An Industry in Transition

March 21, 2007

What is going on in the IT industry?  Many people are saying “we are no longer a growth industry!”  I see it differently.  We are an industry in transition.  Zoom back and think about it.  We are a young industry in comparison to other industrial sectors.  They have experienced several messy transitions.  Why not us too?    So what is happening? 

I think it is prudent to look to the past to get a sense of our future.  In my opinion we are moving thru an interim commoditization stage.  Globalization is driving economic compression of the compute stack.  Hardware is at the bottom of the stack so it carries the full weight of everything above it.  Could this explain the sideways trend in many chip stocks?  I think so. Further, we as an industry, have focused on speed, features, and tech whizzes often at the expense of security and manageability. 

Our customers are asking for something pretty simple if you really think about it.  Give me the hardware, software and management methods for me to deliver my business process in dependable, secure and cost effective way.  The fulfillment of this straight forward and reasonable request has triggered many fundamental changes.  And many of the assumptions that we have built our compute models and our threat vector models on simply are no longer accurate. 

A major one is the assumption of a “perimeter” for our IT.  Locked safely in a glass room, and touched by just a few, our compute devices generally work remarkably well.  But that does not represent current reality.  Assuming that our major threat risk is from the outside through an increasing diffuse perimeter is just silly.  It is clear that we are rapidly moving away from traditional monolithic computing methods where computing devices run a single OS with multiple business applications, each one easily capable of taking down the entire system.  In its place we will see: 

  • Virtualization: To deliver on the promise of improved hardware utilization and security, will be the norm, as each computing device easily supports multiple heterogeneous OS environments and specialized business functions.  With benefits such as improved stability, performance and process isolation, virtualization looks to become the dominant enterprise computing model.
  • Thin(ner) clients provisioned “on demand”:  These devices will be useful to reduce persistent data end-point exposure in enterprise environments.  Also these devices can pave the way for the pay as you go Software as a Service (SaaS) market.
  • Platform Absorption:  In all cases the platform will begin to subsume many (if not most) of the technologies and mechanisms that are currently imposed on the platform “after market”, usually at customer expense.  Like other industries, security and safety in IT should be built in to the cost of the product and/or services.  Early examples of platform implicit methods include the vPro offering from Intel, and the slated “secure methods” offerings from Sun relating to new, announced features in Solaris 10.

So the “think about” issues here are: Assuming these realities are true and the changes ARE imminent, how do existing vendors remap to the new paradigms? Where are the new business models when the vertical industry demarcations a remapped?  Where can new companies find sustainable, defensible business opportunities with reasonable margins? What do the new business models look like for emerging companies?    What happens to security and compliance as the effective lifetime of the traditional compute stack moves from months to hours?  I believe that these fundamental changes are way overdue and necessary.  With change comes opportunity.  Thoughts? 

Advertisements

BankInfoSecurity.com Security Podcast with Wyatt Starnes

March 19, 2007

There hasn’t been an information security event like 9/11 yet but it may be only a matter of time before there is one. BankInfoSecurity.com recently recorded a podcast with Wyatt Starnes, SignaCert’s CEO, about emerging cyber threats and the new approaches being developed by the high tech industry to counter them.


Precision Security Fighting at Cisco

March 7, 2007

John Stewart, who heads up Cisco’s Global Security Team, was interviewed on CNET about the changes he sees in computer security attack methods and the how they apply to consumers and the enterprise.