Is the security market's rapid consolidation a natural evolution or survival of the most intelligently designed?
We've all heard the horror stories: Company X buys company Y and all customer support goes out the window; calls go unanswered, promises are broken and frustrations mount. Yet while the transition can be difficult, vendor consolidation is a good thing for the security industry for a number of reasons.
First, let's talk about the capacity of the security market. There are more than 700 companies touting their security wares, and, despite an onslaught of emerging threats, the security market can't sustain that sheer number of vendors.
Now, let's move on to integration. Users want to deal with fewer players--not more--and they want comprehensive and integrated suites. While you can argue the merits of a best-of-breed approach, today's security vendors don't do a particularly good job of integrating products. Fewer, larger players offering plug-and-play capabilities will make your job easier.
And how about dollars and cents? Larger vendors can sell you a suite of products and have the flexibility to offer great discounts--which spells savings for you. Small companies may have more functionality or enhanced capabilities but I am going to guess that some of the whiz-bang technology is not necessary.
The fact of the matter is that vendor consolidation is happening at a brisk pace with no end in sight. As illustrated in Marcia Savage's "Game Over?", more than 40 acquisitions have occurred in the past four years. Given that the acquisition trend is fueled by larger companies being unable to innovate and develop security products quickly enough to meet user demand, we're likely to see more acquisitions, not fewer, over the coming years.
This is natural market evolution at work: Markets are formed based on need. Small, innovative entrepreneurial players get into the market; the technology becomes mature and commoditized; and larger, stronger players pluck up the smaller guys while the rest grab at the table scraps.
But what at first blush looks like natural evolution takes on prescient qualities of, dare we say, intelligent design. Cisco, Microsoft and other industry heavyweights are embedding security in their products. Their technologies, which include Microsoft Network Access Policy (NAP) and Cisco Network Admission Control (NAC), will impact both you and the market's evolution. While streamlining security management, they will force future market consolidation because they will be able to handle security functions that are now performed by other devices and technologies.
Down the road, such consolidation of security power might enable Cisco, Oracle, IBM and Microsoft to divvy up the security market by making security a function rather than a product.
Will such evolution result in better security products? In theory, yes. Products will be more tightly integrated and IT security practices more uniform--but malicious coders will always find a way to mutate their attacks and, in doing so, keep one step ahead of the security evolution. In the end, the security market will become a well-defined food chain, where the fittest rule but will be forced to morph as smaller competitors nip at their heels with leading-edge technology.
And that leaves business users with the most intelligently designed security products.