COMMENTARY--The security industry is in the midst of a transition, one that promises to profoundly change the way businesses think about the subject.
In many respects, it parallels how the creation of the Web browser reshaped people's thinking about the potential of the Internet.
 | ||||
| | | ||
| Get Up to Speed on... Enterprise security  Get the latest headlines and company-specific news in our expanded GUTS section. | | ||
| | ||||
| | ||||
Similar demands now attend the field of information security thanks to the accelerating intersection of security and business. One sign of the changing times was on full display last month when Microsoft Chairman Bill Gates was invited to deliver the keynote speech at the RSA Security conference. Microsoft's record obviously stirs passions in the security industry, but there is little doubt that the company definitely gets it now.
Microsoft's record obviously stirs passions in the security industry, but there is little doubt that the company definitely gets it now.
Like browsers, TCP/IP stacks and Web servers in the past, Microsoft will bundle security features into future versions of Windows. While this is necessary to appease customers, Microsoft actually has several goals in mind.
Bundling security will accelerate Windows upgrade cycles. Integrating security into management tools will enable the company to help customers lower operating costs. And aggregating security functionality into servers and applications will help Microsoft address its customers' strategic business needs. The technologies may not be superior, with Microsoft--they rarely are--but as the software maker builds security into the business infrastructure, customers will buy nonetheless.
In comparison, much of the rest of the RSA conference looked like a technology love-in. Vendors were able to talk about how their particular technology widgets could block malicious traffic, but few were able to translate this into business protection terminology and benefits.
In the rest of the technology world, the business-centric technology view is old hat. Cisco Systems is masterful at bundling its products into a grand vision of a network-connected world. EMC has the whole storage industry on the defensive with its Information Lifecycle Management initiative. IBM, Hewlett-Packard and Oracle all talk about increasing business responsiveness and flexibility and reducing operating costs.
For years, the security industry has been somewhat of a geeky oddball in the league of technology nations.
This security transition is happening as enterprise companies increasingly demonstrate that they finally understand the need for security. At first blush, this may seem painfully obvious, but the history of the last few years suggests otherwise. Nonetheless, changes are afoot.
For starters, security spending is up and will continue to rise. Second, the scope of potential threats is greater now than ever before, and chief information security officers are responsible for policing an expanding territory that includes wireless LANs, IP telephony and oodles of Web-based applications.
Equally important, the corporate folks who control the purse strings are willing to fund bigger security budgets because they realize that the business itself is at risk.
For years, the security industry has been somewhat of a geeky oddball in the league of technology nations, but the world is changing and security companies need to change their attitudes accordingly. It's no longer just about blocking malicious code better than the other guy. The dialogue has to focus on enabling critical business processes and protecting assets. I'd hate to be the last nerd standing in a competitive battle with Computer Associates, Microsoft, Network Associates or Symantec.
biography
Jon Oltsik is a senior analyst at the Enterprise Strategy Group.
