However smart or daft you think Intel might be to pay a hefty premium of 60% to buy McAfee, there's no doubt that this $7.7 billion
acquisition represents a major event in the security solution space. It's worth
considering for a moment the underlying logic and consequences of this surprising move
Business fashion is clearly a factor. The pendulum is swinging towards vertical technology companies, after decades of horizontal
specialization. Of course, this might be no more than this year's fad. Pendulums eventually
swing back, whether driven by customer preferences or vendor ambition. The
pendulum for outsourcing, for example, has just swung from mega-sourcing to
multi-sourcing. That trend's clearly going the opposite way.
Financial circumstances must have a bearing. Intel has a
huge amount of cash and, like anyone else in that position, will be
struggling to find decent investments that can meet their appraisal
criteria. McAfee also has a higher profit margin, which might enhance Intel's
P&L account, at least in the short term. These considerations, however, are
more of a supporting argument than a driver for the
acquisition.
In fact the real motivation behind the deal is an initiative
to embed more security in hardware. Intel confidently believes that McAfee's
security technology will help create "hardware-enhanced security." They
see security as the "third pillar of computing devices" (in addition to power
efficient performance and Internet connectivity). This is a great idea in theory. It will help build
the higher assurance solutions we need for the future, and help us shoe-horn security into the growing multitude of non-PC, Internet-connected devices. Intel and McAfee are
reported to have been working on such developments for some time.
No doubt other chip makers will be thinking on the same lines. But why pay
over the odds for a company when you can simply partner? And why pick an aging
software security company, dominated by an overriding commercial interest to
milk a fat cash cow? McAfee themselves claim that they have the "core
security DNA" to help develop Intel's future security capability. The problem is that contemporary security technologies are not the best basis for responding
to emerging security challenges. Many have reached their sell-by date. Some
never delivered on initial promises. Security vendors have yet to satisfactorily
solve yesterday's problems, never mind tomorrow's challenges.
In an ideal
world, we would ditch our clunky legacy solutions and develop better
technologies. But innovation is thin on the ground in a security market that seems content to adopt common practices that often fall well short of the best
available. Users prefer familiar concepts to experimental ones.
Past experience of security acquisitions by large
vendors has also demonstrated high risks of culture clash, restructuring
pains, and a loss of momentum in further product development. Smart, innovative
competitors can benefit from these distractions. Large companies are less agile
than smaller ones.
But new developments in hardware security will require a solid security base. McAfee can bring this to the table. The real enabler for hardware security, however, is trusted computing, and the foundations are already out there in the form of hundreds of millions of TPM chips
in laptops and servers. Exploitation of this capability is still in its infancy,
but that will come with time. Many laptops are being shipped with self-encrypting
drives - a vast improvement on software encryption - yet few laptop purchasers
seem aware of this. And when skilfully combined with virtualization technology,
trusted computing offers tremendous opportunities for innovative, security
solutions.
So hardware security is certainly coming our way, though it
might not take the form initially suggested by an Intel/McAfee merger. In fact,
a smarter and cheaper option for a chip manufacturer might be to buy Wave
Systems, a security vendor specializing in hardware based trusted computing solutions.
Recent Comments