularly in-line solutions that can perform real-time data blocking (Braunberg, 2004). The adoption of intrusion prevention system could inhibit spending on event management systems and security management vendors should consider these products competitive to their own (Braunberg, 2004) Perimeter Management. Security management products has evolve due tot to the demand of securing the perimeter. According to Braunberg (2004), security management solutions are evolving to integrate data from a host of perimeter products in which event management systems often evolved along separate lines with products for firewall, antivirus, and IDS. Vulnerability Assessments. According to Braunberg (2004), one of the near- term drivers for which end-users are of concern is understanding what the security risks are. Generally, clients are looking to leverage vulnerability assessments to help prioritize emerging threats. Increasingly vulnerability data is being leveraged in event management systems (Braunberg, 2004). Embracing Standards. According to Braunberg (2004), the industry is a long way from embracing standards for sharing event information but some progress has been made over the last year. The Internet Engineering Task Forces Incident Object Description and Exchange Format (IODEF) draft specification is gaining some traction and its adoption would be a significant step forward for the market (Braunberg, 2004) The Brains of this Operation. According to Braunbergs analysis (2004), the infatuation with IPS will be short-lived unless significant improvements can be made in reducing false positives in events however security management products will increasingly play a major role in providing the analytic smarts behind IPS solutions. Long-Term Market Drivers: Complexity and Cost. With the increasingly complexity in the web-based business models, the more tangled is the security solutions for the end-users. According to Braunberg (2004), businesses building online strategies from scratch can be overwhelmed by the initial investment of security solutions, while those trying to adapt existing solutions to evolving security concerns are besieged by maintenance costs. Device and Security Integration. According to Braunberg (2004), equipment makers are paying much closer attention to imbedded security functionality in devices and are actively attempting to integrate security as a value-added service in order to change the thinking of the end users of security products as an add-on or an extraneous component of infrastructure. In addition, vendors are looking to unite service providers with standards programs that simplify client understanding and reduce the complexity of product buying (Braunberg, 2004). Knowledge Database Resources. Another market driver for security products is to actively secure the knowledge database from attack patterns and other descriptions of the enemies. The security products vendors should reinvent a faster response to the known threats. According to Braunberg (2004), multi-product vendors particularly will look to evolve from real-time monitoring to broader real-time management. Lack of Trust: According to Braunberg (2004), end users, whether they are corporate users putting a business plan on a server or a consumer buying a CD, have ingrained habits that they are not necessarily willing to give up. For example, no matter how good an online banks security system is, a consumer will have to be convinced that its services are not only as good as a brick and mortar banks services, but better (Braunberg, 2004). On demand Computing: According to Braunberg (2004), the availability of ubiquitous computing resources on demand will further drive the need for sophisticated, highly flexible security management solutions that combine both identity management and event management. According to him, the demand for more esoteric offerings such as GRID computing is the major long-term driver for security management solutions (Braunberg, 2004). Social Engineering. According to Braunberg (2004), clients are still facing risks in security that employees represent just through the human desire to be helpful, and hackers exploit this through social engineering. According to him, a component of managed security will need elements of employee training to build awareness of outside threats (Braunberg, 2004). According to the analysis of Braunberg (2004), the security segment will continually be strong in which the diversity of interest ranges from an array of different types of companies which indicates a leverage of controlling security function. In addition, since end users demand has also evolve in which they demand for more in-depth defensive strategies ad best of breed approaches to purchasing decisions, security solution in turn has become more complex. Case Study: Trend Micro Enterprise History In 1988, Trend Micro Incorporated was founded by Steve Chang and his wife in California. Trend Micro Incorporated is a global leader in network antivirus and Internet content security software and services. The company led the migration of virus protection from the desktop to the network server and the Internet gatewayà ¢Ã¢â€š ¬Ã¢â‚¬ gaining a reputation for vision and technological innovation along the way. Trend Micro focuses on outbreak prevention and on providing customers with a comprehensive approach to managing the outbreak lifecycle and the impact of network worms and virus threats to productivity and information, through initiatives such as Trend Micro Enterprise Protection Strategy. Trend Micro ha grown into a transnational organization with more than 2,500 employees representing more than 30 countries around the globe. Many of the leading high-tech and security industry analysts have tracked Trend Micros growth and performance for the last several years, hailing the company as visionary, citing its leadership and innovation in the security industry. According to Brian Burke, IDC Research Manager, Trend Micro has consistently demonstrated a strong position in the Secure Content Management market. To remain successful Trend Micro has adapted quickly to market challenges and the evolution of security threats such as spyware, phishing and spam, in which financial gain has become the number one driving force. Given Trend Micros track record and its strong upward momentum, we expect the company to continue delivering innovative solutions that provide customers with timely protection against unpredictable threats. Trend Micro has earned a reputation for turning great ideas into cutting-edge technology. In recognition of the antivirus companys strategy and vision, the analyst firm Gartner has hailed Trend Micro as a visionary malicious code management supplier for four consecutive years. Citing its flexible and efficient transnational management model, BusinessWeek acknowledged Trend Micro as one ofa new breed of high-tech companies that are defying conventional wisdom. According to IDC, Trend Micro has held the top global market share in internet gateway antivirus for six consecutive years. A history of innovation In 1995 Trend Micro became an industry pioneer in the migration of virus protection from the desktop to the server level, with the launch of Trend Microà ¢Ã¢â‚¬Å¾Ã‚ ¢ ServerProtec. In 1997 it launched the industrys first virus protection for the Internet gateway with InterScan VirusWall. Since then, it has demonstrated a history of innovation in server-based antivirus products that has contributed to the leadership position it holds today in this market (according to the recent IDC report Worldwide Antivirus 2004-2008 Forecast and 2003 Competitive Vendor Shares. Trend Micro continues to shift the paradigms of antivirus security with cutting-edge products, services and strategies like Trend Micro Network VirusWall, Outbreak Prevention Services, and its Enterprise Protection Strategy. Trend Micro is committed to following its path of innovation to help companies manage todays ever-increasingly complex, fast-spreading malware threats. SWOT Analysis Strengths Business and security knowledge Trend Micro has been a pioneer and innovator in the antivirus software market since 1988, anticipating trends and developing products and services to protect information as new computing standards have been adopted around the world. Service and support excellence, that is, Trend Micro products and services are backed by TrendLabs a global network of antivirus research and support centers. TrendLabs monitors potential security threats worldwide and develops the means to help customers prevent the spread of outbreaks, minimize the impact of new threats, and restore their networks. Flexible workforce through contingent workers for seasonal/cyclical projects Loyal, hardworking, and diverse workforce who, in addition to good compensation, have an opportunity to do well Multinational corporation operating through regional subsidiaries to minimize cultural differences Low employee turnover Relatively rapid product development processes that allow for timely updating and release of new products Revenues and profits rising at 30% a year with merger/acquisition or investment in 92 companies over past five years Software products have high name recognition, broad-based corporate and consumer acceptance and numerous powerful features that are in use worldwide, thereby promoting standardization and competitive advantage through their ease of integration and cost-effectiveness Top rating from Fortune for best company to work at and most admired company Worlds largest software company with global name recognition and strong reputation for innovative products Weaknesses Perceived by many as a cut-throat competitor that uses its dominant market position to marginalize competition by stealing/destroying the competitions products, stifling product innovation, and decreasing the availability of competitor products Products have a single application focus and do not work well with or on-top of other products Reputation has suffered because of entanglement in antitrust and permatemps Vizcaino litigation Misperceptions of securitys value or purpose Opportunities Cheaper global telecommunication costs open new markets as people connect to the Internet in which in turn increases the need for security products Mobile phone applications and exploitation of personal digital assistants represent a growth industry so that strategic alliances could provide the company with opportunity in a market where it currently has little or no significant presence Business Continuity Reduced Costs Potential Revenue Opportunities Trend Micro holds the top market share for both worldwide Internet gateway and email-server based antivirus sales. Threats Currency exchange rates affect demand for application/operation software and hardware, and fluctuating currencies can negatively impact revenues in the global marketplace Recession or economic slowdown in the global market impacts personal computer equipment sales and their need for an operating systems which in turn would slowdown the need for security systems Software piracy of commercial and consumer applications software on a global scale threatens revenue streams Technology life cycle is shorter and shorter Inconsistency across the enterprise Loss of sponsorship or visibility Current Strategy The continuous success of Trend Micro is guided by its strategies. Innovation was always been the strategy of a technological company however in Trend Micro, innovation was not the only strategy implemented. There are many essentials that are to be considered. The current strategy of Trend Micro are the following. Focus On the Essentials and Sacrifice the Rest It is known that focus is important and essential for the success of any business. According to Steve Chang, strategy is about focusing on essential and sacrificing the rest. (Chang, 2002) in addition, according to Peter Firstbrook, program director, security risk strategies, META Group, Trend Micro has done just that, having an amazing laser-like focus on their business. And the authors of a Harvard Business School case study commented: Although very entrepreneurial, Steve Chang held fast to a single strategic focus for over a decade. Rather than attempt to provide all security products to all customers, Trend Micro concentrated on developing best-of-breed antivirus solutions. (Pain and Bettcher, 2003) Trend micros consistent and persistent focus allowed the company to build their strengths and consistently leading the market. Innovation Isnt Just About Your Software Products Trend Micro has many product firsts under its belt: the first antivirus product for a server in 1993; the first Internet gateway protection antivirus software in 1996; the first e-mail anti-virus software product in 1998; the first Internet content security service in 1999. However, for the Trend Micro innovation applies to more than just the products. It is a pervasive notion that applies to other areas of your business as well. Innovation should be seen new type of global organization and in a new service offering. According to Steve Hamm in a 2003 Business Week article, Borders are So 20th Century, Trend Micro is an example of a new form of global organization, transnational organization in which aimed to transcend nationality altogether. Hamm quotes C. K. Prahalad, a professor at the University of Michigan Business School, who says Theres a fundamental rethinking about what is a multinational companyDoes it have a home country? What does headquarters mean? Can you fragment your corporate functions globally? (Hamm, 2003) According to Hamm (2003) Trend micro was one of the first responder to viruses which can deliver services in 30 minutes before the market leader Symantec. He commented that Trend Micro is able to respond so quickly because its not organized like most companies. (Hamm, 2003) The strategy of Trend Micro is to spread its top executives, engineers, and support staff around the world. The main virus response center is in the Philippines, where 250 engineers are willing to work the evening and midnight shifts necessary to keep ever-vigilant. Then there are six other labs scattered from Munich to Tokyo. According to Chang, With the Internet, viruses became global. To fight them, we have to become a global company. (Hamm, 2003) In addition to organizing the company globally to handle the virus threat, Trend Micro is also structured to exploit every possible geographic advantage and resource around the world (Pain and Bettcher, 2003). With Trend Micros strategic focus, the company chooses to put the main virus response center in the Philippines since the Philippines has the most educated English speaking population who are willing to work day or night and cost the company less than it cost for the engineers in Taiwan where its RD is located. Trend Micro innovated in its organization structure to respond to its changing circumstances such as the global threat of the Internet, or to take advantage of what other countries had to offer, such as a less expensive group of English- speaking customer support personnel. In addition, Trend micro has able to innovate its products with other service offering that created a new competitive advantage since the company had already built such a rapid global response organization. If, after being notified of a virus outbreak, Trend Micro doesnt respond in two hours or less, they will pay a penalty which can be as high as the full price of the software. For Trend Micro, innovation is not just technology but a wider view of thinking that can involve any part of your company, including the organization and even service offerings. Choose Practices Which Scale Your Business According to Chang, anything that is not scalable is something that Trend Micro dont want to do. Trend Micros sales are 100% done through the channel using system integrators, distributors and value-added resellers. In addition, Trend Micro doesnt provide the usual implementation services that go along with a customers software installation. It is provided by the channels. Through the channels Trend Micro has eliminated the more challenging aspects of scaling a software business. If Trend Micro itself will do direct sales to customers, it would cost them and it would be limited to the number of sales personnel the company hires. Whereas, using channel can provide the company a multiplier effect, extending the number of sales personnel and reaching extended geographic areas. And providing implementation services is a lower margin business because you are essentially hiring out your technical staff. Avoiding direct sales and implementation services has a direct impact on Trend Micros financials. Best-of-Breed Strategy Requires In-Depth Expertise and Outstanding Customer Service According to Chang, less than 5 percent leave the company. Trend Micro considers longevity of experience in recruiting and selecting its personnel and engineers. According to Chang, smart people like working with smart people Trend Micro accomplishes this with a very selective hiring policy that only accepts 8 percent of applicants. Second, he creates an environment attractive to software engineers. For example, he runs an annual programming contest to see who the best is. Third, the nature of his work provides an ongoing challenge since, unfortunately, the creators of the viruses are clever and smart. So his engineers have to be clever and smart to think of ways to defeat them. (Turchin, 2004) Besides offering the only two-hour service level agreement available, Chang has focused on developing a world class virus response center. So his centers have adopted two very stringent quality control standards: ISO 9001-2000 and Customer Operations Performance Center (COPC)-2000 (COPC-2000 is a comprehensive operations performance standard that specifies minimum operational requirements in critical functional areas that are important to end users and clients. (Turchin, 2004) Future Strategy Trend Micros strategy is always been on continuous innovation on their products. However, innovation is not always on technology. Innovation should also be directed to the business as a whole. In addition, the Trend Micro should gain sustainable competitive advantage through proper human resource management. Innovation and Communication A global economy requires business organizations to cultivate their international holdings by respecting the national differences of their host countries and coordinating efforts for rapid innovation. Maintaining a competitive edge in a global, innovative, and dynamically evolving environment produces substantial pressure to redefine how business is conducted. A hierarchical, bureaucratic structure is less responsive in such an environment, and a flatter, more responsive organizational pattern is required (Monge Fulk, 1999). As organizations reengineer their structures to become more proactive and accessible, new patterns of communication emerge. Organizations find it necessary to push decision-making authority to lower levels, employ cross-functional teams, and encourage organizational learning (Branscomb, et al., 1999). It is also essential for firms to increase and improve external communication with international suppliers, subsidiaries, alliance partners, and customers (Parker, 1996). Innovation enables organizations to improve the quality of their outputs, revitalize mature businesses, enter new markets, react to competitive encroachment, try out new technologies, leverage investment in technologies that are so expensive that no single product can recoup them, and develop alternative applications for existing product categories, to name a few outcomes. For organizations which must adapt to changing competition, markets, and technologies, product innovation is not a fad. It is a necessity. (Dougherty, 1996, p. 424) The emphasis on business innovation is further substantiated by surveys of organizations. CEOs of 669 firms across 10 industries around the world consider technological innovation as being the most critical concern in their competitive advantage (Little, 1997). Hoggs 1993 survey of European managerial competencies in telecommunications companies in 6 European countries (Britain, Germany, The Netherlands, France, Italy, and Spain) found that innovation and strategic vision were vital to the effective performance or junior and middle mangers, second only to communication skills. Being an innovator and having vision are included among the top 10 characteristics of successful entrepreneurs in a similar survey by Ernest and Young with Roper Starch Worldwide (1997). At the individual or interpersonal level, Nutt (1986, 1987, 1989) suggests that persuasive and participatory strategies have a better success rate in getting decisions implemented at the appropriate levels of the organization. Most studies conclude that information sharing is a powerful tool for desensitizing employees to change, and that information of any type can moderate the anxiety associated with uncertainty that comes with impending change in an organization (Miller Monge, 1985; Smeltzer, 1991). Lewis and Seibold (1998) conclude that communication is at the heart of change adoption and implementation and that organizations would do well to employ communication strategies that emphasize information sharing, feedback, employee participation and influence, and collaboration. External communication links, which are often associated with boundary spanning, are critical to enhancing innovations since they provide opportunities for learning and for securing needed resources (Goes Park, 1997) and for the diffusion of ideas between and within organizations (Cziepel, 1975; Daft, 1978; Ghosal Bartlett, 1987: Kimberly, 1978; Robertson Wind, 1983). Such links are the mechanism that operationalizes environmental cues to the internal organizational structure (Corwin, 1972; Lozada Calantone, 1996; Spekman, 1979). In addition, business culture should be defined. OHair, Friedrich, Wiemann, and Wiemann (1997) have defined culture as the shared beliefs, values, and practices of a group of people. A groups culture includes the language or languages used by group members as well as the norms and rules about how behavior can appropriately be displayed and how it should be understood. (p. 9). Since innovation strategy often involves management of change, mergers, strategic alliances, joint ventures, and acquisitions, unexpected culture differences might lead to serious failures as demonstrated by a statistical study of foreign entry (Barkema, Bell, Pennings, 1996). The broader cultural context of multinational strategy involves an interaction between national culture and corporate culture. On the basis of Hofstedes research (1980, 1991), Schneider and Barsoux (1997) propose a national culture embedding for a particular corporate culture when innovation is the message. According to Cooley and Roach (1984), communication behaviors that are the reflection of an individuals competence are culturally specific and, hence, bound by the culture in which they are acted out. As a result, behaviors that are understood as a reflection of competence in one culture are not necessarily understood as competent in another (p. 13) Allens (1993) work shows that scientists and engineers need each other in the RD department of a technology-intensive company (TIC). Whereas technological innovations will fail without the knowledge provided by the scientists, few scientific insights will lead to innovation unless the engineers intervene. Innovations occur most quickly if the engineer pulls the scientist. If science leads to the fastest technical innovation when triggered by engineers (technology pulls science), communication may play a role in this process by formulating and implementing informal procedures in the strategic communication of an multinational firm. While scientists have the production of text as their main target and therefore depend heavily on the written word, engineers prefer to design and make concrete products and therefore prefer oral communication with the lay world of clients and suppliers (Allen, 1993). Multinational firms may need to pay more attention to the role of oral communication in strategic innovation and to use international business communicators as bridge builders between different professional cultures. As organization becomes global, organizations become structurally flatter, more interactive, increasingly knowledge-based, geographically scattered, and more culturally diverse. With this situation of business environment, companies should consider communication. Sustainable Competitive Advantage through HRM One of the keys to successful competition in the global market is the effective deployment of human resources to achieve a competitive advantage (Schuler, Dowling De Cieri, 1993). Over the past decade human resource management has gained stature as it increasingly comes to be seen as contributing to the overall effectiveness of the organization (Ferris, Russ, Albanese, and Martocchio, 1991). Organizations with motivated and committed employees can implement strategies better than those without them. Sustainable competitive advantage is the unique position that an organization develops in relation to competitors that allows it to outperform them consistently (Hofer and Schendel, 1978). As this definition suggests, advantage can only be achieved by establishing a clear and favorable differentiation from competitors. This difference must be tangible and measurable, and it must be preservable over time (South, 1981). Sustainable competitive advantages are fundamental to a firms long-run success. A sustainable competitive advantage is derived from a firms resources or capabilities that are unique to the firm, cannot be easily duplicated by competitors, and offer customers special value (Barney 1991; Hitt, Ireland, and Hoskisson 1995). Without sustainable competitive advantages, a firm cannot expect to make above-average returns in the long run. Management of human resources has been acknowledged as an important factor in developing sustainable competitive advantage (Pfeffer 1995; Lado and Wilson 1994; Kydd and Oppenheim 1990). Unlike other resources (plant and equipment or product design, for example), superior human resources tend to be very difficult for competitors to duplicate. Certain human resource management (HRM) practices have been identified as crucial to developing sustainable competitive advantage through human resources. These practices include selectivity in recruiting, high wages, training, performance-based rewards, job security, teamwork, flexibility, information sharing, and empowerment (Pfeffer 1995; Lado and Wilson 1994). According to Coyne (1986), competitive advantage is meaningful only if it is felt in the marketplace; that is, the differentiation must be perceived as an important buying criterion to a substantial customer base. Such an advantage will be sustainable, only if it cannot be imitated (Barney, 1991). In essence, a gap in the capability underlying the differentiation must distinguish the producer from its competitors; otherwise, competitors can erase the differentiation at will (Coyne, 1986). In order to create such a gap, the organization must deploy its unique combination of skills and resources to exploit environmental opportunities and neutralize threats. According to Barney (1991), three categories of firm-specific resources are available for sustainable competitive advantage: (1) Physical resources are those tangible elements used in a firms production process, ranging from its plant and equipment to its access to raw materials; (2) Organizational resources include the firms structure and processes, from strategic planning systems to reward and control processes; and (3) Human resources include the training, experience, judgment, relationships, and insight of individual managers and workers in a firm (Barney, p. 101). According to this model, the HRM system, in a manner similar to strategic planning and information processing systems, is an organizational resource with potential to become a source of competitive advantage. In this capacity, the HRM system is comprised of many of the firms vital processes. These include the recruitment, selection, appraisal, training, and retention of talented employeesactivities indispensable to firms seeking growth and prosperity. Examination of these activities reveals that the HRM system also has considerable influence over another potential advantagethe behavior of the organizations human resources. HRM system expertise can contribute to a meaningful and sustainable advantage. Barney (1991) argues that before a resource can contribute to a sustained competitive advantage, it must meet four conditions: (1) it must be valuable; (2) it must be rare; (3) it must be imperfectly imitable; and (4) it must lack strategically equivalent substitutes. A valuable organizational resource, or one which is capable of creating sustained competitive advantage, must enhance a firms ability to exploit environmental opportunities or neutralize threats (Barney, 1991). By enhancing a firms ability to cope with environmental circumstances, such a resource improves organizational efficiency and/or effectiveness. A firm will gain an advantage only when it implements a value-creating strategy not simultaneously implemented by large numbers of competing firms (Barney, 1991). If it holds scare resources that help it to exploit opportunities for gaining advantage over competitors is enhanced. HRM system can be viewed as valuable and rareproviding the organization with a competitive advantage. These advantages cannot as sustained, though, unless they are difficult to imitate (Barney, 1991). According to Barney (1991, p. 107), a resource can be imperfectly imitable, and therefore the source of sustainable competitive advantage, for one or a combination of three reasons: (1) the ability of the firm to obtain a resource is dependent upon unique historical conditions, (2) the link between the resource possessed by the firm is causally ambiguous, or (3) the resource generating a firms advantage is socially complex. A firms resource to be a source of sustained competitive advantage is that there must be no close substitutes for the resource which can be used to conceive and implement the same strategies (Barney, 1991). Transnational firms such as the Trend Micro choose to locate facilities based on the ability to effectively, efficiently, and flexibly produce a product or service, and to create synergies through the cultural differences. Production and research and development that benefit from uniform standards and scale economies tend to be centralized, whereas marketing and HRM tend to be decentralized to take advantage of local cultural differences (Griffin Pustay, 1996; Hannon, Huang Jaw, 1995). This creates the need for HRM systems that encourage flexible production, thus creating a host of HRM issues. Transnational firms proactively consider the cultures, human capital, political/legal and economic systems to determine locations where production facilities can be located to provide a competitive advantage. These firms have multiple headquarters spread across the globe, resulting in less hierarchically structured organizations that emphasize decentralized decision-making. This results in the need for human resource systems that recruit, develop, retain, and utilize managers and executives who are not only competent transnational but also are competent in decision-making in flattened, non-hierarchical organizations. Adler and Bartholomew (1992) point out that a transnational HR system should be characterized by three attributes, which they describe as transnational scope, transnational representation, and transnational process. The first attribute, transnational scope, refers to the fact that HR decisions must achieve a global, rather than a national or regional, scope. This creates the necessity to ensure that decisions reflect a balancing of the needs for uniformity (to ensure fair treatment of all employees) and flexibility (to meet the needs of employees in different countries). The second attribute, transnational representation, reflects the multinational composition of a firms managers. To achieve transnational scope, each country should be represented in the managerial ranks of the firm. Having transnational representation is also a prerequisite if the firm is to achieve the third attribute. The third attribute, transnational process, refers to the extent to which the firms planning and d ecision-making processes include representatives and ideas from a variety of cultures. It is this attribute that allows for the diversity of viewpoints and knowledge, associated with different cultures, that increases the quality of decision-making. This is a process of negotiation whereby subsidiaries propose strategic initiatives and the centralized unit co-ordinates, criticizes, approves and adds its own funds (Trompenaars, 1993, 174) References Adler, N. Bartholomew, S. (1992). Managing globally competent people. Academy of Management Executive 6, 52-65. Allen, T. J. (1993). Managing technical communications and technology transfer: Distinguishing science from technology. In T. Allen (Ed.), Managing the flow of technology. London: MIT Press. Barkema, H. J., Bell, J., Pennings, J. (1996). Foreign entry, cultural barriers, and learning. Strategic Management Journal, 17, 151-166. Barney, J. (1991). Firm resources and sustained competitive advantage. Journal of Management, 17, 99-120. Branscom, L. M., Florida, R., Hart, D., Keller, J., Boville, D. (1999). Investing in innovation. Cambridge, MA: MIT Press. Braunberg, Andrew (2004). Security Management Market Assessment: Current Analysis. CSO Online. Available: https://www.csoonline.com/analyst/report2474.html Chang, Jenny (2002) @Trend Micro (Trend Micro, October 2002, English edition) page 5 Chau, Fanny (2003). Information Security Solutions. International Market Research. Available: https://strategis.ic.gc.ca/epic/site/imr-ri.nsf/en/gr110005e.html Cooley, R. C., Roach, D. A. (1984). Theoretical approaches to communication competence: A conceptual framework. In R. N. Bostrom (Ed.), Competence in communication (pp. 11-32). Beverly Hills, CA: Sage. Corwin, R. G. (1972). Strategies for organizational innovation an empirical comparison. Administrative Science Quarterly, 37, 441-454. Coyne, K.P. Sustainable Competitive Advantage: The Cornerstone of Strategic Thinking. Business Horizons, January-February, 1986, pp. 54-61. Czepiel, J. A. (1975). Patterns of interorganizational communications and the diffusion of a major technological innovation in a competitive industrial community. Academy of Management Journal, 18, 6-24. Daft, R. L. (1978). A dual-core model of organizational innovation. Academy of Management Journal, 21, 193-210. Dougherty, D. (1996). Organizing for innovation. In S. Clegg, C. Hardy, W. Nord (Eds.), Handbook of organization studies (pp. 424-439). London: Sage. Ferris, G.R., Russ, G.S., Albanese, R., and Martocchio, J.J. (1991) Personnel/Human Resources Management, Unionization, and Strategy Determinants of Organizational Performance. Human Resource Planning, 32(3), pp. 215-227. Hamm, Steve (2003) Borders Are So 20th Century BusinessWeek 9/22/03 Hannon, J. M., Huang, I. Jaw, B. (1995). International human resource strategy and its determinants: The case of subsidiaries in Taiwan. Journal of International Business Studies. 26, 531-554. Hitt, Michael A., Duane R. Ireland, and Robert E. Hoskisson (1995). Strategic Management: Competitiveness and Globalization. Minneapolis, Minn.: West Publishing Co. Hofer, C. and Schendel, D. (1978) Strategy Formulation: Analytical Concepts, St. Paul, MN: West. Hofstede, G. (1980). Cultures consequences: International differences in work-related values. Beverly Hills: Sage. Hofstede, G. (1991). Cultures and organizations: The software of the mind. New York: McGraw Hill. Hogg, B. A. (1993). European managerial competences. European Business Review, 93, 21-26. IDC (2004) Worldwide Antispam Solutions 2004-2008 Forecast and 2003 Vendor Shares: What Is Being Done About Spam. Brian E. Burke and Mark Levitt, December 2004. IET (Institution of Engineering and Technology). (2007). US Worst for Malware Hosting, Spam Relaying. January 25, 2007. Available: https://www.iee.org/oncomms/sector/management/SectionNews/Object/55018504-DDE1-7832-7DB25B5BC407844D Ghosal, S., Bartlett, C. A. (1987). Innovation processes in multinational corporations. Cambridge, MA: Harvard Business School Press. Goes, J. B., Park, S. H. (1997). Interorganizational links and innovation: The case of hospital services. Academy of Management Journal, 40, 673-696. Griffin, R. W., Pustay, M. W. (1996). International business: A managerial perspective. Reading, MA: Addison-Wesley Publishing Company. Kydd, Christine T., and Lynn Oppenheim (1990). Using Human Resource Management to Enhance Competitiveness: Lessons From Four Excellent Companies. Human Resource Management 29 (Summer), 145-166. Kimberly, J. R. (1978). Hospital adoption of innovation: The role of integration into external informational environments. Journal of Health and Social Behavior, 19, 361-373. Lado, Augustine A., and Mary C. Wilson (1994). Human Resource Systems and Sustained Competitive Advantage: A Competency Based Perspective. Academy of Management Review 19 (October), 699-727. Lewis, L., Seibold, D. R. (1998). Reconceptualizing organizational change implementation as a communication problem: A review of literature and research agenda. In M. Roloff (Ed.), Communication Yearbook (pp. 93-151). Beverly Hills: Sage. Little, Arthur D. (1997). Global innovation survey, Cambridge, MA: Lozada, H. R., Calantone, R. J. (1996). Scanning behavior and the process of organizational innovation. Journal of Managerial Issues, 8, 310-325. Miller, K. I., Monge, P. R. (1985). Social information and employee anxiety about organizational change. Human Communication Research, 11, 365-386. Monge, P., Fulk, J. (1999). Communication technology for global network organizations. In G. DeSanctis J. Fulk (Eds.), Shaping organization form: Communication, connection, and community (pp. 71-100). Thousand Oaks, CA: Sage. Nutt. P. C. (1986). Tactics of implementation. Academy of Management Journal, 29, 230-261. Nutt. P. C. (1987). Identifying and appraising how managers install strategy. Strategic Management Journal, 8, 1-14. Nutt. P. C. (1989). Selecting tactics to implement strategic plans. Strategic Management Journal, 10, 145-161. OHair, D., Friedrich, G., Wiemann, J., Wiemann, M. (1997). Competent communication. New York: St. Martins Press. Pain, Lynn Sharp and Kim Eric Bettcher (2003) Trend Micro Parts A B, Harvard Business School Case Study, 5/24/03, page 4-8 Parker, B. (1996). Evolution and revolution: From international business to globalization. In S. Clegg, C. Hardy, W. Nord (Eds.), Handbook of organization studies (pp. 484-506). London: Sage. Pfeffer, Jeffery (1995). Producing Sustainable Competitive Advantage Through the Effective Management of People. The Academy of Management Executive 9 (February), 55-72. Robertson, T. S., Wind, Y. (1983). Organizational cosmopolitanism and innovativeness. Academy of Management Journal, 26, 332-338. Schneider, S. C., Barsoux, J. L. (1997). Managing across cultures. London: Prentice Hall. Schuler, R. S., Dowling, P. De Cieri, H. (1993). An integrative framework of strategic international human resource management. Journal of Management. 19, 419-459. Smeltzer, L. R. (1991). An analysis of strategies for announcing organization-wide change. Group and Organizational Studies, 16, 5-24. Spekman, R. B. (1979). Influence and information: An exploratory investigation of the boundary role persons basis of power. Academy of Management Journal, 22, 104-117. South, S.E. (1981) Competitive Advantage: The Cornerstone of Strategic Thinking. The Journal of Business Strategy, 1(4), pp. 15-25. Trompenaars, F. (1993). Riding the waves of culture. London: Nicholas Brealey. Turchin, Brian (2004). Trend Micro: How an Unconventional CEO Achieved Uncommon Results. Fourth Annual Software Industry Awards Issue. Sptember/October 2004