05 May 2011
Today more and more IT security is being incorporated into IT infrastructure. But does this mean buyers can rely on what's provided by infrastructure suppliers or should they still be turning to IT specialists?
The largest acquisition during 2010 in the IT industry was that of security giant McAfee by Intel, at $7.7bn. This clearly underlines this trend of IT infrastructure suppliers adding security to their portfolios. So far Intel has taken a fairly hands-off approach with regards to McAfee, but it's said the company wants to ensure security is more tightly integrated with products at the chip level. However, this only makes sense for some McAfee products, such as anti-virus and end-point security. Other areas that McAfee operates in (such as content security and security management), would not be implemented purely at the chip level.
HP has also been marching back into the IT security arena over the past few years. Last year it acquired Fortify for code testing and ArcSight for security and information event management. It also picked up UK-based security services provider Vistorm when it acquired EDS in 2008 and TippingPoint for network security as part of 2009's 3Com acquisition.
IBM, meanwhile, added code testing to its portfolio last year when it acquired Ounce Labs. It already had a broad range of security products through its 2006 acquisition of Internet Security Systems and existing products in its Tivoli division for identity and access management and compliance. That was enhanced by another 2010 acquisition BigFix for end-point management. Such tools are required to deliver end-point security effectively and consistently.
Cisco, the world's leading networking supplier, has also been building on its established firewall business with acquisitions such as IronPort for email security in 2007 and ScanSafe for web content security in 2009. EMC, the world's largest storage supplier, acquired the major player in identity and access management, RSA, in 2006. Looked at through the lens of the joint venture – the Virtual Computing Environment (VCE) coalition – Cisco and EMC (along with VMware) can boast a broad, all-round security portfolio.
During 2010, Microsoft launched new versions across much of its Forefront security range, which has been built up over a number of years through the acquisition of various small and relatively unknown security suppliers. The motivation for Microsoft's long journey into IT security is clear: to make sure its customers can use its products more safely. Security was one of the key pillars of Microsoft's Trustworthy Computing initiative, launched in 2003. Many gauge that to have been a success, with Microsoft's products generally considered more secure than a decade ago. But Microsoft only protects Microsoft, often scrapping support for third-party products provided by suppliers it acquires.
Yet for most organisations, IT security needs to cover a wider range of heterogeneous platforms. The situation looks set to get worse as the diversity of devices and operating systems increases, particularly when it comes to end points. Although Microsoft continues to dominate the PC OS market for the moment, it is currently an also-ran when it comes to smartphones and tablets. It hopes to reverse this through its new partnership with Nokia, but only time will tell if it can succeed.
The need to secure and manage heterogeneous IT environments is the reason why security specialists exist in the first place. Whatever Intel chooses to do with McAfee, it would be crazy to focus on securing only Intel-based devices. McAfee once proudly claimed it was "the world's largest independent security supplier", a crown it took from Symantec only because the latter had diversified into storage software through the 2004 acquisition of Veritas. Despite its previous bluster, it seems likely McAfee will maintain its credentials as a specialist with the ability to manage security across much of its customers' infrastructure, just as Symantec and CA have done.
Following the loss of its independence last year, McAfee passed its crown to Japan-based Trend Micro, whose revenues for 2010 approached $1.1bn. Trend Micro has a fairly broad IT security portfolio, but it has started to diversify, for example into data protection with its 2010 acquisition of Humyo (rebadged SafeSync).
Israel-based Check Point, the original firewall supplier, is not far behind with 2010 revenues of $830m. Behind these two are a host of smaller security suppliers, including Blue Coat, SafeNet, Websense, Sophos, Webroot, SonicWALL and Kaspersky. All have their own focus, which generally needs to be supplemented with products from elsewhere. All are potential targets for infrastructure suppliers to plug further gaps or acquire market share. Who knows who will be wearing McAfee's former crown 12 months from now.
Buyers should evaluate what is available from their chosen infrastructure suppliers in the first instance, but this will rarely meet all requirements. More importantly, they must make sure they have in place a coherent IT security strategy across all their IT assets with the ability to manage it. Many will find it is still the IT security specialists who will enable them to best keep ahead of the rapidly changing threat landscape.
Bob Tarzey, Analyst and Director, Quocirca
Add your comment
Related Articles
