Enterprise Strategy Group | Getting to the bigger truth.TM

The DNSSEC Opportunity

DNSSEC is nothing new. The initial RFC was written in 1997 and the first specification was published in 1999. In spite of these efforts, secure DNS languished during the early 2000s as it wasn’t a requirement for most organizations.

Things have changed, however. DNS security has been called to question many times through cache poisoning attacks and the infamous Kaminsky vulnerability. To address these security weaknesses, DNSSEC efforts are underway. The DNS root servers have all been signed, as have the .gov and .edu Top Level Domains (TLDs). The other TLDs will be signed soon. These efforts will eventually establish a root/chain of trust for all sub-level DNS servers.

Yes, DNSSEC will take years before it is fully deployed, but the foundation is nearly in place. The U.S. federal government is leading the transition to DNSSEC, which means that federal system integrators and leading technology vendors will follow suit. In terms of the market at large, ESG believes that the transition to DNSSEC means:

  1. Lots of DNS server turnover. Most DNS server implementations are pretty basic, anchored by either Windows DNS or BIND. These will need to be upgraded or replaced. Windows 2008 DNS and BIND 9.0 support DNSSEC.
  2. The DNSSEC appliance market should grow. Many organizations understand the value of DNS appliances, but never had a compelling reason to swap out software-based DNS for an appliance alternative. DNSSEC creates this opportunity. Good news for appliance vendors like Bluecat, BT, and Infoblox.
  3. Managed DNSSEC services become a viable alternative. DNSSEC may improve security, but it also demands certificate and key management, adding cryptographic complexity to DNS operations. Rather than learn new skills, many organizations will decide to punt and outsource DNSSEC to cloud providers like Neustar and Verisign.

This migration will mostly fly under the radar, but it will be a lucrative opportunity for smart vendors with the right products and services at the right time.

Related posts:

  1. The ESG Vertical Industry Opportunity Scorecard
  2. Dell’s Security Opportunity
  3. Public Sector Opportunity for Cisco, EMC, and VMware
  4. RSA 2010: Cloud Security Announcements Already Dominate
  5. Kudos to 60 Minutes, F5 Networks, and HP

Tags: BIND, Bluecat, BT, DNSSEC, Infoblox, , Neustar,

All views and opinions expressed in ESG blog posts are intended to be those of the post's author and do not necessarily reflect the views of Enterprise Strategy Group, Inc., or its clients. ESG bloggers do not and will not engage in any form of paid-for blogging. Click to see our complete Disclosure Policy.

Add a comment

Search
© 2010 Enterprise Strategy Group, Milford, MA 01757 Main: Fax:

Switch to our mobile site