I’ve covered the information security industry for more than a decade and seen plenty of security companies come and go. Remember Entercept? How about Riptech, Neoteris or Teros? All were energetic startups that made a splash before being swallowed up by larger vendors.
In fact, if there’s been any constant in the industry over the past 10 years, its consolidation. Symantec’s been one of the biggest buyers, acquiring 23 companies between May 2005 and last August. Its purchases include some big security players, such as Verisign’s security business and PGP, as well as some outside of security like Veritas. McAfee (which has been through several incarnations, including being part of the old Network Associates) has gone on its own shopping sprees, snapping up Foundstone, Reconnex and Secure Computing, among others, before being acquired by Intel last August.
McAfee getting bought by chip giant Intel surprised many in the industry, but the deal was part of an ongoing shift in information security market consolidation. In addition to security vendors snapping up other security vendors, increasingly we’ve seen large tech companies outside of the traditional security space like EMC, HP and IBM buying security players. These industry heavyweights say customers are fed up with managing so many point security products and contend that their integration will drive a more holistic approach that provides better insight into a company’s security posture.
But is this truly the wave of the future for security? Will best-of-breed protection disappear and the market left with a few big players? I don’t think so, at least not anytime soon.
Certainly, if vendors follow through on their promise of better integration of security technologies, it could provide a measure of relief for enterprise security managers. According to a survey of 2,456 IT practitioners in the U.S., U.K., France, Japan and Germany by the Ponemon Institute, managing the complexity of security is the top information security challenge facing companies in all of the countries in the study. The survey, which was sponsored by Check Point Software Technologies and released earlier this year, showed that on average, respondents in the U.S. and Germany count seven security vendors in their environments.
That’s a lot to juggle. At the same time, though, many enterprises tend to favor best-of-breed technologies. And few security managers are eager to put all their eggs in one basket when it comes to protecting their company’s sensitive data. Plus, from what some IT managers and industry say, the large IT vendors have a ways to go on following through on the promises of integrated technologies.
Moreover, there are always going to be new security problems to solve, leaving plenty of room for innovation by small companies that are enthusiastic and nimble. For example, new companies have sprung up with technologies for combating the growing problems of botnets and online banking fraud. And cloud computing has already spawned a handful of new security vendors looking to solve the problems of encryption, identity management and server security in cloud environments.
Most likely, these startups eventually will be acquired, continuing the consolidation trend. But today, security is too vast of a problem to be solved by a handful of technology providers.
Marcia Savage is editor of Information Security. Send comments on this column to firstname.lastname@example.org