With industry experts predicting a wave of consolidation across the security applications sector, the continued efforts of the IT industrys largest players to bake more defense features into their products could accelerate the rapid shifts in the market.
Since the beginning of 2006, most of the computing worlds largest names have issued new promises of added security in their products, with companies such as Cisco, EMC, Intel and Microsoft aggressively promoting their expanded efforts.
In some cases, such as EMCs buyout of rights-management specialists Authentica in March, leading technology firms are bringing onboard new capabilities and products via acquisitions.
In others, as with Intels recently announced vPro line of processors, companies have sketched out plans for features that could even eliminate the need for some types of security applications in the future.
While few experts say they believe those efforts, or Microsofts pledge to deliver a far more secure operating system with integrated security tools in its next-generation Windows Vista, will push major network defense and anti-malware software companies out of business, industry watchers say there is little doubt that the work will have a long-term impact on smaller players and the sector as a whole.
“I think some people were still scratching their heads when we bought Authentica, but certainly not our customers,” said Dennis Hoffman, EMCs vice president of information security for EMC, based in Hopkinton, Mass. “Customers are asking all the major platform providers to build security into their technologies, and we will absolutely invest, partner and when possible, acquire, to continue to build out information security in our own products.”
Hoffman said enterprises will likely always seek some form of help from independent, third-party security applications vendors, but that he believes end users have tired of the need to acquire additional technologies for protecting almost every form of IT.
This shift in demand will undoubtedly have an impact on technology buying patterns, and could evoke a storm of consolidation, he said.
“People are telling us that they dont want to have to buy boxes to secure boxes, or third-party applications for their software: They want us to build it in, rather than bolt it on for themselves,” Hoffman said. “Every market has aggregation cycles and the small vendor, best-of-breed mentality shifts to one thats more platform-centered; until this happens in the security industry, there will always be a debate if were on the cusp of that.”
From Intels perspective, the announcement of expanded security efforts in its upcoming vPro line of PC processors shouldnt be seen as a threat to anti-malware or network defense vendors, as the effort will in fact utilize partners such as Symantec to build the software agents that help its chip-partitioning technology work.
However, if the company succeeds in greatly increasing the overall security of the computers bearing its components, it would seem likely that users will end up spending less on applications meant to do the same thing. Intels vPro chips will employ virtualization technology that promises to partition a PC so that it runs different types of software simultaneously, to set up a new type of security checkpoint inside each machine.
“Will we put security software companies out of business, no, but we will change the way they do business,” said Gregory Bryant, general manager for the Digital Office Platforms Group at Intel, in Santa Clara, Calif. “I dont think they should see us as a threat, but were attempting to change PC architecture at a platform level to make information inherently more secure; we think our efforts are more complimentary, but some companies will capitalize on the opportunity to work with us, and some wont.”
Some analysts are predicting that the trend toward large IT platform providers developing greater security features will only accelerate a torrent of industry consolidation among anti-malware and network defense applications makers that could already be overdue.
Specifically, experts said companies marketing applications that address only one area of technology, as opposed to vendors of large integrated packages of security applications such as Symantec and McAfee, will be forced to join forces or be swept up by larger players.
Even though he believes that smaller firms will provide many of the new, innovative technologies being brought to market, its inevitable that as larger platform players arrive and the security market matures there will be a thinning of the vendor herd, said John Pescatore, an analyst with Gartner, in Stamford, Conn.
“As the Microsofts of the world get better at eliminating vulnerabilities, security products will become less necessary, but it might take as long as a decade for this to play out,” Pescatore said. “The big guys getting in doesnt mean the end of the industry, but it means the vendors that survive will need to do more for less product-wise; thats how the larger IT market works, its just that the security sector has been able to avoid it up to this point.”
Other analysts say the increased competition from IT platform providers will actually make the security industry stronger by helping to fund new ideas with the money the firms pay for new acquisitions.
“When these large systems and infrastructure vendors buy small companies to add capabilities, that makes money for the people involved that is often reinvested in the security space, unlike in other sectors of the IT market,” said Chris Christiansen, an analyst with IDC, in Framingham, Mass. “Its also fundamentally good for the larger security companies to buy these smaller competitors, as it helps them grow and add innovative new technologies.”
Despite this positive view of consolidation, Christiansen also expressed the same perspective expressed by many software makers over the issue—that there will always be strong demand for new security startups and technologies that grapple with emerging threats.
John Worrall, vice president of marketing for authentication and identity management specialist RSA Security, based in Bedford, Mass., said his companys late April buyout of PassMark Security, which specializes in tools used by businesses to grant Web site access to customers, is emblematic of consolidation in the industry.
Worrall said, however, that the deal and others like it dont mean that the security industry is poised for contraction, or that the increased focus from larger IT vendors will fundamentally change the way applications providers do business.
“I think youll see a lot of merger activity taking place, but also a lot of new investment coming into the industry. Our view is that security remains something that needs to be an area of specialty,” Worrall said. “In addition to the deadlines were used to working under, which dont jive with the sort of product schedules weve come to expect from big platform companies, customers will need vendors that can help manage security across those platforms; if there is one thing these companies are known for, its that they dont historically play well together.”