In today's environment, several technology areas are promoting major changes which are impacting the future of security convergence. IDC research tells us that today, worldwide Web-hosting revenues exceed $20 billion annually, wireless communications represents an annual market greater than $46 billion, and the revenues from Linux open source software development will grow from $15 billion in 2006 to more than $37 billion in 2008. In summer 2006, laptop sales surpassed those of PCs for the first time.These trends point to the development of next-generation applications hosted on wireless devices accessing real-time search engines and databases. GPSes, sensors, and open source software will provide instant video, voice, and data services over IP.They represent just a few of the "Big" changes that will change something "Big" in the security convergence model moving forward.These new technical breakthroughs will be critical to new-product development to answer the threats of "extreme" corporate risk scenarios.
The future belongs to companies that correctly anticipate trends and quickly respond to new business opportunities by creating partnerships. As technology advances, it becomes impossible to have all the expertise required in-house.The ability to develop solutions to customer problems through collaboration with partners is what drives a successful convergence business model.The fact is that large IT vendors require a limited scope of partnerships.The rationale is
The Pareto Principal originated in 1906 from Italian economist Vilfredo Pareto's observation which essentially said that 20 percent of the wealthy owned 80 percent of the land. It has been modified through the decades, and today we understand it as basically that 20 percent of the people/tasks are vital and the remaining 80 percent are trivial.
This principal also accurately reflects the current and future states of the security convergence market.The largest vendors on both sides of the convergence model are deploying strategies around security convergence. Five years from now, 80 percent of the traditional physical security vendors, large and small, and their channel partners will be marginalized or out of business.They will be displaced by the accelerated focus on open systems, standards, and ROI models being promoted by IT vendors and increasingly being purchased by their decades-long contacts within IT and senior management. Major IT vendors control the enterprise purchase cycle.Agree or disagree, the funny thing about the 80/20 rule is that basically everybody thinks they are in the top 20 percent.This, of course, is impossible.
Large high-technology vendors have executed a business model of introducing new solutions to improve their customers' business practices while simultaneously upgrading the infrastructure to allow those new solutions to operate effectively. It is no surprise that the voice, video, and data over IP strategy that Cisco deploys will require more bandwidth and networking gear. Or that the security surveillance and video mining applications that IBM promotes will require large IBM blade server configurations and multiple terabytes of storage. Network bandwidth, storage, CPU, cache memory, whatever the problem, IT vendors and their huge sales channels have an upgrade strategy for it. One key point is that this is predicated upon a three-year product depreciation cycle, by which the IT industry sets its internal clock.
Along the way, the IT vendors have even assisted in the creation of new technology positions and career paths within their client organizations. Network, storage, database, and system administrator positions have provided a promotional ladder to vice president titles and CIO positions.This personnel situation evolved over decades and provides IT vendors a unique selling advantage in regard to product evaluations, requests for proposals, and ultimately, purchase decisions.This position is enhanced as more responsibility for security solutions migrates toward the CIO organization in search of a senior-level executive to drive policy across the executive ranks. Whereas the IT industry vendors aggressively compete with one another in this environment, this sales cycle is new to the traditional physical security vendor.With the decision point moving toward the IT department, these security vendors need partnerships not just to collaborate on solutions, but to leverage these IT partner buying relationships. Enterprise security policy is focusing on alignment with and deployment over the worldwide IP network and IT storage infrastructure.
One important aspect to successful partnerships is having some resident support expertise in the basic technologies behind networking and storage.This is a major credibility factor in securing a revenue-generating partnership in phase one. However, far too many organizations ignore the initial phase of hiring resident expertise in the physical or IT discipline to provide the needed experience required for successful third-party collaboration.This is a fundamental lack of understanding of the mutual benefit behind successful partnering.
We care about security convergence because it represents a huge market opportunity in a critical area that is virtually untapped in regard to leveraging information technology across wide area networks (WANs).The physical security industry is currently transitioning from a historically analog infrastructure to the new IT infrastructure based on IP. As the earlier cell phone example illustrates, we are just in the beginning stages of understanding how powerful, miniature computing devices, mass-deployed and hosting new and yet-to-be-invented solutions, will be deployed. It is a truly exciting time to be at this apex of security convergence— perhaps just in time to secure people, property, and assets from the increasing threats of fraud, violence, and terrorism being confronted on a global scale.
In general, security convergence plays to the strengths of the IT industry: buying relationships, infrastructure understanding, faster product development cycles, better sales organizations, and innovation embedded into a corporate culture.Technical convergence has an established track record across most of the internal departments in the corporation. Although these statements point to definitive advantages of IT as an industry and department within a corporation, one fact is clear: Security can turn to these inherent advantages to leverage and accelerate security policy across the organization.
Just as the buying requirements for security solutions are changing from independent departmental installation(s) and/or standalone (silo) island mentalities, the actual number of vendors combining to answer enterprise requirements is increasing. Cross-industry partnerships and merger and acquisition activity are becoming normal operating procedure for companies that want to quickly capitalize on security convergence. Examples of these fundamental "channel changes" are occurring every month and have been accelerating throughout the 2006 calendar year. Significant industry changes will continue as major IT vendors pursue opportunities in the security market. Large physical security manufacturers and integrators will need to quickly adjust go-to market strategies and product plans in order to compete against new IT-centric competitors.The convergence of video-based solutions over IP networks running data and voice applications is expanding the requirements for bandwidth, storage, and integration services.
These primary business drivers are the focus of continued entry into the traditional physical security market by IT vendors and their sales channels.The IT market's historic tendency toward centralizing enterprise solution and support models will fundamentally alter both security installations (physical and logical) and buying requirements. Examples of competitive positioning to address these new market opportunities have been accelerating throughout the 2006 calendar year. For example, these headlines occurred between April 17 and April 21, 2006 and appear here exactly as they appeared in the press.They are in no particular order of importance, but they all have an impact on the security industry:
- "Cisco to invest US $16 million in Video-Encryption Company WideVine Technologies"
- "GE Security selects Sun Identity Management Suite to deliver combined IT/Physical access solution; OEM relationship to deliver seamless security solution for Fortune 100 companies and Department of Defense"
- "Tech Data U.S. Helps IT Resellers Break into Physical Security; Physical Security SBU Established and Leading Manufacturers Signed"
- "Big Brother Goes Digital" (industry cover story)
- A major IT gorilla, Cisco, continues to buy leading-edge technology firms in the sweet spot of the physical security market.This trend continues.
- A former, yet still formidable, IT gorilla, Sun Microsystems, is partnering with a major physical security provider, GE Security, to establish OEM ties and sell solutions through mutual channels to Fortune 100 and large government agency accounts.
- One of the largest IT distributors worldwide, with a $20-plus billion business and more than 90,000 customers, has established a security convergence business unit (SBU) to assist IT integrators in selling physical security products.
- The cover story in VARBusiness (a leading publication for IT value added resellers) warns its large IT integrator subscriber base not to miss the new and growing opportunities that security convergence offers their businesses.
Although one week in April 2006 was a good indicator of vendor activity around security convergence, it was hardly vacation time during the summer months:
- In August, L1 Identity Solutions was established as a business entity resulting from the combined acquisitions of biometric software players Viisage Technology, Identix Inc., Integrated Biometric Technologies, SecuriMetrics, and Iridian. L1 Solutions has a market cap of approximately $1 billion.
- Also in August, IBM announced a $1.3 billion acquisition of Internet Security Systems Inc. (ISS), a publicly held firm based in Atlanta. ISS products protect against Internet threats aimed at networks, desktops, and servers and are installed in more than 11,000 worldwide companies and governments.This purchase effectively launches the Global Services Security Division into the managed security services business.
- In September, EMC Corp. completed the purchase of RSA Security for $2.1 billion and announced a $150 million acquisition of Network Intelligence. EMC's chairman, president, and CEO, Joe Tucci, announced,"The additions of RSA and Network Intelligence to the EMC family enable us to execute on our informationcentric security strategy to help organizations around the world secure their information throughout [their] product life cycle and reduce the associated cost of regulatory compliance."
- Finally, as we enter fall 2006, Siemens Building Technologies decided to get into the act as well. It purchased VistaScape Security Systems, a leading developer of automated video analytic technology software designed to protect critical infrastructure from a broad spectrum of threats.Terms of the deal were not disclosed, but the strategic intent is obvious.
What the headlines reflect on a continuous basis is an industry convergence between physical security and IT that is simultaneously changing the competitive landscape. New roles and responsibilities within major corporations are changing the traditional purchasing cycles for security products and impacting vendor-selling relationships. A new era of collaboration is accelerating the trend in cross-industry partnering.
In addition to this, an active merger and acquisition cycle is evident in the physical/logical security industry. As Dennis Moriarty, senior vice president for Diebold's Security Division, states,"The new formula is to purchase for expertise, not simply scale."
All of this change points to a need for substantially upgrading to new skill sets across organizations within both industries to accelerate deployment of a consistent security policy across the enterprise. Although cultural differences between physical security and IT continue to exist, executive management demands cooperation in providing a cost-effective security solution.This fact is not lost on either department. Whether the solution is video surveillance, access control, or the broader area of enterprise security management, security solutions now cross multiple corporate departments and require collaboration.The careerlimiting decision for department heads now is not collaborating.With the merging of business interests (and budgets) among the traditional security organization, IT, finance, and just about every department in the company with a security concern, the ability to promote cooperation and mutual interest is a key management talent. By demonstrating an understanding of the larger security issues facing the overall business and detailing a compelling ROI, a security policy can become a value add to the corporation.
The age-old problem with this model is that the centerpiece of the strategy is change. History tells us that organizations steadily and sometimes staunchly oppose anything new. In this business environment, your executive leadership and middle management win the business battle. In the era of security convergence, the winners recognize industry change early and execute new strategies quickly.This new era in the security market is occurring during an unprecedented combination of advancements in technology and a continuous global focus on world events which are altering the traditional definitions of corporate risk.The early stages of the twenty-first century are positioning security as a priority issue for government agencies, commercial enterprises, and individuals alike.
Printed with permission from Syngress, a division of Elsevier. Copyright 2007. "Physical and Logical Security Convergence: Powered By Enterprise Security Management" by William Crowell, Brian Contos, Colby DeRodeff, Dan Dunkel and Eric Cold. For more information about this title and other similar books, please visit www.syngress.com.
This was first published in July 2007