The creation of genuinely new security technologies has
reached a plateau, as IT security reaches a level of maturity,
analysts told the RSA Security Conference this
month.
The analysts said IT security suppliers had moved on from a
phase of developing breakthrough security technologies to making
their existing security technologies work more effectively.
The trend, which reflects how security technology is changing
from a specialist into a commodity item, would have significant
benefits for IT departments, analysts said.
Laura Koetzle, vice-president and research director at
Forrester, said this year's RSA show had little new technology on
display in the exhibition stands.
"There is not much shiny new technology out there, and that is a
good thing. Enterprise customers need solutions to their actual
problems, things that can be integrated well and allow them to
expand their companies," she said.
Chris Christiansen, vice-president of security products and
services at IDC, agreed. "That we are not seeing a lot of change is
a great thing. That we are not seeing new earth-shattering products
coming out addressing problems that we aren't really sure exist is
a step forward," he said.
Security conferences were attracting more business-focused IT
professionals and fewer pure technologists, the analysts said.
As time goes on, IT security will become part and parcel of the
IT infrastructure, rather than a series of add-on products. Smaller
IT suppliers would merge with large firms to become IT
infrastructure firms, rather than pure security providers, the
analysts said.
This has already started to happen, with the merger of Symantec
and Veritas and the merger of RSA and EMC, in both cases creating
companies with expertise in storage and security.
"IBM wants to have a security story. Symantec wants a broader
datacentre strategy. That puts them in the same league," said
Andrew Jacquith, senior analyst at Yankee Group.
But the analysts poured cold water on predictions made at the
conference by Art Coviello, RSA president and executive
vice-president of EMC, that standalone security companies would
disappear completely within three years.
Christiansen said that security differed in one key respect from
other maturing industries - it was engaged in a constant battle
with criminals intent on trying to break its products.
"In a lot of industries you see a maturation process, where
growth slows and the industry matures to a few companies," he
said.
"The difference is, in other industries you don't have a threat
environment, with hackers, crackers and industrial espionage
looking for gain. You don't have a level of ingenuity out there
trying to crack products. For that reason alone, you will see
innovation coming from small companies."
Jacquith said, "There has been an awful lot of money flowing
into information security over the past few years. There are an
estimated 700 to 3,000 companies doing security. They can't all be
winners. It is not a question of standalone or not. The chickens
are coming home to roost."
Koetzle said that large security companies would continue to
rely on smaller firms to develop innovative ideas, buying up the
most successful.
She said the garages where enthusiasts develop breakthrough
technologies would continue to be snapped up by large companies.
"Some of them are going to solve problems we genuinely have and be
successful," she added.
Christiansen said that investors would look at the research
coming out of universities for opportunities to form new companies
to exploit security innovations.
RSA merger paves
way for integration
David Lacey’s
security blog
The latest ideas, best practices, and business issues associated
with managing security
Stuart King’s
risk management blog
Dealing with the operational challenges of information security and
risk management
Comment on this article:
computer.weekly@rbi.co.uk