The Long IT Security Industry Winter

The Great Depression

I recently had the opportunity to sit down with Peter Kuper and discuss the impact the economic crisis has had on the IT security industry on the latest Beyond the Perimeter podcast (here). Peter Kuper, former analyst Morgan Stanley and SC Gowen, now associated with the IANS (Institute for Applied Network Security) organization notes that IT security spending is down, and with it, investments in security start-ups and innovation initiatives. Kuper believes that good new technologies and well managed companies can still attract investors and customers. Furthermore, the industry supports tier of robust, established private IT security companies weathering and even prospering in current conditions. While the short term remains challenging, Kuper believes that good technologies and companies can still get a foothold in the current economic environment. You can read more from Peter at the IANS blog (here), below are some recent comments from Peter (here)

The latest VC data continues to reveal the pressure on private companies needing capital. The steady decline that began over two years ago is still continuing its downtrend.


This is definitely not a good thing, as we have consistently looked to the private sector to develop the next-generation solutions needed to keep up defenses against the ever-evolving hacker community. The problems go beyond the money – even if the fortunate few see deposits in their corporate checking accounts the valuations of these investments add to the burn.

Down rounds

These trends further support our look to the government initiatives such as I4 as the private sector is under stress. The cynic in us can’t help but touch on the topic of bailouts for all the big boys, be they banks or botched auto companies, but what about the smaller players – the ones with the normal assumption of real job growth, let alone the real innovation that produces new products and whole product categories?

That said, we know of a very large group of private companies that are doing very well, including BigFix, Verdasys, and Qualys. Overall, we still recommend buyers look to the privates, especially given some of the antiquated wares of the public companies. Yes, they may be financially stronger — but what protection are you getting for your scarcer dollars?

Our recommendations have centered around:

  • Product strength (worth the risk of linking up)
  • Management team (ability to execute)
  • Investors (history, viability of the backers)

Overall, we still endorse the private sector but need to caution IANS members to check out the firm before they “leap”. This applies to public companies as well – just because you’re big doesn’t mean you can’t be bought, as we have seen from the original ISS acquisition and more recently the previously-envied Sun Microsystems. We’re watching that deal very closely to see which Identity & Access Management solution service is phased out in favor of the other. Costs still matter, no matter how big or small.

I wrote about the impact the economic climate would have on innovation back in October of 2008 (here)

Financial markets are in free fall, the credit market is frozen, the economic crisis is nearing biblical proportions, and investors are running scared (The credit crisis and bailout in plain English). The technology industry, more than any other, is driven and buoyed by venture capital money and without continued and sustained operating capital many companies will succumb to the end faster than they normally would have – the world no longer runs on dreams alone.

This whole thing will result in accelerated, forced enterprise and vendor Darwinism. Only the strong companies with a proven track record of success built on an operating and business model that is both agile and pragmatic will survive. For those that do survive they will exit the crisis fundamentally stronger than they have ever been, they will become the new technology thought leaders, their employees will be highly respected and their leadership will be in high-demand.

Hopefully we can progress beyond the long winter as we trudge our way towards a secure destiny.

3 thoughts on “The Long IT Security Industry Winter

  1. Pingback: Security Briefing – September 10th : Liquidmatrix Security Digest

  2. Pingback: InfoSec Compendium: September 11th | SecurEvolution

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s