by Greg Young | July 14, 2009 | Comments Off on 3 Reasons The Security Market Is (Still) A Big Unconverged Mess
Why are there more security companies than ever? Why are there so many point solutions? Why hasn’t the market converged down into 4 things I have to buy like other markets?
It isn’t that the market is wrong: it is this market’s nature to be so messy ("it’s my nature" goes the last line to the tale about the scorpion riding on the frog’s back across the river as they both drown). And it isn’t that security people aren’t smart – we’ve been at this for over 25 years now. There are 3 disruptive factors preventing the security market from settling down and achieving greater organization:
1. Security tracks technology change. New techs have to be secured. Since they are new, they usually don’t come with security or can be secured by incumbent technologies. So even if there are no new threats, new technology disrupts the security status quo, which brings us to…
2. New threats drive new safeguards. Unlike other markets, security has this unique characteristic of threats. This is an arms race where new vulnerabilities and attack types are discovered, forcing change which is then met with the threat switching to the next weakest link. Worms are followed by phishing are followed botnets are followed by custom-targeted malware.
3. Buying and operations center division. Like gravity, these can’t be ignored. In enterprises, these are very real silos. Silos may be in theory bad, but practically crossing them can be worse than any inefficiencies: think car mechanics and doctors. There are some opportunities for convergence, but only within certain cases/silos.
Don’t ignore the 3 security market disrupters, and don’t be fooled into a convergence story where one doesn’t exist. Do look for those narrow convergence opportunities.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.