We can’t have enough security products

In recent years I’ve taken the opposite view from the analysts and vendors who have been continually predicting the death of standalone security products. I believe the future will be even more security solutions. And that’s a good thing. We should encourage more innovation, variety and competition.

I can understand why big vendors prefer to imagine a future free from single point solutions. But I find it sad and strange to hear customers complain about the number of security products available for them to buy. Bruce Schneier drew attention to that in his report of this year’s RSA Conference. His observations were correct, though I disagree with his forecast of the death of end user attendance at large exhibitions. In my view these events will go from strength to strength, as products proliferate and security becomes even more fashionable. 12,500 visitors are reported to have attended Infosecurity Europe. Next year’s event will be even bigger.

There are several reasons for the frustration of users. The market is immature and inefficient. Products are improving but marketing is still weak. I know that because I advise many start-up companies and venture capitalists. But inefficient markets present business opportunities. And networks are a powerful tool for improving searches and communications. That will all get fixed over time.

It’s also becoming much easier for customers to deploy new products when offered as Software as a Service. That at least overcomes the complaints of operations staff about the number of different boxes they have to install in their equipment racks.

I’ve pointed out before that acquisition of smaller products by bigger vendors will not reduce the number of standalone security products. The problem space is huge and growing. The solution space is tiny by comparison. What we’re really lacking is imagination. There is plenty of existing academic research to underpin dozens of new security product concepts that would deliver value to customers. I can think of several that are easy to build and that customers would buy. But we keep seeing variations of the same solution. A lack of creative product development is the real Achilles’ heel of the security market.