Security market consolidation is on the rise, as more vendors aim to acquire new technologies and create integrated security suites. The suites themselves can create new sales and services opportunities for value-added resellers (VARs) and systems integrators (SIs), but the frequent mergers and acquisitions among vendors can cause some headaches, too.
Regulatory compliance is driving the security market consolidation trend, according to Chenxi Wang, principal analyst for Forrester Research and author of the new report, "Content Security Is Becoming a Competition Among Suites." The Payment Card Industry Data Security Standard (PCI-DSS), the Health Insurance Portability and Accountability Act (HIPAA) and other regulations require businesses and organizations to protect sensitive information, regardless of where that data is stored or how it can be accessed. Those customers need an easier way to manage and secure their information, and vendors are looking to solve that problem with integrated security suites, Wang said.
"Everybody is looking at this as a growth area," she said.
Tim Richardson, security product marketing manager for Akibia Inc., a Westborough, Mass.-based solution provider, agreed that most security market consolidation is happening to address regulatory compliance issues. It's the right solution, but when vendors acquire each other, it can also create some conflicts for their channel partners, he said.
For example, when Akibia wanted to add key management to its portfolio last year, the company chose to partner with PGP Corp. Just months later, Check Point Software -- another Akibia partner -- acquired key management vendor Pointsec.
"Immediately I had two products in my portfolio that were doing two very similar things," Richardson said. "We've seen that play out a couple of times."
Solution providers that find themselves in those situations, thanks to security market consolidation, they need to be honest and upfront with customers about which vendors they represent, Richardson said. They should also communicate with their vendors and let them know they are still committed to their products, or get out of the partnership if they're not.
"It's a tightrope that you walk," Richardson said. "It's easy for someone to feel slighted."
Akibia has even had to sacrifice business for the sake of maintaining good vendor relationships, he said. As another example, Akibia was working an account with one vendor's product, but the client decided to go with another vendor that Akibia also partners with. That vendor then asked Akibia to close the deal, but Richardson had to say no.
"If you jump from one vendor to another, everybody knows," he said. "It reverberates through the channel. At that point, you're not loyal."
In Wang's report, she cited Websense Inc., the maker of Intelligent Content Protection, as the leading vendor in the content protection suite market. The company's recent acquisitions include data leak prevention vendor PortAuthority Technologies and SurfControl, a Web and email security vendor.
When scouting companies to acquire, Websense considered the strength of their products, how well the products would integrate with Websense's existing technologies, and the companies' marketing strategies, to avoid the kinds of conflict Richardson talked about.
"We didn't want to buy a company that didn't know how to work with the channel, and we didn't want a solution that wasn't ready to be sold through the channel," said Steve Kelley, senior director of product management for Websense.
Websense once focused solely on Web filtering but became part of the security market consolidation trend because customers needed an easier and less expensive way to manage and secure their data, Kelley said.
"It just wasn't good enough to be best-of-breed in Web security," he added.
Although Wang predicted more security market consolidation in 2008, she also said that not all businesses and organizations are ready to move from point products to integrated security suites.
It's "pretty hard" for a client to migrate from its existing software and appliances to one appliance that manages everything in one console, she said. At some businesses and organizations, different point products are managed by completely different departments, so moving to an integrated security suite can also create political infighting, she added.
Solution providers can add value for their customers by addressing those problems. They can also use the information collected by integrated security suites, such as who is accessing what information and for what purpose, to help clients develop better policies and workflows to address violations, Kelley said.
"The integration of the solution [doesn't take] away services opportunities from the channel," he said. "It makes it easier for our channel partners."