Over the last few months, I have been talking with a range of hardware vendors, from those large, full-stack vendors, to the not-so-large, best of breed component vendors.  I have also been in discussions with quite a few datacentre managers, IT directors and business people, about where they see the hardware market going. What is becoming increasingly apparent is that there may well be blood on the carpet before too long.

With IBM, HP, Dell and Oracle, there is a strong move towards a complete vendor stack – all the hardware coming from the one vendor, with as much of the software stack as possible being under their control as well.  For Oracle, this can mean that everything right up to the application itself could be from a single vendor; with IBM, everything right up to the application server and the functions around it such as business intelligence and reporting.  From HP, it could be a full hardware stack with increasing amounts of software built on it; with Dell, a hardware stack built to support a software stack supplied by a highly trusted partner (in this case, Microsoft).  Even Cisco, with its unified computing system (UCS) is in on the game, with an equivalent approach to Dell.

These big guys have been massively acquisitive, plugging holes in their portfolios so that the stack becomes more and more complete.

So where does this leave the best of breed vendors?  Is there a place for the likes of Juniper and Brocade in the network space?  How about NetApp and Coraid – and even EMC - in storage? 

What we are seeing is the emergence of the new mainframe – an architected piece of technology that is tuned to do the total job required of it.  By gaining control over as much of the stack as is possible, the big vendors can gain overall benefits by using proprietary internal systems while ensuring that anything exposed to the outside world adheres to de facto standards.  As a by-product, it also tends to make customers more “sticky”, as moving away from such investments will not be technically or financially easy.

"What is becoming increasingly apparent is that there may well be blood on the carpet before too long"

The user gets systems that can be implemented more rapidly, with less set-up and integration required.  As the user runs out of resources, additional systems from the same vendor can be brought in, plugged in alongside existing units and be absorbed into the overall virtual environment in a (relatively) seamless manner. 

But there will be two issues that will mean the best of breed vendors still have a good run ahead of them.  First, buyers do not like lock-in, and single vendor stacks worry them both technically and financially.  Technically, because as the landscape changes, if the vendor you have chosen does not follow that route, you cannot gain the advantages of a new technology. Financially, because once you are tied into to a specific vendor, then you are at their mercy when it comes to spares, updates, maintenance and so on.  Although high levels of heterogeneity are anathema, complete homogeneity is seen by many as being as bad.

Next is the need to run different workloads in different environments. Oracle is unlikely to be a big player in the Windows application space.  Dell will be Windows with a splash of Linux.  Cisco is focusing on Windows and Linux.  HP is in a bit of a mess at the moment, but is likely to be Windows, plus Linux plus HP-UX .  IBM has AIX, Linux, Windows, iOS and MVS – and is looking at bringing all of these together on its hybrid platform, the zEnterprise.

This is where the best of breed vendors stand their chance.  With different workloads needing different compute capabilities; with different storage needs across, for example, server-based computing, big-data, email and file and print; with networks needing to be far more intelligent as to how they deal with the workloads thrown at them, the best of breeds have to become “better than the incumbent” – not as replacements, but as layered-on capabilities that will extend the capabilities of the underlying compute blocks.

This is what happened in the mainframe world – companies grew and prospered by offering things that the mainframe manufacturers themselves either could not or did not do as they failed to see the need, or saw the need but felt the financial returns would be inadequate.
And anyway – existing investments in standard data centre racks will not go away overnight.

The best of breeds can still look to low-hanging fruit for day-to-day revenues, can focus on morphing to become a vendor of value-add systems, and also keeping an eye out for where the big players still have holes in their portfolios – and trying in many cases to be acquired as that piece of the jigsaw.

Clive Longbottom, 
Service Director, Business Process Analysis
, Quocirca

During the first week of June 2011, Quocirca attended the IT Security Analysts Forum in London which was organised by Eskenzi PR.

This is now an established annual event, having run every year since 2007, and it attracts a surprising number of US-based IT security analysts as well as many of the high-profile European ones.

That seems to be down to its unique (as far as Quocirca is aware) format, which involves two formal sessions over two days with plenty of networking in between.

Day 1 is a kind of speed dating for security vendors with analyst firms. The challenge for the analyst is to take on so much in one go from as many as ten individual vendor meetings.

For the vendor reps, the challenge is to tell their story ten times over without getting bored – something they seem to achieve admirably: most of them are still smiling at the final meetings scheduled to end at 18:00.

The event attracts a wide range of vendors, from the largest – HP eager to talk about its recent acquisitions that have seen it re-enter the IT security market – to the smallest – Iddapcom wanting to raise the profile of its software for testing firewall configurations. Perhaps the main reminder for Quocirca after such an intense session is that there is always more than one way to skin the IT security cat.

For example, a pressing issue is the protection of data. You can move it about on encrypted memory sticks (Kingston Technology), encrypt data on end points and during transmission (SafeNet), locate and make safe/wipe lost devices (Absolute Software), restrict access to data (Varonis), or stop it leaving the organisation in the first place (M86). Few organisations need all of this protection, but a wise selection will go a long way towards providing the protection needed.

Day 2 is chance to meet the real-world practitioners of IT security: the CISOs (chief information security officers). The event is now attracting some of the top UK-based CISOs. The Chatham House rules under which the event is run prevent Quocirca from reporting the names of the companies or individuals represented, but some of the biggest banks, oil companies, pharmaceutical manufacturers and media organisations were there.

Many of the topics discussed were raised by the CISOs themselves. Perhaps the most interesting thing was an issue not raised explicitly by the CISOs: cloud computing.

Although it has hard to avoid the topic in any discussion about IT these days, the old questions – "should we", "shouldn't we", "can if ever be secure" – have disappeared with an implicit acceptance that the cloud is now an integral part of the delivery of IT. As one participant said: "Well-run public cloud infrastructure can be indistinguishable from internal IT infrastructure."

It was agreed that getting the contracts right was as important as security when engaging with cloud providers. Some complained there was not enough choice. Others stated that due diligence was needed when dealing with smaller providers to ensure SLAs would be delivered on.

Having said that, some complained that standards of service may drop off when a small cloud provider is acquired by a larger established IT vendor. It was also noted that regulators do not really understand the public cloud.

With that in mind, the CISOs raised plenty of concerns about business risk and governance – for example, how to determine the impact of managing data across different environments and how to quantify and assess the impact of IT security failures. One priority here was to ensure a media strategy was in place for when the inevitable occurs, and this strategy must include new media.

Another issue accepted as a reality was the rising tide of IT consumerisation. First, this includes the acceptance and control of consumer-based cloud services such as Facebook and Twitter. Most CISOs accept the use of these as inevitable and now govern their usage thorough a mix of HR policy and technology.

Second, it covers the use of personal devices to access IT. The rise of the iPad, the iPhone and the Android smartphone were accepted, and most CISOs seek to enable their use (or, in some cases, saw no way of easily preventing it).

There was a discussion about working with auditors: are they friends or foes? Most agreed that, however you view of them, it is better to work with auditors, rather than against them, and that they could also be a source of free advice, with useful experience from a range of industries. Some CISOs said their agenda was largely driven by auditors.

And there is demand for all those vendors with products to help securing the use of data. Most CISOs said they enforce encryption, at least on Windows notebook PCs. Nearly all the CISOs said they had a policy for using secure USB drives ("if laptops are encrypted, why would you not enforce it on USBs too?").

However, it was agreed that more than encryption is needed, including controls to keep sensitive data of the network wherever it is possible to install them. Perhaps the most interesting admission was that, in the age of WikiLeaks, one of the best strategies was to be more transparent and publish data more widely, only protecting the data that really needs to be protected: "If only we could persuade users to classify it in the first place."

One CISO bemoaned the numerous sales calls he received and advised vendors to wait for him to call. This advice is unlikely to be heeded; the sales process will go on. One day he will be sitting a draft living room aghast at the size of the heating bill and a double glazing sales rep will happen to ring with a special offer: "How fortunate!" he will think.

The CISOs also had some advice for us analysts. Make it clear when personal opinion is being provided as opposed to opinion gathered through research. Don't just say what is happening today; say what is coming down the line. And keep reports short; there's no time to read long ones. Time to polish the crystal ball, and this article has probably gone on long enough already.

Bob Tarzey, analyst and director, Quocirca

Xerox’s acquisition of NewField IT, a UK-based print consultancy and software solution provider, follows hot on the heels of HP’s acquisition of Printelligent, a US-based managed print services provider. With both HP and Xerox looking to expand the penetration of MPS to SMBs and midmarket organisations, the acquisition of these companies provides the additional capabilities that both companies need to ensure higher penetration rates.

This market remains a largely untapped opportunity for channel partners to capture on-going service revenue opportunities in an increasingly commoditised hardware market – the acquisitions enable both HP and Xerox to approach SMBs via the channel with a services-led model that provides distinct business value to the customer.
 
Xerox and NewField IT
Xerox’s acquisition Of NewField IT cements a long-established relationship between the two companies. NewField’s flagship AssetDB technology already underpins the assessment and optimisation capabilities of the Xerox Partner Print Services (XPPS) platform. NewField’s pedigree as a print assessment provider is well recognised across the industry, with most printer and copier vendors having used Asset DB to varying degrees to support assessment of print environments and optimised MPS designs. Asset DB covers the complete gamut from graphical floor-plan based data collection to future state design of an optimised print environment.  Although Xerox’s purchase of NewField IT could be dismissed as a small acquisition, it certainly has the potential to make a significant impact of Xerox’s channel-led MPS revenue.
 
Xerox is keen to replicate its success in the enterprise MPS market across the SMB and midmarket, which currently has a relatively low penetration of MPS. However, success in these channel-led markets is highly reliant on resellers’ resources and skills to sell and deliver MPS quickly and effectively. The Xerox Print Partner Services (XPPS) hosted MPS infrastructure was developed over a year ago to provide channel partners with a set of tools to manage every element of an MPS contract – including sales pursuit, device discovery, optimisation and service delivery. Quocirca believes that the acquisition of Newfield IT will enhance Xerox’s credentials to deliver a comprehensive set of MPS tools for multivendor resellers far beyond the basic MPS packages currently on offer from its competitors.
 
While the technology benefits of the acquisition for Xerox are clear, less clear is how NewField IT will continue to operate as a vendor-neutral provider of software and services. Its existing relationship as an assessment provider for HP and Ricoh, for instance, must surely be at risk – and even more so given HP’s acquisition of Printelligent. Meanwhile, NewField IT intends to continue providing independent consultancy services to end-users, abiding by its established code of conduct which states that it will remain objective and not supply or promote the products of those hardware vendors that license its technology. Vendor-agnostic assessments are a critical part of any MPS engagement and NewField IT has long been offering these as an independent provider. However, it remains to be seen how effectively it can continue to preserve its independence when delivering vendor-neutral recommendations for MPS device optimisation.
 
HP and Printelligent
HP’s almost simultaneous announcement to acquire Printelligent has levelled the playing field between the two vendors. Although XPPS had recently been the only cloud MPS platform available to multi-brand resellers enabling them to manage a multivendor environment, HP’s latest acquisition of Printelligent will now provide HP channel partners with a wealth of scalable multivendor MPS capabilities.
 
With Printelligent, HP has acquired an established MPS provider that has been offering MPS since 1993 through a network of MPS channel partners across the US. Printelligent assets will enhance HP’s assessment and optimisation capabilities and its MPS sales and services expertise infrastructure, along with HP’s cloud-based InCommand platform will enable HP to now deliver a set of differentiated MPS solutions and services via the channel.While the acquisition of Printelligent will certainly bolster HP’s channel MPS capabilities in the US, it may take some time to provide a similar set of services to its European channel, particularly given Xerox’s strong MPS presence in this region.
 
Market outlook
The majority of SMBs and midmarket organisations currently purchase printer hardware and consumables on a transactional basis, which creates a huge opportunity for hardware vendors to encourage customers to adopt a contractual approach to buying “printing” rather than “printers”. Consequently, the market for MPS in the SMB and midmarket is moving beyond the simple single brand, basic service which essentially wraps hardware with services and support. While HP and Xerox will continue to offer these basic services for businesses that need it, the real cost saving – both financial and environmental – comes from a detailed assessment and optimisaton of the printer environment, from both a hardware and workflow perspective. Channel partners need simple and flexible tools and an infrastructure that they can tap into to sell, deliver and manage MPS on an on-going basis. 
 
The market to sell MPS to SMBs and midmarket organisations is still wide open and vendors must provide their channel with a simple and effective MPS cloud platform that can deliver remote monitoring, consolidated billing, supplies and service and reporting across a multi-vendor environment. For now SMBs are most likely to be more receptive to basic services, while the midmarket organisations stand to benefit most from more complex and value-based MPS propositions.
 
Although Xerox had a head start in providing an MPS infrastructure for its channel partners, HP has made a smart acquisition that will help it catch up and strengthen its presence in this market, particularly as it can exploit its strong relationship with the IT channel. For both vendors, success will ultimately be linked to how well these vendors engage and train their channel to deliver MPS to their customers.

Louella Fernandes, Principal Analyst, Quocirca

Today more and more IT security is being incorporated into IT infrastructure. But does this mean buyers can rely on what's provided by infrastructure suppliers or should they still be turning to IT specialists?
 
The largest acquisition during 2010 in the IT industry was that of security giant McAfee by Intel, at $7.7bn. This clearly underlines this trend of IT infrastructure suppliers adding security to their portfolios. So far Intel has taken a fairly hands-off approach with regards to McAfee, but it's said the company wants to ensure security is more tightly integrated with products at the chip level. However, this only makes sense for some McAfee products, such as anti-virus and end-point security. Other areas that McAfee operates in (such as content security and security management), would not be implemented purely at the chip level.
 
HP has also been marching back into the IT security arena over the past few years. Last year it acquired Fortify for code testing and ArcSight for security and information event management. It also picked up UK-based security services provider Vistorm when it acquired EDS in 2008 and TippingPoint for network security as part of 2009's 3Com acquisition.

IBM, meanwhile, added code testing to its portfolio last year when it acquired Ounce Labs. It already had a broad range of security products through its 2006 acquisition of Internet Security Systems and existing products in its Tivoli division for identity and access management and compliance. That was enhanced by another 2010 acquisition BigFix for end-point management. Such tools are required to deliver end-point security effectively and consistently.

Cisco, the world's leading networking supplier, has also been building on its established firewall business with acquisitions such as IronPort for email security in 2007 and ScanSafe for web content security in 2009. EMC, the world's largest storage supplier, acquired the major player in identity and access management, RSA, in 2006. Looked at through the lens of the joint venture – the Virtual Computing Environment (VCE) coalition – Cisco and EMC (along with VMware) can boast a broad, all-round security portfolio.

During 2010, Microsoft launched new versions across much of its Forefront security range, which has been built up over a number of years through the acquisition of various small and relatively unknown security suppliers. The motivation for Microsoft's long journey into IT security is clear: to make sure its customers can use its products more safely. Security was one of the key pillars of Microsoft's Trustworthy Computing initiative, launched in 2003. Many gauge that to have been a success, with Microsoft's products generally considered more secure than a decade ago. But Microsoft only protects Microsoft, often scrapping support for third-party products provided by suppliers it acquires.

Yet for most organisations, IT security needs to cover a wider range of heterogeneous platforms. The situation looks set to get worse as the diversity of devices and operating systems increases, particularly when it comes to end points. Although Microsoft continues to dominate the PC OS market for the moment, it is currently an also-ran when it comes to smartphones and tablets. It hopes to reverse this through its new partnership with Nokia, but only time will tell if it can succeed.

The need to secure and manage heterogeneous IT environments is the reason why security specialists exist in the first place. Whatever Intel chooses to do with McAfee, it would be crazy to focus on securing only Intel-based devices. McAfee once proudly claimed it was "the world's largest independent security supplier", a crown it took from Symantec only because the latter had diversified into storage software through the 2004 acquisition of Veritas. Despite its previous bluster, it seems likely McAfee will maintain its credentials as a specialist with the ability to manage security across much of its customers' infrastructure, just as Symantec and CA have done.
 
Following the loss of its independence last year, McAfee passed its crown to Japan-based Trend Micro, whose revenues for 2010 approached $1.1bn. Trend Micro has a fairly broad IT security portfolio, but it has started to diversify, for example into data protection with its 2010 acquisition of Humyo (rebadged SafeSync).

Israel-based Check Point, the original firewall supplier, is not far behind with 2010 revenues of $830m. Behind these two are a host of smaller security suppliers, including Blue Coat, SafeNet, Websense, Sophos, Webroot, SonicWALL and Kaspersky. All have their own focus, which generally needs to be supplemented with products from elsewhere. All are potential targets for infrastructure suppliers to plug further gaps or acquire market share. Who knows who will be wearing McAfee's former crown 12 months from now.

Buyers should evaluate what is available from their chosen infrastructure suppliers in the first instance, but this will rarely meet all requirements. More importantly, they must make sure they have in place a coherent IT security strategy across all their IT assets with the ability to manage it. Many will find it is still the IT security specialists who will enable them to best keep ahead of the rapidly changing threat landscape.
 
Bob Tarzey, Analyst and Director, Quocirca

Since the release of the iPad in 2010, the market has become awash with a variety of mobile print solutions including Apple’s AirPrint, HP ePrint, Ricoh’s HotSpot printing and Google Cloud Print to name but a few.

Many printer vendors are banking on the soaring demand for smartphones and tablets to revitalise the opportunity for printing, in the office, at home and on the move.

With projections that smartphone sales will reach 300 million worldwide in 2010 and up to 55 million tablets forecast to be sold this year, the opportunity is significant, even if only a small proportion of users actually need or want to print.

But as the two walled gardens of printers and mobile devices come together, are vendors in danger of over complicating an essentially simple process?

The mobile and print worlds are remarkably similar in many ways. In the mobile world, data and applications are increasingly the keys to opening up new revenue opportunities for device manufacturers and platform providers.

In the printer world, pages are king as it is the ink on pages that drives revenue more than the hardware. The collision of two markets driven by proprietary platforms has created challenges in developing universal printing capabilities across mobile platforms.

So faced with a diverse mobile device platform landscape, it is unsurprising that it has spawned such a wide array of mobile printing solutions from printer vendors.

Most of these solutions are predicated on sending a document as an email attachment, via the cloud, to a web-enabled printer which has an associated email address. The exception to this is Apple’s AirPrint which currently supports printing to HP “cloud-aware” printers only – which include HP’s OfficeJet, LaserJet Pro and PhotoSmart printers.

HP’s head start
HP has had a clear head start in the market, being the first (and so far only) printer vendor to offer direct support through AirPrint. But what are the options for businesses, not using HP printers, that want a reliable and universal way to print to office devices from smart phones or tablets?

One solution is HP’s ePrint Enterprise, part of an HP Managed Print Service which enables Blackberry users to print to any network enabled printer. HP has also just announced that ePrint Enterprise now also support iPhones and will be extended to Android devices in May 2011. Ricoh and Xerox also have their own solutions which require emailing a document to a registered printer.

One notable and recent addition to the mobile printing fray is from EFI, the provider of Fiery controllers for MFPs from a variety of manufacturers – including Canon, Xerox, Ricoh and Konica Minolta.
 
EFI PrintMe Connect
Interestingly, EFI’s PrintMe cloud printing solution was launched nine years ago in response to the need for secure printing for mobile workers at locations such as hotels and airports.

PrintMe offers automatic discovery of printers and their location, without the need for printer drivers or additional software. Documents are uploaded to the cloud through either the PrintMe web site, email, PrintMe print driver or the PrintMe smartphone apps. Documents can be printed through the PrintMe server to any PrintMe enabled printer client.

PrintMe also supports direct mobile printing without the requirement for the cloud. Documents can be sent directly to any Wi-Fi connected Fiery driven printer.

Its latest addition, PrintMe Connect for AirPrint supports the new AirPrint platform and iOS 4.2 meaning users can print easily from any application on their Apple device to any Fiery printer.

Once installed on the network, PrintMe Connect for AirPrint will show all available Fiery-driven printers as destinations on a user’s printer list. There is no need for the individual user to download an application or for the enterprise to purchase a specific iOS-enabled printer or upgrade or modify existing printers or MFPs.

Of course, the question remains as to how much mobile device users really want to print – and if there are no simple and intuitive ways to print, it is likely that users will just not bother.

But even if just a small proportion of the huge installed base of mobile device users print, the market represents significant incremental revenue opportunities for printer vendors. 

Of all these vendors, it is only HP that has really put a clear stake in the mobile printing ground has certainly taken a leadership position in the mobile printing space, providing a simple and effective way to print from Apple’ s latest generation of iPhones, iPods ad iPads. But where EFI can potentially capture more mindshare is in the enterprise environment, where its Fiery-controller devices are widely installed.

In the meantime, the market will continue to be characterised by a mix of solutions from printer vendors and third party app developers.  EFI PrintMe Connect certainly offers the potential for ubiquitous printing – at least in the enterprise, but its success will be on its partnerships and joint-marketing with printer and MFP vendors to ensure enterprises fully understand how it can be deployed to offer a simple and secure approach to mobile printing.

Louella Fernandes, Principal Analyst