A growing number of storage and security players are getting hitched in an attempt to reposition themselves as the two markets converge. In the most recent example, storage giant, EMC, gobbled up RSA Security. IDC Asia-Pacific associate vice-president for storage, Graham Penn,predicted more unions as vendors saw the significance of integrating security with information management.
The trend started about 18 months ago, with Network Appliance snapping up security appliance company, Decru. The deal boosted its line-up of data protection solutions.
"Vendors see security as an inseparable attribute of information and they are on the acquisition trail," he said. "EMC realised it's a big issue and got religion. It had bits and pieces of security before, but until RSA it was not committed."
The storage and security story has more layers than an onion, with Penn highlighting access and identity management, securing data across networks, data on arrays, the physical security of data centres or servers, privacy and confidentiality as key considerations.
As the storage business shifts towards holistic information management, will the trend for storage and security players to join forces continue? Penn certainly thinks so.
"EMC has already scooped about 30 software companies and HP took in about eight," he said. "The big players are buying the bits and pieces they need to fill out the hardware, software and services portfolio."
The industry would continue to move in this direction in part driven by the compliance and regulatory push and the need to store, manage and secure every aspect of the data centre from the cradle to the grave, he said.
"It's part of a bigger plan. Compliance is driving the increased interest in security and storage, in particular encryption," Penn said. "We need to manage the data and devices better. We need to manage the infrastructure holistically."
While the storage and security convergence trend is well underway, Penn predicted it would take another 12-18 months before we see any real product development in this area.
As those products start to mature, he said the morphed technology would be ideally suited to vertical markets including health and financial. Resellers, Penn said, should focus on verticals with a strong emphasis on security and access controls. Users will need technologies to secure information throughout its lifecycle no matter where it resides or travels.
EMC marketing and sales support director, Clive Gold, said the security push was happening in a big way. In addition to the RSA scoop, the company picked up digital rights management software provider, Authentica, eight weeks ago in a bid to round out the information-centric security approach.
"The security market has moved from the traditional role of building fences around select areas," Gold said. "The parameters have changed and you need to protect all facets of the network and the information."
The goal is to help users take a holistic approach to security and storage, which means more than data encryption and password management.
The goal of the RSA merger was to create a common set of security services across products, he said. Once the acquisition was complete, RSA would operate as an information security division of EMC. The RSA line of single-sign-on, authorisation and token-based access provided the foundation technologies for EMC to integrate into its storage line.
The industry was moving away from point products, Gold said, and enterprise customers were going to see less need for add-on security products to protect stored data. Encryption could be set on the storage system, while virus detection could be built into the network or operating system.
"There shouldn't be more security products, but more secure product. The $6.5 billion security software market shouldn't exist," Gold said. "Why buy a car and then have to buy all of the individual bits? It should all be included under one roof. The vision is to see more embedded product."
Highlighting the need for embedded security, Gold said the company had set 54 guidelines as part of a product security policy.
It would be implemented within the product development lifecycle, many of which will be completed by the end of the year, he said.
"We'll see lots of action in the area of user control, network control, audit/log, encryption, secure coding, third-party components and security testing," he said. "We're at a crossroads.
During the next couple of years we'll see lots of activity in information-centric security. This will cause noise in the channel."
Gold said an information-centric security strategy would help customers assess the security of information, secure information infrastructure and directly protect sensitive information while managing security information and events to assure effectiveness and ease the burdens of compliance.