Industry players are debating the viability, or lack thereof, of pure-play security strategies in the face of a continuously consolidating marketplace and an increasing trend among application vendors to integrate security into their products.
The argument was perpetuated at the recent RSA Conference in San Francisco where RSA Securities president Art Coviello made a forecast that pure-play security vendors would soon face extinction. He said the trend among vendors such as Microsoft, Oracle, Cisco and EMC to integrate security functions into their core technologies is lessening the need for add-on products from pure-play security vendors.
Some major security players, however, questioned the motivation behind Coviello’s statement, noting it’s reflective of what RSA’s own market strategy is. “It’s a pretty self-serving comment,” said Laura Yecies, a vice-president and general manager for the consumer division at security firm Check Point, headquartered in Israel. RSA’s pure-play position in the security market ended last year when storage systems provider EMC bought the company for over US$2 billion.
“The more accurate thing to say is that (enterprise) customers see benefit…in getting multiple security products from one vendor,” said Yecies.
While she admitted that the move by software vendors toward embedding security into their products can affect competition in the security space, Yecies does not believe it will displace third-party security software. “Security is so important that the consequences of inferior security…are so compelling that, primarily, security will come from an independent provider,” the Check Point executive said. One Canadian security analyst agreed with Yecies’ observation.
Security vendors are specialized providers that can offer more advanced and up-to-date technologies related to information security, explained Joe Greene, vice-president of IT security research at IDC Canada.
“[IT security vendors] have the ability to maintain that level of expertise more easily than larger vendors do or those that don’t have security as their bread-andbutter,” Greene added.
The IDC analyst, however, noted that mergers and acquisition activities in the security space could lead some big players to expand their product portfolios to get into other markets. Still, Greene added, there will always be room for major pure-play providers.
McAfee Inc., for one, is “in an acquisition mode.” But its shopping spree has stayed within the realm of information security, with its purchase of security firms Preventsys, SiteAdvisor, Citadel and Onigma, over the last year.
The acquisitions are aimed at building and strengthening its security risk management portfolio, said Daniel Molina, security strategist at McAfee.
“Stand-alone companies that are strategic and relevant to their customers definitely have a place (in the market),” said Molina.
Meanwhile, Symantec Corp.’s acquisition strategy in recent years clearly indicated its intent to expand its software portfolio beyond security, said its CEO John Thompson. Symantec acquired storage management firm Veritas in 2005, and negotiations are underway to buy systems management firm Altiris Inc. Thompson said Symantec aims to be a major provider of infrastructure software.