Editor’s Note: The following is a guest post by OpenDNS CEO David Ulevitch. OpenDNS is web-based DNS management software, an alternative to using a given ISP’s DNS servers.
Disruption doesn’t happen in a vacuum, it happens in context. And there is no greater example of disruption than in the enterprise technology market right now. Much of this is largely thanks to changing enterprise landscapes (consumerization of IT, cloud apps, mobility), new sales models and innovative go-to-market strategies (SaaS, Yammer d’état, land-and-expand) that leave the entire space ripe for disruption.
We’re seeing it happen right now in a number of business-critical spaces: CRM (SFDC), Storage (Box), Compute (Amazon), Collaboration (Google Docs) and others. Security, one of the largest budgeted areas in enterprise IT spend, is next.
The enterprise worker of 2012 looks wildly different than she did in 2005 (which isn’t so long ago!). Today, her applications are Salesforce, Google Apps, Box, and many other cloud-based services – the latter two didn’t even exist before 2005. She uses these services on myriad devices like her iPhone, iPad and laptop. Moreover, she does this from her office, her home, cafés, airport lounges and more. She is a digital nomad, fully embracing the idea that work is a thing you do, and not a place you go. Unfortunately, enterprise security missed the boat.
Much of this change has created a void that enterprise security vendors have ignored. When the work happens outside the network, on consumer devices, and the applications live in the cloud, the expensive legacy security appliances with no traffic running through them act much like the silent tree felled in the forest. This is happening, and as it turns out, this has created a massive window of opportunity for disruption.
Enterprise security today is at a crossroads. CSOs have been outflanked by the proliferation of mobile devices and cloud services, whereby many security best practices are being ignored in the interest of embracing access and collaboration. Simultaneously, the threat landscape is becoming increasingly more sophisticated and nefarious. The security market leaders (Cisco, Symantec, RSA, Checkpoint, Blue Coat, etc.) are having a hard time staying relevant as their historical “speeds and feeds” style of security ceases to address market pain. In fact, a Gartner report recently pointed out that while the overall security market is growing nicely, the share of the pie held by the big 5 security vendors is shrinking year over year, a scary thought for their long-term shareholders.
So if the paradigm of forcing all Internet traffic through an appliance at HQ doesn’t make any sense when the employees are out of the office, working on personal devices the company doesn’t control and using cloud applications, then what do we do? Where do we go from here? Companies have compliance, fiduciary and regulatory requirements to protect their employees, their data, and often their customers from security breaches and threats. Should every company ban iPhones? Facebook? Dropbox? Should employees be required to use a VPN to headquarters just to use Salesforce.com? None of those sound good, but there is a path forward.
First, companies need to recognize that a firewall and a VPN no longer cut it for security. To paraphrase The Matrix, there is no perimeter. Second, organizations need to embrace reality – I still see debates about whether or not employees should be allowed to “Bring Your Own Device” into work. It doesn’t matter if BYOD is a right or a privilege; that’s the wrong question. BYOD is a reality. Smartphones are here to stay. Cloud services are only becoming more and more entrenched.
The security company of the future will focus on how to help these new nomadic workers securely access data and how to do it while protecting employee privacy and allowing them to get work done.
So why are the legacy vendors screwed? In order for a big security company like Cisco or Blue Coat to offer a service that actually provides protection for an enterprise, across all of their machines and devices, they’d first need to have a fundamental business model shift from selling boxes to selling services. Sales goes from selling boxes to selling subscriptions. Engineering goes from shipping metal to running a 24
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.