Secrets of Security


Like many in the Silicon Valley, Kittu Kolluri has made a career of latching onto the next big thing. When he was at SGI, for example, he helped manage the company's fledgling interactive TV efforts. At the height of the dot-com boom, he helped launched WedMD. His latest gambit is no different. This time it's all about instant virtual extranet appliances that provide smaller companies VPN-like security for a fraction of the usual cost. Given what happened to interactive TV and WedMD, you may wonder if Kolluri, the CEO of Neoteris in Mountain View, Calif., is ahead of himself again with his big focus on security. Don't bet on it, experts say.

"I think the near-term opportunities are in two big technology areas," says Sanjay Kumar, CEO of Computer Associates International (CA), one of the world's largest software companies. "First, I believe there's a massive opportunity in desktop infrastructure protection. The second is application security."

Since the events of Sept. 11, virtually everyone in technology has picked security as the one can't-miss market opportunity. Despite the downturn in IT spending, for example, market researcher Dataquest earlier this year forecasted that the worldwide security software market alone would increase a robust 18 percent over 2001 to $4.3 billion. The tragedies of Sept. 11 could stimulate spending on security products and infrastructure for years to come, Dataquest says.

Despite the promise, however, a funny thing has happened to the security market en route to becoming the next big thing,something that caught even security insiders by surprise. Turns out that the first quarter was anything but a boom. In the last month alone, Check Point, SonicWall and RSA all released disappointing first-quarter results. Network Associates was hit with an accounting crisis, while CA posted a loss for the quarter of $238 million.

Although Symantec fared well in the quarter ended in March,sales for the Cupertino, Calif.-based ISV jumped 24 percent over the previous year to $310.8 million,CEO John Thompson acknowledges the sector's growing pains. "Enterprise software...has been hit tough by the economy. The fact that people assumed that security was going to be immune after Sept. 11, now, candidly, has proven to be an erroneous assumption," he says.

No wonder experts are calling for a significant market shakeout. In late March, Gartner analyst Alain Dang Van Mien issued a report that bluntly summed up what many believe is inevitable: "Expect Consolidation In the Software Security Market."

The Evolving Market

To help solution providers and IT consultants get a better handle on how the security software market is evolving, we turned to the heads of some of the largest security companies in the world for their insights. In the pages that follow are one-on-one interviews with Kumar, Thompson, Check Point president Jerry Ungerman and ISS CEO Tom Noonan. They discuss how their companies and product portfolios are evolving, and how their partner bases are changing, too. Ungerman, for example, sees a significant shift among his partners as they become security experts.

"It's interesting that a number of resellers we signed up years ago probably carried multiple products and technologies and did a lot of different things," he says. "Well, most of them now only do security. They have become security experts. They've honed their skills to go out and sell a true value-added differentiated solution, vs. any commodity plug-in firewall-type thing."

The evolution of a strong channel for security solutions has convinced several vendors to change their thinking and make bigger and bigger bets on their partners. At Neoteris, for example, Kolluri has laid down the mandate that no deal goes down without some sort of partner involvement. Noonan of ISS is substantially rethinking his go-to-market approach and investing heavily on building the channel for ISS. The reason is simple, he says: "The security channel is rapidly maturing."

Indeed it is. The emergence of stronger security solution providers is putting pressure on weaker companies, who now must decide whether to continue to invest in this market segment or get out and focus on their core strengths. With venture capital money tough to come by, many managed security service providers (MSSPs) are also at the brink this year, The Yankee Group notes in a March report on the security market. One way struggling MSSPs could revive their businesses, the report suggests, is by building stronger indirect sales channels, something several up-and-coming software providers are already trying to do.

That includes Securify, where CEO Mark Hangen is trying to jump-start indirect sales. Hangen joined Securify last November. At the time, he believes the company, which develops and markets the SecurVantage network-traffic-monitoring software, had an A-plus engineering and product development team but an F-level sales arm. One reason: a heavy dependency on direct sales, which today account for 90 percent of the company's business. Within a year, he thinks he can triple sales to roughly $13 million, as long as he can attract and retain top-level partners.

"We're ISS circa 1996," he says candidly of his 40-person company. Given the opportunities that lie in security, he's hoping to bring the company up-to-date as soon as possible. For his sake, pray he doesn't have to go through 2001 yet again.

Hopefully, the insights provided below will help you better understand the secrets of the security market.

Sanjay Kumar QandA: Upside For Those Who Commit
Tom Noonan QandA: ISS Gives Channel Another Shot
John Thompson QandA: Partners Crucial To $1 Billion Sales Push
Jerry Ungerman QandA: Check Point Branches Out