Thursday, October 21, 2004

Consolidation

Several commentators see the recent merger of Actional and Westbridge as a harbinger of industry consolidation among web service players.
  • David Sprott (CBDI Forum) discusses whether the industry is now "Crossing the Chasm".
  • Phil Wainewright (Loosely Coupled) thinks we are now entering the "Acceleration" phase. (He tells us we're still some way short of the "EndGame" phase, and then provides evidence that this phase has already started!)
From an economic perspective, this merger can be understood as a response to a given set of economic forces. In general terms it is easy to predict more mergers, and we may be able to identify likely targets by looking at such economic indicators as revenue, growth, funding, cashflow, cashburn and so on.

This merger can also be understood from a technological perspective, as an statement about the viability of stand-alone security products. The technological logic of the merger is to integrate security products into management platforms. The same logic can be seen in CA's acquisition of Netegrity. It is also implicit in IBM's Tivoli brand, which covers a collection of security and management products.

This reflects a growing recognition of the complexity and dynamic nature of security requirements. While many stand-alone security products do an excellent job at guarding against a specific class of threat, what is needed is an agile security architecture capable of rapidly mobilizing a range of effective responses to newly emerging threats.

Let's return to the economic perspective. Security attacks are designed to achieve the maximum penetration for the minimum effort. Many attackers are motivated not by technical ego but by results (criminal or political). If a given style of attack ceases to be effective, we can expect a new style of attack to appear. If the attackers are more agile than the defenders, then this gives them a natural advantage. Against an agile attacker, it is not wise to invest all your resources in fixed defences.

No comments: