NetApps announced acquisition of Redwood City, Calif.-based Decru is a natural response to industry and customer pressure for better data security, said Brian Babineau, an analyst at Enterprise Strategy Group of Milford, Mass.
"With all of the headlines generated by CitiGroup, Bank of America, Time Warner, ChoicePoint and others, information privacy was starting to get a lot more attention," he said. Regulations like the Health Insurance Portability and Accountability Act (HIPAA) and California SB 1386, which requires organizations to notify people if they have breached the security of their personal information, also have contributed, he noted.
All of those factors—plus the governments somewhat uncharacteristically quick adoption of security technology—have prompted the storage industry to think much more carefully about adding security to the storage portfolio, Babineau said.
Although it wasnt clear which storage vendor would take the first major step toward more comprehensive data security, it was clear that one of them was going to do it—and soon, said Rich Mogull, a research vice president in the information security and risk division at Stamford, Conn.-based Gartner Inc.
"We were expecting something like this to happen, and NetApp happened to be the first," he said. "But there are others that have been poking around the market as well."
Other storage vendors have made partial attempts in the past to increase security—notably the encryption of the accelerator cards for IBMs tape drives and Veritas software-based solution—but none has done so in such a comprehensive way, Mogull said.
By acquiring Decru—one of the two most marketable and mature data security vendors on the market—NetApp stands out as making the strongest commitment to data security, Babineau said, especially given its other partnerships.
"Now NetApp can walk through the door with IBM, the Veritas/Symantec partnership and the new Decru technology and have a tremendous conversation with the chief information security officer about how they can secure data across the entire enterprise."
NetApp also may have been prompted by the Symantec/Veritas deal that took place a few months ago. "My take is that NetApp did significant due diligence after they saw what happened between Symantec and Veritas," he said. "And since they already had a partnership with Decru, they just started to look under the covers to see what they could come up with."
NetApps bold move into data security probably will increase customer interest as well, Babineau said, citing a recent ESG study of 400 IT and security professionals, which noted that 46 percent view their storage vendors commitment to security as marginal or weak. "NetApp automatically gets a check for having a strategy for data security that no other storage vendor has today."
Competitors are likely to sit up and take notice of these two mergers and begin formulating acquisitions of their own, if they havent already, Mogull said. Likely candidates are EMC, IBM and Sun Microsystems Inc./StorageTek.
EMC perhaps has the most to lose by failing to improve its data security offerings, Babineau said.
"EMC is on the side of the road with its hands in it pockets without a security strategy," he said. "Eventually it will come back to hurt them if they dont come out with a stronger statement on information security, data at rest protection and encryption."
But all of these vendors stand to lose if they dont shore up their data security strategies, said Michael Fisch, director of storage and networking at The Clipper Group Inc., in Wellesley, Mass.
To compete effectively, NetApps competitors either will have to keep working with NetApp or acquire NeoScale, Decrus prime competitor, he said. There are other, small vendors in the market in addition to NeoScale, but NeoScale is the most marketable, Fisch said.
Largely because of NetApps move, NeoScale and its compatriots are now more marketable than ever before.
"The value of the other players in the data security market just went up," Fisch said.