An End to the Security Industry...Again?

By Larry Walsh  |  Posted Tuesday, April 08, 2008 17:04 PM

The buzz at this year's RSA Conference is exactly what most expected: endpoint security, data loss prevention and, of course, virtualization security. While that's what everyone wants to talk about, the infrastructure vendors are talking about baking security into the hardware.

In essence, they're talking about sweeping out all of the little security companies and turning their security technology into a feature set on their storage arrays, switches and routers.

It's not a far-fetched concept. And it's not the first time it's been floated as an idea. This time, though, it seems to have a little more momentum.

Art Coviello, CEO of RSA Security (a division of EMC), is using this theme as part of his keynote. It's a theme he's been trumpeting for a couple of years. From his perspective, converging security with the infrastructure is an imperative. If the data lives in the infrastructure and enterprises need holistic views of what's happening to the data, the place to put security is in the pipes and everywhere data resides, he says.

The same tune is being sung by Hewlett-Packard, a company that few would think of as anything more than a platform. But even this bastion of heavy iron, laptops and printers is looking at pushing security into its products to give them a higher value to the user.

"Instead of being a security player and extracting another buck from the customer, we want to give the enterprise back their management and back-end infrastructure with greater efficiency," says Chris Whitener, chief strategist for HP's Secure Advantage program.

Whitener says HP isn't interested in building another billion-dollar business on security, but it's clear that it wants to create a value proposition for its core products based on security and leverage its growing professional services division.

Surprisingly, Hatachi is also shopping the idea of bringing security closer to the metal. It's services division acquired M-Tech, an identity management company. Their vision is integrating IDM with Hitachi's storage and servers, thus increasing security by controlling who has access to resources. Additionally, they want to bring down the cost of IDM, giving enterprises a better total cost of ownership and ROI.

At the end of the day, all of the infrastructure guys are talking about TCO and ROI. They're correct that enterprises are spinning their wheels by layering security on top of infrastructure and applications. What Coviello and others are saying is enterprises need to practice security in the context of risk, and having security as part of the fabric of business operations (the infrastructure) gives them a better shot of making critical decisions about risk management.

Will this result in an end to the security industry and end Coviello's annual party here in San Francisco? Yes and no. Yes, this and a number of other trends will continue to consolidate the industry. No, because innovation will still come from small, agile startups.