Mergers, plunging stock prices and quarterly earnings misses are slowly becoming as representative of Hewlett-Packard as printers, PCs and enterprise computing. Still, the Silicon Valley giant carries a solid reputation as a trusted innovator in the industry, and it's that brand name that a Hurwitz Group analyst believes will be one of the biggest boosts to HP's newly expanded North American security consulting practice.
HP announced Monday at the Computer Security Institute's annual conference in Washington, D.C. that it was expanding its security services and consulting offerings in an attempt to build on a similarly successful venture in Europe.
"The security consulting space is defined by who you know and who you trust," said Pete Lindstrom, senior analyst of security strategies for the Hurwitz Group. "Certainly, HP's name is trusted, therefore, it has reasonable potential in the security space."
Yet, Lindstrom cautions that HP may have a difficult time differentiating itself from the established players in North America.
"I am not sure there is anyone in the consulting space who can offer something others can't, at least among the high-end players," Lindstrom said.
HP's announcement was threefold Monday. First, it announced that it had completed a hiring program with security consulting firm Internet Security Advisors Group, bringing their staff of consultants and researchers to the fold. Also, HP named influential Ira Winkler as chief strategist. Perhaps the linchpin to the initiative is the creation of a security services center in Bellevue, Wash., that will open next week.
"HP has had hundreds of security consultants working for much of the past decade, but most people don't equate HP with security consulting services in the U.S.," Winkler said. "HP is strong overseas in this space, but we want to expand that awareness in the U.S."
Lois Boliek, the practice principal of HP's consulting practice, said that HP's biggest challenge might be marketing.
"Security is one of the best-kept secrets at HP," Boliek said.
The security services center will meld Internet Security Advisors Group's professionals and clients into the HP practice, offering a proactive approach to solving crucial security issues for HP's Global 2000 customers, Winkler said. The center will be a mixed hardware and software production environment, according to Boliek. It will be an open environment offering assessment services for the enterprise as well as wireless and telecom environments, and penetration services. Security research will also be a hallmark of the center, Winkler said.
"This is a unique combination of research and consulting," Winkler said. "Early on in this market, a lot of these security consulting companies entered into the arena with a lot of venture capital money. Many of them have been shut down or acquired as the VC money dried up. In other cases, research efforts were the first thing to be cut. HP doesn't have this problem. We deliver services and we can keep our edge with our ability to do research."
Lindstrom pointed out that security service providers like Guardent, atStake and Foundstone are well known for their security research, but did acknowledge that HP may be able to make a dent with research as a differentiator.
HP Security Services
• Security awareness seminars, discovery workshops, assistance with security strategy and policy development
• Risk mitigation services, penetration testing, information security risk assessment, infrastructure assessment, firewall functionality assessment, telecom access assessment, wireless access assessment
• Infrastructure services, IT management for security and security product implementation and integration
• Security integration services, including PKI, portal solutions, authentication and authorization, wireless products, smart card integration, directory services, Internet data center security
"Research is not necessarily unique," Lindstrom said. "Research is both necessary and costly, requiring management strength and foresight to maintain their mission."
Winkler pointed out that HP's research and development arm, HP Labs, will contribute to the security center doing work on hardware, software, services and even hacker research. Winkler's Internet Security Advisors Group consultants and HP Labs will supplement each other.
"Some of these people are white-hat hackers responsible for putting some notorious hackers in jail," Winkler said. "Many are former system administrators and they make the best security technicians. Because, what is good security, but good system administration. They know their systems best and how to find vulnerabilities. They are best able to ensure a secure infrastructure."
Winkler is an asset as well, according to Lindstrom.
"Ira Winkler is well-known in the security space and most likely brings a decent Rolodex to the consulting space," Lindstrom said. "Often, finding strong security and consulting skills can be difficult."