With Natalie Lambert, security analyst, Forrester Research [www.forrester.com].
Question: What does Microsoft's entry into the security market mean?
Lambert: Microsoft entering the ball game brings the prices down, tends to commoditize the market. Their marketing efforts make it an awareness issue. [Users think security is] a pain in the neck and want a security solution and then to be able to move on with their lives. Microsoft is trying to get into the market with a bang and succeeding. They definitely are taking market share away [from Symantec and others]. It's happening a little at first … Ultimately, Microsoft will be very successful because they are Microsoft.
Question: Does it have ramifications beyond the consumer market?
Lambert: Where Microsoft will [initially] do well is in SMBs and with cost-conscious companies. But companies with security savvy will not be looking at Microsoft for a couple of years, 2008 at the earliest. In the enterprise, antivirus is … commoditized, no matter where you look. But in the integrated suites with multiple technologies, the vendors are all still playing catch-up. SMBs, like enterprises, are looking for something easy to manage. Microsoft will have very simple solutions for them, with good antivirus and [anti] spyware. [Consumer and enterprise products] arguably are all pretty much the same. [The differences are] the central management capabilities, the setup. McAfee is offering a simple managed service in which it is essentially running the product for the SMB. The admin [sets] the setting they want. McAfee does the management.
Question: What should IT managers be asking vendors in this quickly evolving market?
Lambert: I'd argue that all of the vendors are going in the long term to have a comprehensive solution that includes antivirus, firewalls, anti-spyware, IPS [intrusion prevention systems] and network access [protection]. The question should be: What's next? What are you doing next? The answer [for savvy] vendors is that they are looking at the broader risk management market. They are looking at technologies like encryption, security configuration management and information leak protection. That's the broader risk management market. This will be the area where companies differentiate themselves or fail to. I'd argue that it may be beginning next year and play out for the next three years.
This 3 Questions originally appeared in a weekly report from IT Business Edge.
This was first published in September 2006