PRINT THIS PAGE Opportunities for investment in internet security
19/02/2003. Source:Pitango Venture Capital. Rami Beracha and Sharon Gelbaum-Shpan
Investment in the internet sector has so far focused on its infrastructure. The emphasis is changing, however, as investors heed the importance of internet security. Rami Beracha and Sharon Gelbaum-Shpan of Pitango Venture Capital explore this change in strategy and discuss its inherent risks.
In the past two years, the security sector has become more visible, gained greater respect and, together with the 9/11 tragedy and other drivers, has gained a sense of urgency. In recent years, the nature of security has undergone a significant change. While traditional enterprise security solutions were regarded as protective, aimed at blocking unauthorised access, the new generation of internet security solutions is becoming an enabler of new business for the enterprise.
Unlike the more mature enterprise security market, the internet security market is still in the early stages of commercial adoption. It is lagging behind internet infrastructure spending by at least two to three years. Companies that spent heavily in building out their networks now have to address their security concerns. CIOs in Fortune 500 companies are placing security as the number one budget item, and more than 62 per cent of IT managers said that they plan to increase security spending in 2003.
Key internet security drivers
A few key drivers can be identified as promoting growth within the internet security market. Corporate LANs, isolated in the past, fundamentally changed with the advent of the internet. Suddenly private networks that never had to contend with the outside world were left to fend for themselves. Network administrators are now opening their networks to provide access to their roaming workforces, suppliers and customers that are connecting to the network through a variety of technologies. Each of these communications technologies carries its own security weaknesses. In order to combat potential threats from hackers and other unauthorised users, network administrators are beginning to search for solutions that provide the required level of security.
As industries move their business operations on-line and deploy mission-critical applications over the internet, the threats become more complex. They require innovative solutions to conduct business safely over the Web as well as to protect the e-commerce application and web-published content from being altered or abused.
With the deployment of broadband internet access services which promise ‘always on' connectivity, as well as the introduction of wireless LANs, a whole new set of security challenges arises. This connectivity leaves networks wide open for hackers and other unauthorised users. Add to this the fact that today external traffic running across corporate LANs has increased dramatically, and that remote storage devices are deployed widely, proportionately increasing the potential for a serious security breach.
As security has become a greater concern, traditional security schemes have been unable to meet the new challenges brought about by the emergence of a variety of new technologies. A new generation of security solutions, such as intrusion detection systems (IDS), content security, application security, storage security, virus scanners and similar targeted technologies have been emerging.
The US federal government could also be a key driver in this sector with the government recommending a 56 percent increase in spending in fiscal year 2003 for upgrading network security systems at its various agencies. Not only could government be one of the industry's largest customers, but it may play a major role in determining the direction of technology development within the private sector.
Major issues in the security market
The security market today is extremely fragmented with an abundance of product and vendor choices. Many companies built their security systems by putting together disparate single-point solutions from various vendors, which has proven to be expensive and difficult to manage. The resultant confusion and inability to manage a wide array of products have given rise to a new demand by customers for security solutions that offer greater interoperability, manageability and product integration.
Consolidation is the word being used to characterise the next step in the evolution of the security market. With customer confusion and the growing demand for interoperability and product integration, single solution technology providers (IDS, firewall, VPN etc.) are beginning to look for ways to augment their growth by extending their product offerings and expanding their market opportunity. This can be achieved through the acquisition of newer companies offering sophisticated technologies in other market segments.
Recent acquisitions by large market players such as Symantec and ISS, and additional acquisitions in the pipeline, demonstrate vendor attempts to build a truly interoperable platform for security products through consolidation.
Furthermore, it is believed that other large IT suppliers, such as those that operate in the networking and systems management areas, may choose to enter the security arena as it is one of the few technology sectors that is enjoying steady demand growth. They are likely to enter the market through partnerships with existing suppliers or through acquisition.
Another growing trend emanates from new players offering management consoles targeted at easing the burden of integration, management and interoperability by allowing companies to choose ‘best-of-breed' offerings in various security segments.
Investment risks in the security market
The security market has thus far managed to survive the current turmoil in the capital markets. While there are some positive prospects driving growth in this sector, there are threats and challenges facing companies that should not be ignored.
The security market is inundated with small, start-up companies developing specific technologies. Oftentimes these technologies provide innovative and exotic solutions. However, IT managers are conservative by nature and are slow to adopt new solutions. They prefer to buy from well-established vendors and system integrators with known brand names. Additionally, they are looking for a one-stop shop solution whereby one company will provide a complete security system. This makes it very difficult for start-up companies to sell directly to the customer.
While these start-ups are creating the next generation security solutions, which may become the mainstream of the future, they have to deal with the very real issue of survival. Raising capital is particularly difficult in today's environment. Start-up companies need to prove market validation through sales. In the security sector, the sales cycle is inordinately slow, even for well-established vendors, let alone for start-ups.
Facing those challenges, start-up companies in the security market are trying to establish strategic partnerships with leading vendors and system integrators in order to sell their products. This is no small challenge, however, because incumbent vendors are not known for ‘growth through acquisition' strategies, while system integrators will require a significant market traction as a condition to integration. Add to that the fact that in each market sector there are large numbers of start-ups, creating an inefficient market where supply is greater than demand.
IT managers may be committed to increasing their security spending, but they themselves are facing budget cuts, and security is not a revenue promoter. It is therefore difficult for IT managers to justify expenditures to upper management who are only aware of the need when it affects them directly.
A final word
Looking at the big picture, the internet security market looks intriguing. The proliferation of new risks and threats ensure that security will remain a dynamic market, creating growth opportunities for public and private companies alike. However, it is vital to look at the details and be aware of the risks inherent in this sector. All told, it is believed that as macroeconomic conditions improve, corporate profitability revives and businesses start spending again, surviving internet security vendors will be early beneficiaries.
Copyright © 2003 Pitango Venture Capital
Rami Beracha is a managing director and Sharon Gelbaum-Shpan is a principal at Pitango Venture Capital.
Pitango Venture Capital is Israel's largest venture capital firm and a lead investor in seed, early and expansion stage companies. It has helped grow over 80 companies, managing funds in excess of $700m in committed capital. For more information please visit www.pitango.com
|
