Dueling RSA Keynotes: Security Vendors Chose Different Roads To The Future

The crowd was barely seated at the news conference following Tuesday's EMC and RSA keynote at the RSA Conference when RSA president Art Coviello preempted the first and most predictable question. About an hour earlier, he'd predicted the end of standalone security businesses within three years, saying, "The value of security as a standalone solution is diminishing."

At the news conference, he clarified that his prediction wasn't meant to be the harbinger of doom for a market from which his company had recently exited when EMC snatched up RSA for $2.1 billion in September. He was simply expressing the need for security "to be built more and more into an infrastructure," he said. "If I'm proven wrong about the timing, I won't be proven wrong in the need for this." Coviello did acknowledge, however, "There will always be a place for innovative startups."

For his part, EMC CEO Joseph Tucci, who shared the news conference with Coviello, made no promises that his company was putting away its checkbook, although he did say that EMC was likely to spend most of 2007 focusing on the integration of the dozens of acquisitions it's made over the past few years. This came after EMC announced it planned to acquire Valyd Software, a provider of biometric user-identification technology. EMC didn't disclose the amount of the offer for Valyd.

EMC's message contrasted sharply with Symantec chairman and CEO John Thompson's observation during the following keynote that "no one security company will secure everyone to the extent they can provide the level of confidence needed to assure trust across the entire Internet."

While Symantec certainly shares the philosophy held by EMC, Cisco Systems, IBM, and other infrastructure vendors expanding into different aspects of security, Symantec holds the distinction of being the one vendor that began in the security market. In fact, Symantec's driving force has been expansion beyond security. Its recently announced plans to spend $830 million to buy Altiris, a maker of software for managing of PCs, servers, handheld devices, and other endpoints trying to connect into corporate networks, has received mixed reviews.

Symantec first needs to understand that asset management and endpoint configuration management products are "notoriously complex to sell," Sageza Group analyst Tony Lock wrote in a research brief when the acquisition was announced. Unlike Veritas, which Symantec chose to integrate internally, Altiris will be run as a separate business unit, wrote Murray Beach, president of M&A International and Boston Corporate Finance, in a recent research report. Symantec is looking to add Altiris' strengths as a provider of software for managing network endpoints while complementing Symantec Bindview offerings with Altiris' change management and configuration management capabilities, Beach added.

Despite Symantec's commitment to expansion, Thompson made it clear that security technology and services must continue to be offered by companies that specialize in the protection of data, networks, and systems. "Who would entrust one company to do this? You wouldn't want the company that creates your company's operating system to be the one to secure that operating system," he said, in a remark that elicited some applause. "It's a conflict of interest."

Still, the contradicting views expressed Tuesday by Coviello and Thompson on the future of the market for security products doesn't alleviate the fact that, although companies continue to spend on security, they don't necessarily feel any more secure.