Global businesses are consolidating their data centres. Chief information officers are striving to standardise on fewer, more robust architectures. And IT vendors themselves are buying one another.
Big networking companies are acquiring point security products and dabbling in the security market. But point-product acquisitions don’t qualify as comprehensive security solutions. For CIOs, the wisest path is to work with an IT solutions provider that offers staying power, innovation and a tireless focus on integrated security solutions.
But be careful. There are more than 800 IT security companies competing for your dollar, and 90 percent of them have less than US$15 million in annual revenues. A few of those companies will surely succeed and grow. But common sense suggests that most of those companies will either die or get acquired. For every company that achieves triple-digit revenue growth and strong customer loyalty, there are thousands of failed startups.
In the months ahead, it will be even more difficult for security startups and mid-tier providers to prove their worth. Gone are the days when businesses deployed dozens of different solutions in dozens of data centres across the world.
Skeptical? Consider the situation at Hewlett-Packard Co. After recruiting Dell’s former CIO to join its executive ranks, HP announced plans to consolidate 85 data centres down to six. The consolidation effort will save HP US$1 billion annually in expenses. It’s a potential win-win for shareholders and HP’s internal operations.
This march toward simplicity impacts how CIOs choose and work with IT vendors. Instead of working with dozens of vendors, CIOs increasingly work with a handful of strategic partners. For instance, a Fortune 500 manufacturer in Detroit [FYI: Ford] spends the bulk of its IT acquisition budget on five strategic suppliers. Likewise, security projects in Europe, the Middle East and Asia must adhere to corporate IT standards set by headquarters in Detroit.
Choose Your Partners Carefully
Along with such standardisation processes, we are also seeing rapid consolidation in the IT security market. But be careful. When it comes to IT security, CIOs don’t want to risk their business on point products that are thrown together through acquisitions, or big networking vendors that focus part-time on only one or two pieces of the security puzzle.
If you were building a home, you wouldn’t want the architect to install all the locks and security systems. And if you required specialised medical care for your heart, you wouldn’t rely on a generalist. You’d want a certified specialist—a seasoned pro who has encountered every situation imaginable.
And when it comes to IT security, you can’t settle for a generalist or the second-best product on the market. On the contrary, you need a specialist that delivers comprehensive best-in-class solutions.
While some networking companies have point security products, the offerings typically weren’t designed as part of a total solution. In stark contrast, we’ve worked overtime to ensure each of our acquisitions has our customers’ best interests in mind vis-à-vis rapid integration, strong customer communications and support.
Meanwhile, the merger activity could accelerate in the months ahead. All the variables are in place for acquisitions in 2007 to surpass the record US$3.6 trillion from 2006, according to Bloomberg News. U.S. stocks are trading close to their lowest price/ earnings levels in a decade; yields on the junk bonds used to finance takeovers are near 10-year lows; and leveraged buyout firms have US$1.6 trillion to spend, Bloomberg has reported. Without a doubt, that’s a formula for a feeding frenzy.
You’ll surely see big IT generalists acquiring point security products in the months ahead. But it will be incredibly challenging for them to take those products and piece them together.
Your Checklist for Success
For CIOs and IT leaders, it’s time to place a few strategic bets. Although many IT security companies are privately held, a little research can help you determine which vendors will be in the game for the long haul.
Not sure how to get started? Here’s a checklist to help you along:
? Check in with customers, partners and the IT channel to measure overall satisfaction with the vendor.
? Check SEC filings at www.sec.gov to examine publicly held vendors’ track record for consistent growth.
? Examine the management team to make sure it includes home-grown talent as well as proven leaders who know how to take companies to the next level.
? Determine if the company is a “one product wonder” or if it truly offers best-of-breed solutions in multiple categories. Also, the solutions should be integrated with one another rather than force-fit or slammed together.
? Check product lifecycles to make sure the vendor has a strong reputation for fulfilling its product roadmaps.
? Examine the company’s acquisition history to see if takeovers and integration efforts were well-managed.
Before I step off my soapbox, I’ll leave you with this closing thought: The IT security market is set for a shakeout, much like the PC, network hardware, and application industries before it. Avoid the temptation to work with big generalists that dabble in security or small vendors that only have point products to offer.
Instead, focus on a partner that lives and breathes security, has critical mass, and offers comprehensive, integrated security solutions.
John McNulty is chairman and CEO of Secure Computing Corporation. He can be reached at firstname.lastname@example.org.
Surviving the Age of Consolidation
By John McNulty, Chairman and CEO of Secure Computing Corp on Feb 4, 2008 7:47AM