Here is some interesting data that came out of the 2011 IT Spending Intentions report from ESG Research. In a global survey of 611 IT professionals from mid-market (i.e., 100-1000 employees) and enterprise (i.e., more than 1,000 employees) organizations, 46% of all firms reported they will increase investment in networking products and services in 2011 while 58% said they will increase investment in security products and services this year.
What I found especially intriguing is that both networking and security professionals claim that their organizations will make their most significant investments in network security over the next 12-18 months. In other words, networking AND security folks believe that network security is their highest priority. This emphasis on network security also came out with regard to infrastructure management. When IT professionals were asked which areas of infrastructure management their organizations would make the most significant investments in, the top two responses were security management (31%) and network management (29%).
What does this data mean? It’s easy to dismiss firewalls, IDS/IPS and SIEM software as mature legacy technologies. The ESG data indicates just the opposite–these venerable safeguards are going through a metamorphosis. Why? Perhaps data center consolidation and rich-media applications are driving new scaling needs. It may be that the threat landscape demands new types of safeguards. It is possible that existing network security and management tools have simply grown long in the tooth. I believe that all of these factors are driving network security upgrades and new requirements.
From an industry perspective, there is a lot of opportunity here. Some possible winners include:
Beyond these mainstream players, there is plenty of business for others like Blue Coat, Citrix, F5 Networks, and Riverbed.
Tags: application firewall, ArcSight, AXA, Blue Coat, Borderless Networks, Check Point Software, Cisco, Citrix, Crossbeam Systems, F5, Firewall, Gateway, HP, IDS, IPS, Juniper Networks, Log Logic, LogRhythm, MARS, McAfee, NetWitness, network security, Nitro Security, Palo Alto Networks, perimeter security, Q1 Labs, Riverbed, Security, Sidewinder, Sourcefire, TippingPoint, TrustSec Posted in Uncategorized | No Comments »
Despite the unseasonably cold weather, I participated in a mobile security event yesterday at the historic Willard hotel in Washington DC. I set the stage and presented a bunch of ESG Research data on mobile device use, security, and management. Other organizations presenting included the Defense Information Systems Agency (DISA), the (NRC), the US Patent and Trademark Office, and Juniper Networks.
It turns out that DISA is doing some very interesting things around mobile computing. For example, members of the US military can access an information portal called Defense Knowledge Online from their mobile phones. DISA also talked about a program called Go Mobile meant to provide numerous communications, training, and collaboration applications to mobile soldiers.
Since we are talking about the US Department of Defense, mobile device security is a critical requirement for this program so Go Mobile includes user authentication, secure data storage and transfer, secure device management, etc.
Initially Go Mobile was built for Blackberry devices but DISA is now adding support for Apple iPhones and Android phones because of high demand from users. Unfortunately, adding iPhone and Android support is more difficult than DISA anticipated. Why? Because both Apple and Google refuse to give DISA access to their security APIs so DISA had to do a series of workarounds to meet its security requirements. For example, DISA had to add an external Bluetooth device to provide secure personal networking capabilities because Apple wouldn’t provide API access to its iPhone security stack.
Hold the phone here! Apple and Google aren’t willing to provide additional technical support to the United States Department of Defense? Nope. One person I spoke with from DOD said that Apple flat out refused to play ball, telling DOD to “talk to our integrators and carriers.”
I understand that Apple and Google want to control their technology. If Citi or GE asked for API access, perhaps it would make technical sense to refuse but we are talking about the Department of Defense here.
Apple and Google have a market advantage and they know it — Androids and iPhones are so popular that Apple and Google can thumb their noses at DOD. In most cases, DOD would exercise cyber supply chain security best practice and refuse to purchase insecure Androids or iPhones at all. The fact that DOD is going the extra mile and developing workarounds demonstrates that it is willing to do the right thing for American troops in spite of this lack of industry cooperation.
It seems to me that Apple and Google are making self-centered bad decisions here that won’t play well with the American public. Clearly, Apple and Google should re-think these myopic and selfish policies. Providing API access to DOD is the patriotic and moral thing to do, especially since DOD is opening the door to lots of sales opportunities for both companies.
Tags: Apple, Bluetooth, cyber security, cyber supply chain security, Department of defense, DISA, DOD, Go Mobile, Google, iPhone, Juniper Networks, mobile computing, mobile devices, Security. Android Posted in Uncategorized | No Comments »
Take a look at ESG Research and you’ll see a number of simultaneous trends. Enterprises are consolidating data centers, packing them full of virtual servers, and hosting more and more web applications within them. This means massive traffic coming into and leaving data centers.
Yes, this traffic needs to be switched and routed, but this is actually the easiest task. What’s much harder is processing this traffic at the network for security, acceleration, application networking, etc. This processing usually takes place at the network edge, but additional layers are also migrating into the data center network itself for network segmentation of specific application services.
Think of it this way: There is a smart-fat network edge that feeds multiple smart-thin network segments.
The smart-fat network edge aggregates lots of network device functionality into a physical device, cluster of devices, or virtual control plane. This is the domain of vendors like Cisco, Crossbeam Systems, and Juniper Networks for security and companies like A10 Networks, Citrix (Netscaler), and F5 Networks for application delivery. These companies will continue to add functionality to their systems (for example, XML processing, application authentication/authorization, business logic, etc.) to do more packet and content processing over time. It wouldn’t surprise me at all if security vendors added application delivery features and the app delivery crowd added more security.
Once the smart-fat network edge treats all traffic, packets and content will be processed further within the data center (i.e., smart-thin network edge). This will most likely be done using virtual appliances like the Citrix VPX. Why? Virtual appliances can be provisioned on the fly with canned policies or customized for specific workloads. They can also follow applications that migrate around internal data centers or move to public clouds.
A few other thoughts here:
The smart-fat, smart-thin architecture is already playing out in cloud computing and wireless carrier networks today and I expect it to become mainstream in the enterprise segment over the next 24 months. The technology is ready today but many users have no idea how to implement this type of architecture or capitalize on its benefits. Vendors who can guide users along with knowledge transfer, best practices, and reference architectures are most likely to reap the financial rewards.
Tags: A10 Networks, application networking, Cisco Systems, Citrix, Cloud Computing, Crossbeam Systems, Dell, F5 Networks, HP, IBM, identity management, Juniper Networks, routing, server virtualization, switching, XML Posted in Uncategorized | No Comments »
Now that we all have an assortment of iPhones, Droids, tablet devices, and Windows devices, lots of industry folks believe that mobile security is the next hot market. There are a number of players already in this market from pure plays like Good Security and Mobile Active Defense. Traditional endpoint security vendors like McAfee see this as an extension of its antivirus business. Symantec is in the same boat with antivirus as well as encryption software from PGP. Networking vendors also see up-side in the mobile device security market. Cisco has AnyConnect and ScanSafe while Juniper Networks wants to combine its Pulse client with its recent acquisition of SMobile.
These vendors come at mobile security from many different angles with different security functionality in different places–some on the device and some on the network. Will this confuse the market? No. Enterprises are actually looking for a wide range of mobile device security functionality. According to an ESG Research survey of 174 security professionals working at enterprise (i.e., more than 1,000 employees) organizations, the top three most important mobile device features are 1) device encryption, 2) device firewall, and 3) strong authentication. They also want things like DLP, VPN, and device locking.
Beyond security functionality, most enterprises also want an integrated platform for mobile device security and management. In other words, they want a single software package for device provisioning, configuration, reporting, etc. They also want a common set of features for all mobile devices rather than a potpourri of different features for iPhone, Windows 7, Droid, Palm, etc.
It appears then that the mobile device security market will include networking, security, and management vendors along with device manufacturers and carriers as well. Personally, I think mobile device security will have a network architecture look to it, with technology safeguards built into devices, the enterprise, and the cloud. If this happens, integration will be critical for all leading products.
Tags: Android, AnyConnect, Cisco, Droid, Good Security, iPhone, Juniper Networks, McAfee, Mobile Active Defenses, Palm, PGP, ScanSafe, SMobile, Symantec, Windows 7, Windows 7 Phone Posted in Uncategorized | No Comments »
Did you see the series of announcements Cisco made this week? It was pretty impressive. This is the traditional season where Cisco announces products and new initiatives but this week’s announcements were very extensive — new switches, routers, security devices, wireless access points, WAN optimization equipment, etc.
In its marketing mastery, Cisco related all of these announcements to two core strategic initiatives, data center virtualization and borderless networks. In other words, Cisco is talking about the way IT applications and services are hosted (central data centers, virtualization, cloud), and the way they are accessed (wired and wireless networks, security, access control).
Cisco is clearly demonstrating that it plays in a different space then it used to. It’s all about industries, business processes, and enterprise IT now; the network simply glues all the pieces together. So why all these announcements at once? Doesn’t this water down the individual piece parts? I don’t think so. Cisco is actually doubling down on integration across its products with an overall strategy aimed at:
Now I realize that the “integrated stack” story has limited value today since customers have a history of buying servers from HP, wired networks from Cisco, Wi-fi from Aruba, storage from , etc. That said, IT is radically changing. For example, ESG Research indicates that server virtualization is driving a lot more cooperation across disparate functional IT groups. As these organizations come together, it’s only natural that they will look for common solutions from fewer vendors.
In the meantime, service providers and financially-strapped organizations (i.e., State/local government, higher education, real estate, etc.) will look for IT savings anywhere they can, even if it means moving away from some vendors with relatively stronger point products in the process.
Cisco also has a services opportunity in that it gets to play services Switzerland and partner with companies like Accenture, CSC, and Unisys in competition with IBM Global Services and HP/EDS.
Lots of people knock Cisco products and point to better, faster, cheaper alternatives. Maybe, but the overall Cisco story seems pretty strong to me. As of Tuesday, Cisco has a bunch of new products that support its corporate strategy and make its story even stronger.
Tags: Acceture, Aruba Networks, Cisco Systems, CSC, HP, IBM, Juniper Networks, Riverbed, Unisys Posted in Uncategorized | 2 Comments »
If you look at revenue numbers, Cisco is the clear leader in network security. That said, the company has been far less visible over the last few years–especially at the high-end of the market in consolidated data centers, wired and wireless carrier networks, and cloud computing infrastructure. This opened this lucrative market to Juniper’s SRX and the security duo of Crossbeam Systems/Check Point.
As the saying goes, “never wake the sleeping giant.” In an unprecedented series of announcements yesterday, Cisco announced its new high-end security system, the ASA 5585X. Cisco’s deepening data center chops are clearly evident here. The ASA 5585X is a 2 rack unit appliance, a small form factor that one-ups the competition in terms of power, space, and cooling but still delivers massive data center performance from 2Gb to 20Gb of throughput. Cisco also demonstrated that it is paying attention to the mobile Internet market by emphasizing that the 5585X can deliver up to 350,000 connections per second — a metric that will really appeal to wireless carriers.
The ASA 5585X announcement was one drop of a veritable waterfall of news coming out of Cisco yesterday. Whether you love Cisco or hate it, you have to give the company credit — all of the announcements were strong on their own, tied together with overall company initiatives, and supported one another. For example, the ASA 5585X announcement:
I don’t know how the ASA 5585X compares to the competition, but speeds-and-feeds are somewhat beside the point. The ASA 5585X gets Cisco back in the game. Combined with Cisco’s growing portfolio, data center experience, and un-matched marketing messages, it will most certainly sell a lot of high-end security boxes.
Tags: AnyConnect, ASA 5585X, Borderless Networks, Check Point, Cisco Systems, Crossbeam Systems, Juniper Networks Posted in Uncategorized | No Comments »
There must be a lot of junior people following the technology market these days — I’m really amazed at some of the stuff I read all the time. Back in the dark ages when I entered the Tech industry, we didn’t have e-mail, IM, blogs, tweets, etc., so you turned to industry rags like venerable Network World or Computerworld to get industry insider analysis. Now anyone with a keyboard and an opinion gets to speak. Good for free speech, bad for knowledge transfer.
Case in point–a friend forwarded me an article suggesting that the IBM/Blade Networks deal was a big blow to Juniper. With Blade Networks in hand, IBM would now package Blade Networks and IBM blade servers together to counter Cisco UCS featuring integrated networking and compute (note: the article failed to mention storage but that’s another point). While this wouldn’t kill Juniper, it would limit Juniper and others to the remaining laggards that want to buy separate networking and server boxes.
Now, full disclosure: Juniper is an ESG customer but so is Blade Networks, IBM, and just about every other tech vendor. That said, this article fails to recognize some very fundamental market realities:
Finally, Blade isn’t really a networking vendor as it really only has one product — network blades. Does this help IBM with turnkey blade servers? Yes. Does this help IBM compete on big network-connected “smart planet” projects? No.
Tags: Blade Networks, Ethernet, IBM, Juniper Networks Posted in Uncategorized | No Comments »
Last week, 20-somethings on Wall Street were buzzing about self-serving rumors that IBM would buy Brocade Networks. Well that didn’t happen (and I don’t think it ever will), but IBM did make a networking acquisition when it scooped up Blade Networks today. Terms of this deal were not disclosed.
Why Blade and not Brocade? Several reasons:
IBM is also probably anticipating a technology change in the HPC market as 40 and 100 gigabit Ethernet replaces Infiniband. Once again, Blade Networks will provide a turnkey blade solution for scientific computing and smart planet analytics. Blade also provides port and device consolidation for the burgeoning trend toward Ethernet-based storage.
I really don’t think that IBM wants a stand-alone networking business again, so an acquisition of Brocade, Extreme, Force 10, or even Juniper seems unlikely. With Blade, IBM can deliver a data center unit–complete with memory, processors, and networking/storage IO–in a tightly-integrated can. My guess is that IBM will sell a ton of these.
Tags: Blade Networks, Brocade Networks, Ethernet Storage, Extreme Networks, Force 10, HP, IBM, Infiniband, Juniper Networks Posted in Uncategorized | No Comments »
I was at Oracle Open World yesterday when I heard the rumor that IBM was going to buy Brocade. At the time, I was meeting with a group that had collective industry experience of more than 100 years. We all laughed this off as hearsay.
The fact is that IBM already OEMs equipment from Brocade (as well as Juniper) so it is not lacking in engineering experience or alternatives. Does IBM want to start a stand-alone networking business? Does it want to OEM Fibre Channel switches to and HP? Does it want to bet on Brocade/Foundry Ethernet switches against the rest of the industry? No, no, and no.
This is not the only silly rumor we’ve heard lately. Last week, Microsoft was going to buy Symantec. Yeah sure, there are no antitrust implications there. And does Microsoft really want to buy a company that has about a dozen products that are redundant to its own?
How about Oracle buying HP? Larry may be spinning this up for fun, but it’s simply crazy talk. Oracle, a software company focused on business applications and industry solutions, wants to get into the PC and printer businesses? Yeah, I know, “What about servers and storage?” To which I answer, “What about Sun?”
These rumors are circulating because of the recent uptick in M&A activity, but my strong bet is that nothing remotely similar will happen. The rumors must then be coming from one of two sources:
Not all mergers make sense, but there tends to be some business logic inherent in most transactions. Let’s try and remember that before spreading rumors for personal or unethical gain.
Tags: Brocade, HP, IBM, Juniper Networks, McAfee, Oracle, Symantec Posted in Uncategorized | 1 Comment »
You’ve got to hand it to VMware — it clearly understands the strengths and weaknesses of the ESX environment and is focused on improving the platform. Case in point: this week’s VMworld, when the company announced the VMware vShield family of security products.
From the early announcement, it seems that vShield is composed of:
Now I’m not at VMworld, so I’m reading between the lines. Nevertheless, I like the direction VMware is taking. ESG Research indicates that security is a big issue with server/desktop virtualization. This is true for everyone from virtualization newbies to sophisticated shops.
The vShield products are a great foundation for VMware, but I believe there is still a lot of work to do beyond clearing up the messaging. I suggest that VMware:
Tags: Check Point, F5, Juniper Networks, VMware, VMworld, vShield Posted in Uncategorized | No Comments »
Your email:
