5:00 AM -- In high school chemistry, we learn that the world is made up of compounds things that are mixed together to create something else, and elements, substances that are so basic they can't be broken down into any further constituent parts. Chemists enjoy taking the elements and trying to create new compounds that do something new or better.
Apparently, the IT industry is full of chemists, and security has become one of their favorite elements with which to experiment.
Everywhere you look, big companies are trying to find some way to fuse security (one of the industry's most critical and lucrative technology areas) with whatever they're selling at the moment, in an effort to create the next "new paradigm" of computing. The industry's largest vendors are playing with security like it's sodium, mixing it and melting it like Dr. Frankenstein:
- If we haven't pounded it into your heads by now, EMC last week gobbled up RSA Security. EMC CEO Joe Tucci said the company sees security as part of the enterprise infrastructure, and will embed the RSA technology in its storage offerings. (See EMC Secures RSA for $2.1B and Did EMC Overpay?.)
- Symantec last week cast off the mantle of appliance vendor while putting on the hats of service provider and consultant. Symantec, which is still wrestling its storage-oriented Veritas subsidiary into line with the rest of its security business, now is positioning itself as an integrator and provider of both software and services. (See Symantec Streamlines Security Biz and Symantec Bundles Security Services.)
- Microsoft made a huge splash into the security market, launching its Forefront line of products just a few weeks ago. Microsoft officials said that embedding security in operating systems and applications will help enterprises protect themselves against internal and external threats. (See Microsoft Moves Security to 'Forefront'.)
- Cisco Systems, which has acquired several security companies over the past 18 months, is building a "system approach" to security that will help enterprises secure data by securing their data access points. Those access points, not surprisingly, are in the network driven primarily by Cisco switches. (See Cisco Seeks to Fill Security Gaps.)
All of these vendors are attempting to mix their own technologies with security in order to create a new enterprise infrastructure that relies on them, not only for their primary products, but for security as well. They make it sound pretty noble and visionary, but what they are really trying to do is fuse security into their product lines, so that you'll have to buy both.
Will it work? Probably. If Microsoft builds security features into its operating systems, can anyone avoid them? If Cisco switches have specific security functions, they will become industry standards. EMC doesn't have quite the clout of Microsoft and Cisco, but whatever it does with the RSA technology will instantly become part of many large IT environments.
Just for the record, though, we'd like to remind these vendors that no matter how they meld security into their own product lines, the security function itself will always be an element of the IT environment, just as iron or zinc are elements on the periodic table. You can't mix storage and security together and call it a secure infrastructure. You can't build security into a bunch of switches or applications and call it an "enterprise solution."
In the end, security is a function of enterprise IT, not an embedded product feature. It involves people and processes, as well as technology. Some of the new compounds may help, but it will be security departments, not products, that solve the problem.
Tim Wilson, Site Editor, Dark Reading
Cisco Systems Inc. (Nasdaq: CSCO)
EMC Corp. (NYSE: EMC)
Microsoft Corp. (Nasdaq: MSFT)
RSA Security Inc. (Nasdaq: EMC)
Symantec Corp. (Nasdaq: SYMC)