There is a plethora of security vendors in the world today, many of which are not going to get any bigger. Security startups struggle to get broad horizontal traction, and I have talked with many vendors who insist that everyone must have their product. However, most security vendors simply do not grow to be very big, primarily because their product line is not obviously needed by everybody.
The recent demise of ConSentry Networks Inc., a switch-oriented NAC vendor, serves as a sad reminder that security often only has niche appeal. Smaller privately held vendors may need to go vertical to best understand how to serve the business and to survive as a company.
Enterprises choose security products that fit best within the specific needs of their environment based on functionality, performance and manageability. For instance, rights management protects organizations with long controlled development to revenue cycles (such as automotive or pharmaceuticals), but is far less compelling in other scenarios.
Security vendors should realize that businesses will rarely change processes for the sake of security; security has to complement the business infrastructure. Furthermore, very few organizations are embarking on large corporate-wide security deals. Security vendors will be forced to think tactically and reactively for the next few quarters to position themselves for growth when economic confidence returns.
Build vertical expertise
Security deals are going to be awarded to the vendor that best fits within a broader application context. Vendors will need to have experts in key vertical operations, especially finance, healthcare and the federal government. For instance, if you are a DLP vendor you better understand the protocols, regulations and business practices of healthcare organizations to be able to compete.
Security is seldom an enabler, or a good source of ROI analysis, unless it dovetails with the business. As a vendor, assess your strengths, weaknesses, opportunities and threats to create organizational responsibilities and product roadmaps for key verticals.
Encourage just-in-time security
Security deals are going to be more reactive than proactive for the next few quarters as enterprises conserve cash while hanging on for a healthier economy. Organizations will tactically buy security to complete a program such as launching a new product initiative, displacing an incumbent to save costs, or merging systems after an acquisition.
Vendors should be thinking of building in success measurements while latching onto projects. These measurements and metrics of functional performance will be crucial in expanding projects to corporate-wide deals when the economy recovers.
Keep an attitude of security excellence, but keep it in balance
Security products need to fit easily into various customer infrastructures and application architectures. Since no two customer environments look alike, security vendors will need to be ultra-flexible in how they deliver security. It is a delicate balance for vendors, including cases where customers will desire lesser security in exchange for easier administration or better user experience. Deliver security excellence first, but be sure to have minimal impact on business processes.
IT has shortened their list of strategic projects and is mostly taking on tactical projects. Smaller security vendors without the resources for a broad-based assault on the market should strongly focus on getting vertical.
Eric Ogren is founder and principal analyst of the Ogren Group, which provides industry analyst services for vendors focusing on virtualization and security. Prior to founding the Ogren Group, Eric served as a security industry analyst for the Yankee Group and ESG. Ogren has also served as vice president of marketing at security startups Okena, Sequation and Tizor. He can be reached by sending an email to firstname.lastname@example.org.