Friday, April 25, 2008

Where have all the Products gone?

Today we have a guest blogger! Steve has been a long-standing friend of the company and has been involved in the IT security industry since the early 1990's, where he managed the European Operations of CheckPoint. We caught up at one of Europe's busiest events, the Infosec Show at London Olympia.

Here's what he had to say.

Being the first day of the Infosecurity Show in London my eye was caught by the comments of Security Industry guru, Bruce Schneier, now CEO of BT Counterpane.

Bruce reports hearing an increasingly familiar comment at the RSA conference in San Francisco. "I can't figure out what these security companies do!". I would go further and suggest that, if he could figure out what they did he probably wouldn't want them anyway, because often they are not a solution to a problem he will recognise. Because he is unlikely to be the actual customer. As the recent rash of acquisitions shows, for many IT security vendors their "product" is just a future feature, of another vendors products.

It's like the evolution of the automobile; Bodywork, Lights, Speedo's, Rev counters, Disk brakes, Radios and SatNavs were once all retrofit products now they are standard features.

Here are a few security related examples
  • SSL VPN: Unlike MPLS, this was absorbed into the Firewall business, with Firewall vendors selling VPNs and vice versa.
  • Hard-disk encryption: A "no brainer" for laptops and Seagate now bundle it (though I still recommend Pointsec).
  • TCP/IP for PC's: Not security but I like the example; FTP Software, SUNsoft, Wollongong - all distant memories.
  • PKI: Baltimore... need I say more?
In some cases the solutions are so esoteric no one could justify the expense, or so invasive to deploy, the CIO cannot build an ROI anyone really believes.

So, for general business and consumer consumption, IT Security products will further become features; Firewalls in routers, encryption on desktops, PKI & SSL VPN capability built into everything and Antivirus/SPAM increasingly dealt with in the cloud, and so it will continue even applications will become more secure by design.

Saying all this, the next SatNav-like feature will probably still surprise us, maybe not as critical as brakes, but certainly meeting a customer need they didn't realise they had.

IT Security is an enabler, but it is not the application that drives the business. So, I will be at Infosec over the next few days looking for new security "features" that will eventually become part of business solutions. Things that will contribute to my customers bottom line, things like: Virtualisation, Unified Communications, and Smoother Transaction Processing.


More of Steve's postings are to be found here.