Compliance Fuels Security, Systems Acquisitions
Federal mandates for security assertions and records retention trigger consolidation in the IT industry.
Compliance requirements are fueling convergence between systems management and security markets, highlighted by several acquisitions over the last few years, experts said.
Last Wednesday, Altiris agreed to acquire Pedestal Software for threat management for $65 million. BMC filled an important gap in an existing identity management product line by buying OpenNetwork for $18 million. Novell shored up its resource management and IT asset management suite by moving in on Tally Systems for an undisclosed sum.
While the three purchases don't seem to have much in common other than an effort to broaden management software portfolios, the deals were perhaps fueled by larger business governance mandates, such as Sarbanes-Oxley, SEC 17a-4 and HIPAA, according to Burton Group analyst Phil Schacter.
The software additions should make it easier for vendors to help corporate customers meet federal compliance and governance regulations. Gartner analyst Ronni Colville, who tracks the maneuvers of management vendors such as Altiris, Computer Associates, IBM and BMC, agreed.
She said needs for compliance and secure environments are big drivers for the IT Infrastructure Library (ITIL), a series of documents used to implement processes for IT service management. ITIL is popular in Europe and is starting to pick up speed in the United States.
"There's a lot of pressure around IT becoming more business driven," Colville said in an interview. "The way it manifests is in that customers need to be a better buyer of IT technologies, and the way that happens is they're now buying single-vendor solutions."
"Vendors are trying to broaden their solution stacks," she said. "Gone are the days of the best of breed. From audits to vendor relationships, there is a push to getting everything from one vendor."
For example, the Altiris bid for Pedestal will help the company ensure compliance for desktops, laptops and servers by managing threats to and vulnerabilities in computer networks. Novell moved on Tally to pad its ability to provide inventory checks for compliance.
Though less obvious than Altiris' and Novell's moves, BMC's purchase of OpenNetworks was a reaction to customer requests for secure Web applications in the name of compliance, said Somesh Singh, general manager and vice president of BMC's identity management business.
"OpenNetworks has done a tremendous job helping Blue Cross/Blue Shield stay in HIPAA compliance," Singh said. "Compliance and auditing is a major driver for lots and lots of customers to take on ID management projects."
Chicken vs. Egg?
Singh said many of BMC's customers have already purchased systems management and want to add security to brush up their networks. He said security is a nascent market compared to management, noting that it started as a market for the consumer and small- and medium-sized business segments.
Colville agreed, noting that most of the customers she talks to have systems management in place, and want to fortify their networks with security.
If this seems like a bit of a new spin on the chicken vs. egg theory of what came first, it is. Compliance has helped pave the way for convergence between systems management and security, sure. But what is driving what?
Colville said security revolves around systems management, allowing that security analysts will say that systems management revolves around security. She described security as the driving force behind buyers, with systems management folks as the chief implementers of the technology.
"To some degree, there needs to be an actual partnership," Colville said. "Security may have more power, but they're not the doers. There needs to be tight synergy between security and systems management. You don't want different tools to manage one system."
Purchases by Altiris, BMC and Novell aren't the only evidence of the convergence of systems management and security. HP nabbed server automation companies Novadigm and Consera.
In a flipside to that coin, security powerhouse Symantec bought remote PC management outfit On Technology in 2003 and later bid for Veritas Software.
Traditionally known as a storage vendor, Veritas in recent years has acquired application performance management and other types of computing software that ease network pains.
Singh thinks systems management will ultimately cannibalize security.
"Security is going to fold into the systems management world because it logically doesn't make sense for you to manage infrastructure without security being weaved into every part of it," Singh said. "Eventually it will be the same market."