I recently met with Simon Church, UK managing director of Integralis who informed me that there are around 800 vendors in the security space.
Integralis, who describes itself as ‘doing pure integration services with vendor technology and delivering solutions with managed services', is able to see an overview of what is happening within the industry, and Church's revelation of the size of the industry may not be surprising to some.
Church said: “There are now 800 vendors of security solutions and we are trying to find the right service.” He also admitted that it is a challenge, but it is interesting to go to the smaller stands at Infosecurity Europe and meet with companies who may have cool technologies that he may not even know about.
“A few weeks ago I took a solution to a customer with lesser known technologies, we are trying to reposition ourselves, but it is about good and bad practice and the ability to manage people,” said Church.
This led me to think, with all of the acquisitions that have taken place in this industry, particularly over the last 12 months, I had an assumption that in fact the industry was becoming too narrow with niche providers snapped up by larger organisations keen not to miss the boat.
At a recent industry roundtable with Websense, I met Louis Gamon, information security co-ordinator at John Lewis and the director of administration at ISSA. He commented that there is a challenge for professionals in his position to choose the appropriate solution.
He said: “I am not going to spend £1 million on things that I will then throw out, I do not neglect current risks but I have to be sensible and prioritise on what we do and focus our attention.”
I asked him how he chooses solutions from the apparent 800 or so selection of technology vendors. He said: “You have to pay attention to analysts and we follow Gartner. We go for the ‘innovative' rather than the ‘leader' or what models fit our environment. We have to get advice and guidance from somewhere and we talk to colleagues and what is working. There is a reasonable amount of information sharing.”
Back in March the Jericho Forum launched a self-assessment tool to check the effectiveness of an IT security product against its commandments. This enables vendors to differentiate their products, based on a three-tiered scoring process that assesses how well their product or solution satisfies the requirements implicit in each commandment. A ‘passed' product will be able to display the Jericho Forum's ‘Self-Assessed' logo on its website and marketing materials.
Much like the internet and the universe, with so much innovation and interest in this sector it is hard to measure just how big this industry actually is. Okay, so I am exaggerating, but after concerns voiced in the past about acquisition ‘narrowing' the industry, in fact it seems that there is more than enough of a selection of inspiring technology.
If you are working as a security manager, how do you select products? Alternatively if you work for a technology vendor, how are you selling to buyers, and how much does analyst influence, as mentioned above, mean to you?