One-Stop Security?

 
 
By Dennis Fisher  |  Posted 2001-02-26
 
 
 

IT managers looking for one-stop security shopping may soon have more superstores to visit. But whether that will mean a more secure enterprise is uncertain. The one-stop security shop is not a new strategy, nor a proven one. Network Associates Inc. went on a vigorous two-year acquisition spree to offer customers soup-to-nuts security only to scrap the plan last year. This time, Vigilinx Inc., a New York-based security consultancy, is giving it a try. Last week, it acquired its second company of this year, LogiKeep Inc., for its security assessment software. Last month, the company acquired IF SEC, another security consulting company, and it has at least one more acquisition pending, officials said.

So the question becomes: Can Vigilinx succeed where Network Associates failed?

Network Associates, based in Santa Clara, Calif., had hoped to transform itself from an anti-virus software vendor into a network security superstore. But, soon after the plan was implemented, it faltered, due in large part to a lack of understanding of the customer and an overall strategy that former company executives say was doomed.

"Its chaotic, and its impossible to implement," said one former Network Associates executive. "You cant integrate all of that stuff in one company. They broke the company up into business units when they realized its not easy to do that."

Security vendors such as Vigilinx have watched Network Associates rise and fall and think they have learned enough to make the strategy work themselves.

"Security is getting more and more complex, and companies dont have the ability to attract the talent to do it for themselves," said Bruce Murphy, CEO of Vigilinx. "We want to solve the vast majority of the security needs for our customers."

Despite Network Associates public failure with this strategy, the company is trying again, starting with its decision last month to reintegrate its myCIO.com subsidiary into the corporate structure. myCIO.com was spun out last year to repair the damage of Network Associates first superstore strategy. But that approach didnt fare much better, ending with the resignation of the companys CEO, chief financial officer and president amid allegations of accounting irregularities and complaints from retailers that said they were forced to take unwanted inventory.

"We went aggressively after the one-stop-shop strategy two years ago, and we were way ahead of the market in terms of the customers willingness to accept all of those products from one vendor," said Zach Nelson, chief strategy officer at Network Associates and former CEO of my CIO. com. "And frankly, were several years, at least, away from making it work this time."

Still, some security administrators see the strategy favored by Network Associates and Vigilinx as an asset.

"The benefit for us is that we can leverage the trusted relationship we have with a company and dedicate our personnel to their specific security tasks instead of trying to piece together a security infrastructure," said John Hartmann, vice president of security at Cardinal Healthcare, in Dublin, Ohio, and a customer of LogiKeep.

And Network Associates Nelson said that this go-round will be different. For starters, the company will move more deeply into the managed services arena and not concentrate solely on the implementation of its products, he said.

Also, Network Associates executives said they have learned what enterprise customers want and how they want to buy it. The companys big mistake last time, Nelson said, was thinking there was one person in a given IT department who had authority to buy all of the companys security products. Network Associates sales reps found that wasnt the case and ended up calling on three or four people at each customer site.

"The only people who had that authority were the CIOs, and they werent concerned with network security two years ago," Nelson said. "They were worried about their back-end implementations and getting their Web sites ready to handle transactions."

Nelson and Vigilinxs Murphy expect the climate that produced earlier problems to change rapidly over the coming months and years. Nelson said he believes that CIOs and other executives are much more conscious now of the need for security and wont have the time or patience to deal with multiple vendors. For his part, Murphy said he is betting that the future lies in connected security services rather than a menu of loosely related packaged software.

Meanwhile, many other security vendors remain unconvinced of the benefits of such a monolithic approach, preferring to push a best-of-breed solution. OneSecure Inc., a managed security company, has consciously avoided the one-size-fits-all approach.

"We built our service in a way that its easy for customers to go to different vendors for different pieces of their security," said Nir Zuk, chief scientist at Denver-based OneSecure. "If you sell it all, its likely that you wont be selling the best of each thing. We havent seen anyone make this work yet."

Rocket Fuel