IT Security (ITSEC) – the umbrella descriptor for technologies designed to protect the digital superhighway – is coming into its own, and in a big way.
Coming on the heels of repeated breaches of government and corporate networks, theft of credit card records measured in the hundreds of millions and concerns over the security of medical records as they transition to digital storage and delivery, the security risk index on computer networks has moved from "potential" to "we’re under siege". With active attacks measured in the hundreds of thousands each and every day, the old adage that a chain is only as strong as its weakest link – in this case, the computer networks that represent the fabric of commerce (and government) on a global basis – is top of mind for chief security officers (CSOs) around the world.
Increasingly, these attacks are originated by state entities engaged in governmental and/or commercial espionage and highly organized criminal gangs. While the 13 year old wunderkind who "hacks" for fun is still with us, the attacks today are orchestrated by the equivalent of PhDs as well educated and sophisticated as any in the world in search of treasure – intellectual, commercial or political. They are well funded, highly disciplined and have the advantage; whereas the defense has to be successful in meeting every attack, the offence only has to be successful once. This is asymmetric warfare of the electronic sort and it is one of the frontiers for innovation and investment in today’s entrepreneurial communities.
Recent M & A activity is an indicator of the growing interest and urgency in all things ITSEC. Over the last few months:
- HP acquires ArcSight (9/13/10)
- VMware acquires TriCipher (8/31/10)
- VMware acquires Integrien (9/1/10)
- CA Technologies acquires Arcot (8/30/10)
- Intel acquires McAfee (8/19/10)
- St. Bernard Software acquires Red Condor (8/4/10)
- Tektronix acquires Arbor Networks (8/9/10)
- McAfee acquires tenCube (7/29/10)
- Commtouch acquires Authentium (7/27/10)
- Juniper Networks acquires SMobile Systems (7/27/10)
- Digital Barriers acquires Overtis (7/23/20)
- Mobile Media Unlimited Holdings acquires Enable Software (7/22/10)
- GFI Software acquires Sunbelt Software (7/13/10)
- Quest Software acquires Volcker Informatik (7/12/10)
- Boeing acquires Narus Networks (7/7/10)
- IBM acquires BigFix (7/1/10)
While 16 deals exceeding $10bn in the period of 75 summer days is a robust level of activity, all indications are for an increase in M& A acquisitions in the months ahead. Driven by unprecedented levels of cash on the balance sheets of major technology corporations and a deep seated conviction, born out of empirical data on the breadth and scope IT attacks, ITSEC looks like one of the next major growth areas for technology spending. As one enterprise CSO told me: "No one argues about whether or not our IT security budget will be up. The question is up by how much? We can’t afford to be wrong or vulnerable". Echoing the sentiment, an eminent CSO of a major technology company confirmed "you think the level of activity around ITSEC is hot now? You haven’t seen anything yet".
Further fueling the fire is a larger than might be anticipated set of interested buyers for ITSEC solutions. In addition to the "usual suspects" from the IT world, major systems integrators are showing significant interest, looking to meet the needs of their governmental customers while also looking to spring board off their government experience with ITSEC into the commercial sector. Lockheed, Boeing and General Dynamics are among the first names to come to mind on what will be a growing list. Add to that group, major telecommunications looking to secure the data (remember, it’s all IP packets) that traverses their networks while offering new "secure data services.
While the data and trend once again confirm that venture-backed innovation is not only alive and well, but profitable for entrepreneurs and their backers, let’s hope that this success is not penalized by the all too common overcapitalization of the sector through too many undifferentiated "me-too" companies. It proves that the concern that venture-backed innovation has run its course, is once again being proven wrong.