IT Leaders Rattle Security Nerves

Product enhancements could speed industry consolidation

The it industrys largest players keep baking more defense features into their products—a trend that could accelerate the rapid shifts in a market experts already expect to consolidate.

Since January, companies such as Cisco Systems, EMC, Intel and Microsoft have aggressively promoted expanded security in their products. In cases such as EMCs buyout of rights management specialist Authentica in March, leading technology companies are buying the new capabilities and products.

In other instances, as with Intels recently announced VPro line of processors, companies have sketched out plans for features that could even eliminate the need for some types of security applications.

Few believe those efforts, or Microsofts pledge to deliver a more secure operating system with integrated security tools in Windows Vista, will push major security software companies out of business. But industry watchers say the work will have a long-term impact on smaller players and the sector as a whole.

"I think some people were still scratching their heads when we bought Authentica but certainly not our customers," said Dennis Hoffman, vice president of information security for EMC, in Hopkinton, Mass. "Customers are asking all the major platform providers to build security into their technologies."

Hoffman said he believes end users have tired of the need to acquire additional technologies for protecting almost every form of IT. This shift in demand will undoubtedly have an impact on technology-buying patterns and could evoke a storm of consolidation, he said. "People are telling us that they dont want to have to buy boxes to secure boxes, or third-party applications for their software: They want us to build it in rather than bolt it on for themselves," Hoffman said.

From Intels perspective, the announcement of expanded security efforts in its upcoming VPro line of PC processors shouldnt be seen as a threat to anti-malware or network defense vendors, as the effort will, in fact, use partners such as Symantec to build the software agents that help its chip-partitioning technology work.

However, if the company succeeds in greatly increasing the overall security of the computers bearing its components, users could end up spending less on applications meant to do the same thing. Intels VPro chips will employ virtualization technology that promises to partition a PC so that it runs different types of software simultaneously and to set up a new type of security checkpoint inside each machine.

"Will we put security software companies out of business? No, but we will change the way they do business," said Gregory Bryant, general manager for the Digital Office Platforms Group at Intel, in Santa Clara, Calif. "I dont think they should see us as a threat, but were attempting to change PC architecture at a platform level to make information inherently more secure."

Some analysts predict that the trend toward large IT platform providers developing greater security features will only accelerate a torrent of industry consolidation among anti-malware and network defense applications makers that may already be overdue.

Specifically, experts said companies marketing applications that address only one area of technology, as opposed to vendors of large integrated packages of security applications such as Symantec and McAfee, will be forced to join forces or be swept up by larger players.

John Pescatore, an analyst with Gartner, in Stamford, Conn., said that its inevitable that as larger platform players arrive and the security market matures, there will be a thinning of the vendor herd.

"As the Microsofts of the world get better at eliminating vulnerabilities, security products will become less necessary, but it might take as long as a decade for this to play out," Pescatore said.

John Worrall, vice president of marketing for authentication and identity management specialist RSA Security, in Bedford, Mass., said his companys late April buyout of PassMark Security, which specializes in tools used by businesses to grant Web site access to customers, is emblematic of consolidation in the industry.

Worrall doesnt see such deals as meaning that the security industry is poised for contraction, though. "I think youll see a lot of merger activity taking place but also a lot of new investment coming into the industry. Our view is that security remains something that needs to be an area of specialty," Worrall said. "In addition to the deadlines were used to working under, which dont [jibe] with the sort of product schedules weve come to expect from big platform companies, customers will need vendors that can help manage security across those platforms; if there is one thing these companies are known for, its that they dont historically play well together."