Home > Midmarket CIO News > Best of breed vs. big security: What's best for SMBs?
Midmarket CIO News:
EMAIL THIS
COLUMN

Best of breed vs. big security: What's best for SMBs?

By Mike Rothman
19 Feb 2007 | SearchCIO-Midmarket.com


Technology news and tips for midmarket CIOs
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Historically, security has been a best-of-breed market. By that, I mean customers would buy the leading product in each category and integrate the products into a cohesive whole. But now, is best of breed still the right approach? Even for small and medium-sized businesses (SMBs), which by definition are time-, resource- and money-constrained?

More from Mike Rothman
Managed security services -- an SMB option

Email encryption: Five steps to success
In 1997 McAfee Inc. did a series of acquisitions, both in the networking and security space, and dubbed itself Network Associates. It was really the first security aggregator, though Axent followed that model until Symantec Corp. acquired it. The thinking was that by building a broad product line, customers would buy all the products, and growth and market domination would follow.

A decade later, we can safely say that experiment didn't work out. A few years ago, McAfee spun off pieces of the business and went back to its name and heritage. Symantec has struggled with the Axent products for years, though it keeps buying stuff and integrating it. Customers didn't want integration.

But things have changed. There are a lot more attacks and a lot more security technologies to deal with, and it's not like SMBs have bigger budgets or more resources, right? So you need to do more with less.

Many of the security technologies have also matured. There used to be a big difference between the leading and the 10th-place firewall. Now there isn't. Mature technologies tend to become functionally comparable, and that's where we are in many security sectors. Technical differentiation is gone. All the products can do the job. Which means the value proposition needs to change.

Now integration makes more sense. Wouldn't it be great to enforce a single policy? That would be the Holy Grail, eh? Do you want to always manually aggregate data to get a simple report about what's going on? Maybe dropping a couple hundred grand on a security information management product could make that problem go away. Is it still novel to run 10 security agents on each desktop? Of course not.

But that doesn't mean best of breed is dead. So here are a few thoughts on how to know if it remains the choice for you.

  • You still like the knobs. It's OK. I won't tell anyone. There are some administrators who want or need control. They are not going to cede the responsibility of integration to anyone else. So they continue to buy best of breed and keep on keeping on. There is nothing wrong with this, if that's what you're into.

  • You have very specific requirements. Perhaps it's a very specialized application or a detailed policy that you've built into your content filter. In some cases, the amount of work required to move to an integrated solution defeats the economic advantages. In that case, stick with a best-of-breed product.

  • Your brother-in-law is CEO of a best-of-breed company. How uncomfortable would Thanksgiving be if you unplugged the standalone antispam gateway and outsourced it, or achieved the same result with a unified threat management box? Not worth risking the candied yams.

  • You root for the underdog. If Cisco Systems Inc. or Symantec represent a Darth Vader-like character to you, then you probably aren't looking for an integrated solution. You wouldn't be able to sleep at night, knowing that you chose the Empire over the Resistance.

    Of course, the last two were a bit tongue-in-cheek, but the reality remains that there will be some situations where it makes sense to buy a best-of-breed product, just not as many as there used to be, especially for an SMB.

    Mike Rothman is president and principal analyst of Security Incite, an industry analyst firm in Atlanta, and author of The Pragmatic CSO: 12 Steps to Being a Security Master. Get more information about The Pragmatic CSO at http://www.pragmaticcso.com, read Rothman's blog at http://blog.securityincite.com, or reach him via email at mike.rothman (at) securityincite (dot) com.



    Tags: Information security management for the midmarketSecurity tools for the midmarketVIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



    RELATED CONTENT
    Information security management for the midmarket
    Droid does, but will IT support it?
    Information security program revamp adds outsourcer oversight and more
    From data breaches to risk management frameworks: Test your knowledge
    The challenge of managing risk when IT budgets tighten
    Why cybersecurity awareness is everyone's responsibility
    Information technology management e-book downloads for midmarket CIOs
    10 must-have steps for an effective SMB information security program
    Your IT security budget: How to get more bang for the buck
    Using key risk indicators to sell your information security program
    IT security spending a bright spot in '09, with more growth predicted

    Security tools for the midmarket
    Why CIOs need to get real about identity and access management in 2010
    Free risk management tools and resources for the enterprise
    IT security spending a bright spot in '09, with more growth predicted
    Security and risk management in the midmarket
    Identity and access management planning guide for the midmarket
    A CIO's advice for implementing single sign-on solutions
    Options for outsourcing security grow, offer IT budget savings
    Network access control: Pointers for getting the knack of NAC
    Unified communications: Securing access to OCS
    Unified communications security: How safe is it?

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    • Midmarket CIO Technology Advisor
    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    SEARCH 
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2007 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts