This article can also be found in the Premium Editorial Download "Information Security magazine: 12 security lessons for CISOs they don't teach you in security school."
Download it now to read this article plus other related content.
Technology purchasing managers and investors have skewered the merger of security giant Symantec and storage stalwart Veritas because of the apparent disconnect: These two companies--their products, channels and customers--couldn't be farther apart. But, Symantec and Veritas do share a vision: a new technology landscape and marketplace that will quickly evolve and affect everyone in the security and storage communities.
The bold merger will dramatically shift the way enterprise customers look at infrastructure software. Symantec foresees a security market that is subsumed by infrastructure and network management; security will become a FEATURE, not a core offering. The merger will give the company an early lead in this emerging space by combining data management and integrity capabilities. It's the evolutionary equivalent of fish leaving the sea and learning to walk.
The biggest obstacle facing Symantec and those that follow its lead is convincing customers that this vision is correct. Here's what the company foresees:
- CSO/CISOs no longer implement technology. With Sarbanes-Oxley and other industry and government mandates, the security executive will transition to a risk and compliance manager, becoming less involved with operations of security technologies. CSOs will resemble consultants and auditors, helping infrastructure and business managers maintain data security
- and ensuring corporate compliance.
- Price trumps best-of-breed. Security managers have traditionally looked to best-of-breed, pure-play security vendors for products and services that create a synergistic, defense-in-depth infrastructure. That philosophy is shifting as enterprises look for cheaper, easier-to-manage, better-integrated products offered by large, one-stop shops such as Cisco Systems, Symantec and McAfee. Lowering total cost of ownership will trump the perceived gains of point solutions that require extensive integration.
- Commoditization drives budgets to infrastructure. Security and IT budgets aren't unlimited. Despite the continued threats to infrastructures and data, the C-suite is still holding back the reins on security spending. These constraints will only get tighter as security products commoditize and their technologies consolidate with applications and infrastructure devices. In short, security managers won't get funding for everything, and dollars will flow toward infrastructure spending that includes network functionality, management capabilities and security features.
The road will be bumpy for vendors and security buyers alike. We're experiencing a wholesale shift in the technology landscape, which will eventually benefit enterprises with better integrated, less expensive secure infrastructure products.
This was first published in February 2005