Down To Business: The End Of Security As We Know It? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

04:55 PM
Rob Preston
Rob Preston
Connect Directly

Down To Business: The End Of Security As We Know It?

The big, acquisitive infrastructure vendors insist that security inevitably will be built into their architectures, but critics rightly warn of the pitfalls of a fully integrated approach.

Since the dawn of time, IT customers and vendors alike have debated "best of breed" vs. "integrated solution." Preaching lower total costs, simpler management, and ease of use, the biggest software vendors have pushed ahead with their integrated "platforms," sometimes to the chagrin of the competition authorities.

Windows is now crammed with Web browsing, media playing, and other adjunct features. Enterprise application suites pack supply chain and CRM modules. Databases are integrated with analytics tools, and management systems are taking on software distribution, compliance, and other capabilities. Best-of-breed software vendors still compete at the edges, but the platform purveyors are taking charge.

Security is a different beast, however. Although the industry is consolidating, it's still populated by hundreds of small to midsize companies that sell intrusion detection, event management, vulnerability assessment, authentication, identity management, network forensic, anti-spam, antivirus, access control, and other point products. The acquisitive infrastructure vendors now insist that security, too, inevitably will be built into their architectures, but critics warn of the pitfalls of a fully integrated approach.

Art Coviello, president of RSA Security, acquired by EMC last year, told the audience at his RSA Conference in San Francisco last week that security must be built "more and more" into infrastructure to assure active, manageable defenses. He predicted the demise of the standalone security industry within three years. "If I'm proven wrong about the timing," Coviello said, "I won't be proven wrong in the need for this."

Not so fast, said John Thompson, CEO of Symantec, the largest of the "independent" security vendors. Security products and services must continue to be offered by specialist companies, he said in a separate conference address. "Who would entrust one company to do this?" Thompson said. "You wouldn't want the company that creates your company's operating system to be the one to secure that operating system. It's a conflict of interest."

Not that Microsoft or its infrastructure brethren Cisco, EMC, and IBM are conflicted about building the best security they can into their software, networking, storage, and management platforms. But what about interoperability with other products? Independent security vendors will remain critical as long as every last customer isn't a card-carrying Microsoft, Cisco, EMC, IBM, or some other shop. Before his Internet Security Systems was acquired by IBM last year, CEO Tom Noonan argued that big infrastructure vendors such as Microsoft and Cisco have no incentive to work with competitors on security. Doesn't that reasoning also extend to IBM Tivoli, which is now building ISS security into its management infrastructure?

But customers also can't manage 32 separate security vendors and their products--a number cited by Noonan last week as the average these days for a large enterprise. IT security spending continues to grow at three times the rate of other tech investments, he said, "a pretty unsustainable business problem."

Customers are conflicted. When asked to rate their most important criteria in selecting a security vendor, the 966 U.S. respondents to last year's InformationWeek Global Security Survey picked "integration considerations" fifth, behind the technical strength of the product, total cost of ownership, vendor service and support, and pricing. More than half of those companies said the most compelling reason to build their security around a single vendor would be to reduce the complexity of managing the technology, not so much to improve their security. However, in Europe, China, and India, where a total of 1,227 companies were surveyed, superior protection was cited as the most compelling reason to go with an integrated solution.

Built-in security may prevail by the sheer force of the biggest vendors' will, but the independents will remain a force for the foreseeable future.

Rob Preston,
VP/Editor In Chief
[email protected]

To find out more about Rob Preston, please visit his page.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Get Your Enterprise Ready for 5G
Mary E. Shacklett, Mary E. Shacklett,  1/14/2020
Modern App Dev: An Enterprise Guide
Cathleen Gagne, Managing Editor, InformationWeek,  1/5/2020
9 Ways to Improve IT and Operational Efficiencies in 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/2/2020
Register for InformationWeek Newsletters
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll