Death to Security Companies
Well, that's what Art Coviello from RSA would have us believe. To quote Art, "With the exception of a few exceptional start-ups, there will be no standalone security businesses within three years." There's no way he's just making this comment because RSA has joined forces (read: been absorbed) by EMC, the network storage giant.
That is not to say that I disagree with all Art says. He comments that the security industry is too focussed on its own problems, and not enough on trying to perfect security. I wholeheartedly agree. Having worked with and for a number of pure security players, I can safely say that they are focussed on the "business" of security and not the "ideal" of security.
Does that make them wrong? No, but it isn't encouraging, either. This particular problem, however, doesn't go away because security vendor "A" has now been purchased by larger corporation "Z". Now, EMC has a cute little security arm (RSA), just like IBM has one (ISS) and Computer Associates (well, about a half-dozen of them). Those cute little security companies are *still* focussed on the business of security. Now, however, they are focussed on the business of security with regards to increasing the bottom line of a larger company with a relatively myopic view of the product space (translated: How does the security stuff integrate with *our* stuff?)
I believe that the pre-integrated security vendors (security companies who are a part of a larger company) will wither but not-quite-die. RSA is now en EMC whore, and I'm interested in them primarily if I already have EMC onsite. Same with ISS. I believe independent security players are more motivated to integrate with other products (security or otherwise). In fact, I worked for one company who had the "problem" that they were often *too* willing to do some "gap engineering" to integrate their products.
This is how it should be.
Oh, and if you followed the link to my former employer above, you'll probably see that they brag about having "3 of the top 12 IT security influencers" at their company. Now, it's a great company with great products and people, but vendors aren't influencers, they should be influencee's! If they truly were influencERS, then we'd all have NAC up and running already. NAC is the wrong product to hang your hat on, no matter what "3 of the top 12 IT security influencers" tell you.
Despite that, I anticipate that security company to flourish without being sucked up by some bigger company. They will survive because they are a pure security play.
Then again, I say that because *I* am a pure security play. I'm not a systems administrator who also does security. Maybe that has colored my vision to the extent that I project it onto the marketplace.
Or maybe I'm just right.
That is not to say that I disagree with all Art says. He comments that the security industry is too focussed on its own problems, and not enough on trying to perfect security. I wholeheartedly agree. Having worked with and for a number of pure security players, I can safely say that they are focussed on the "business" of security and not the "ideal" of security.
Does that make them wrong? No, but it isn't encouraging, either. This particular problem, however, doesn't go away because security vendor "A" has now been purchased by larger corporation "Z". Now, EMC has a cute little security arm (RSA), just like IBM has one (ISS) and Computer Associates (well, about a half-dozen of them). Those cute little security companies are *still* focussed on the business of security. Now, however, they are focussed on the business of security with regards to increasing the bottom line of a larger company with a relatively myopic view of the product space (translated: How does the security stuff integrate with *our* stuff?)
I believe that the pre-integrated security vendors (security companies who are a part of a larger company) will wither but not-quite-die. RSA is now en EMC whore, and I'm interested in them primarily if I already have EMC onsite. Same with ISS. I believe independent security players are more motivated to integrate with other products (security or otherwise). In fact, I worked for one company who had the "problem" that they were often *too* willing to do some "gap engineering" to integrate their products.
This is how it should be.
Oh, and if you followed the link to my former employer above, you'll probably see that they brag about having "3 of the top 12 IT security influencers" at their company. Now, it's a great company with great products and people, but vendors aren't influencers, they should be influencee's! If they truly were influencERS, then we'd all have NAC up and running already. NAC is the wrong product to hang your hat on, no matter what "3 of the top 12 IT security influencers" tell you.
Despite that, I anticipate that security company to flourish without being sucked up by some bigger company. They will survive because they are a pure security play.
Then again, I say that because *I* am a pure security play. I'm not a systems administrator who also does security. Maybe that has colored my vision to the extent that I project it onto the marketplace.
Or maybe I'm just right.
Comments
Heya¡my very first comment on your site. ,I have been reading your blog for a while and thought I would completely pop in and drop a friendly note.
Security Companies in India