It ain't over till...

Industry pundits and journalists are always looking for signs of new trends. One productive method is to look at what is popular and in the news and challenge its popularity. Cyber threats, and the industry that battles them admittedly get a lot of press.  “Security’ even shows up favorably against terms like “football” according to Google Trends. 

But in this case the trend is towards more security companies not fewer.

There are three major reasons why I feel it is not “over” in IT security.

First and foremost: Microsoft.  A single platform used for hundreds of millions of desktops, laptops, PDAs, and  servers, creates a monoculture that is vulnerable to wide spread exploitation. Add to that the overwhelming burden that Microsoft faces to secure those machines with new and improved releases of its bloated code and you have a security nightmare.  Microsoft is not going to support or protect legacy versions of Windows which will continue to harbor zombies, bots, and spyware. The much acclaimed Vista, due to be released towards the nether end of this decade, will not be widely deployed until 2010 at this rate. And of course, in the meantime, old bugs hiding in re-cycled elements of Windows, will haunt Vista with monthly revelations of critical security flaws.

Second: the threats. By this time everyone is aware that there has been a real escalation in the last 18 months. Put it this way. The Internet harbors a background radiation level of worms and viruses that is lethal to unprotected PCs. It has been that way for years. Now the Internet also harbors a growing community of criminals who are becoming wealthy by stealing stuff. That is a huge change. Yes, there are start-ups that are struggling because they are introducing new ways to counter the background radiation, something the big established players are good at.  But the real challenges orbit around the threat from cyber criminals and state sponsored hacking.

Third; there is no convergence in IT security.  This is not like airlines, or ERP companies.  Because of the constant evolution of the threats there is no opportunity for technologies to mature and become commoditized.  

Does this image from the IT-Harvest Knowledge-Base leave the impression that it is “over” in security?  These are all the security product vendors in just the Bay Area. Even Symantec cannot buy that many!

The last 12 months actually mark the beginning of the next phase of development in the IT Security space: The Cybercrime Era.