Thursday, 9 August 2007

Where's security going?

I'm having flights of fancy, as I often do after reading Jon's Network. Today he talks about network devices needing more interoperability. Now I know Jon works for a reseller who shifts a lot of network devices in the US, just as I used to in the UK. It's interesting to see the patterns which the market follows, occasional panic buying of the latest fad, long periods of nothing for vendors who are out of fashion, but if you remove the peaks and troughs, it's otherwise pretty random.

Newflash: People buy kit when they need it.

So, when Jon talks about having a generic platform on generic hardware that we can turn into whatever device we want, anywhere in the network, that would make sense wouldn't it? I can't see any device vendors agreeing with this somehow. I can hear them all cringing in fact, because they will know, as we do, that their balance sheets aren't looking as healthy as they were 5 years ago.

I've seen the market really slow down recently. Mark Curphey talks about the long tail of security. The truth is, the short fat end of the beast is already full to bursting, the long tail is all that's LEFT of security. The bloated security pig has gorged on overweight, slow moving devices for a long time, and now it's just full of the skeletons of long dead technologies which it needs to dispose of. [I should just note here that the pig/beast I refer to here is Security, not Mark.]

Nice analogy, but does it mean anything?

Truth is, I don't know, and I could argue myself into the ground on this one. The theory is right, but the practice will be far different. People will not shell out on generic hardware when they don't need it. Businesses invest in hardware when they have a specific issue to address. If device A can fix that ten times faster and better than device B for the same price, the business will buy that, regardless of whether device B can boil the kettle and make toast too.

Generic hardware will not be trusted to do a better job if it's doing more than one. The only way the platforms will ever become more widely adopted is through open source. The hardware I suspect will be recycled as virtualisation technology takes over and the hardware is less important.

Of course this has ramifications for distributors and resellers. Theoretically the hardware market should reach a plateau, the software market should go open source, and the only products left will be low margin niche add-ons. If this happens, the only money is left in consultancy.

This feels familiar to me, when the hardware market collapsed in the 80s and IBM had to make a spectacular change of direction (read IBM Redux for the full story, quite amazing. My father was quite senior in the UK arm at the time so I knew a little bit about it first hand, they were worrying times). This was due to everyone else jumping into the hardware market and Microsoft cornering the operating system of course. But this isn't so different to the way things are now. The hardware market is already saturated with as much kit as can usefully be sold, only replacements are left, and only a change in the way it is used can make any sense in getting more value from it.

IBM became very good at consultancy of course, and investing in smaller companies to do specific tasks. Kind of sounds like Web 2.0 to me. I think IBMs model is sustainable... :) They seem to have done a pretty good job of staying alive so far! This seems to be the only way of riding out the changes in the market that we are seeing. So should we all be consulting?

Well no. The only way we are going to make any progress at all is if there is some variety. We need to be talking about standards so that the things we are fitting into the long tail can all talk to each other as Jon says. XML may not be the best tool for the job, but I think this is just an example of a very flexible standard, there are plenty of others.

I can't help thinking that we need to be moving towards software solutions rather than hardware, it should all be about presenting the customer with choice, and there's no real quantum jump in this for the clients.

The only problem it presents is to hardware vendors when the massive margins disappear. Some hardware vendors argue that they need specific hardware to do the job, built in HSMs, FPGAs, ASICs, etc. but I'm pretty sure we could build all of that into generic hardware boxes too. The problem then is, who's going to build the hardware and take all the risk?

For this reason I think we will see the large hardware vendors continue to do well, the new kids on the block will be forced into SOA software to survive, and the existing solutions may have to port hardware solutions to software only, integrating with SOA or .Net, depending on which world you live in.

Might not happen like that though, just a thought...

No comments: