Date: Saturday , March 31, 2007
Principal, Hummer Winblad Venture Partners
Prashant Shah has been instrumental in many investments including Baynote, Bridgestream, Cenzic, InMage, Jareva Technologies, Krillion, Scalent, SyncVoice, Tizor and Voltage Security. He also observes a number of these boards. In addition, Prashant is an active Charter Member of TiE Silicon Valley, where he is Chair of the Software SIG.
Security is contagious. Every new technology or development platform that is produced will see security have a grasp around it. And this is the biggest challenge in the security space today.
Today enterprise security is moving towards the edge and acquiring a strategic fashion. Earlier on, it focused on proving protection just to the core-centralized assets. Now the software is slowly transforming from a very centralized, mainframe-type to a more distributed architecture. Currently, the area (security) is finding new uses as similar security threats are shifting base from desktops to blackberrys and PDAs. This essentially has opened the market for security that is more ‘enter-fabric’ or inbuilt into the way computing is developed. It has to go beyond just anti-virus facility for desktop and other intrusion detection for servers.
The areas in enterprise security witnessing unprecedented growth are the wireless and compliances sectors. While on one hand, wireless remains the same with familiar set of processes, mindset, the addiction to this morphine has become quite a challenge. Wireless makes things around very easy, end users love it and it makes mobility truly available. From that perspective, there has been an early rush to get wireless without much being looked at all the elements required to get the enterprise secured. The thing about this field is that due to its constant demand, we never look at it as huge potential for security.
There are things still being mulled over in security compliance needs. While it has stepped up to the forefront with CIOs and CFOs coming out with policies, they are yet to find an optimum manner to enforce these policies.
Managing Director, Mayfield Fund
Robin Vasan has been focusing on virtualization, security and open source technologies. Vasan currently sits on the boards of Alfresco, Centrify, Determina, Elemental Security, GroundWork, Informance, TrueDemand and Webroot.
Financial gains will continue to fuel security threats, which in turn will continue to determine the market scope for Enterprise Security. One should identify the catalyst that hastens instances of security threat. The erstwhile threats had various catalysts like the viruses from emails or spy ware and keyloggers that targeted the Browser. As an investor or entrepreneur, one should try and think what the next catalyst could be. Focusing a little bit on how the market has developed would give an idea about the emerging fields.
In terms of customer demands, the key issue over the last several years has been security for compliance. Unfortunately compliance is a broad term being used to cover a whole variety of solutions across different segments. At the heart of it, the key element about compliances would be to understand who is accessing what, when, why and how. And to ensure that the information is access by the people authorized to do so.
The key areas under these are garnering investments are Access control, Identity management and Data security. These areas are growing in significance, as recovery of email data stored over time becomes mission critical.
Security threats catalyzed due to the usage of wireless might not cater to a stand-alone independent market. There are two main reasons for this; one being wireless access companies opting for in built security options, for instance Cisco is embedding security directly into switching. Also, other security solutions like security against data intrusion could be implemented for a wireless switch. There are ways to solve the wireless security problems, without the necessity for an independent market.
Partner, Greylock Partners
A Charter Member of TiE Silicon Valley, his areas of interest include enterprise infrastructure, datacenter, networking and security. Chandna represents Greylock on the board of directors at Imperva, Palo Alto Networks, Securent and Xsigo Systems. He is also on the board of directors at Sourcefire (FIRE). He was previously on the boards at CipherTrust (Secure Computing), NetBoost (Intel) and PortAuthority Technologies (Websense).
Enterprise security will continue to be a top IT priority in 2007, especially with rising security threats in compliances and emerging fields. According to a study by IDC, Greylock and S G Cowen, the security market witnessed a 16 percent growth (CAGR) in the last three years. This year, most organizations are expected to allocate anywhere between five to ten percent of their IT budgets on this space.
There is significant increase in Internet facing data centers and focus around data and database protection. Security threats have moved proportionality with the heightened usage of software applications, both inside and outside the enterprise. In fact, over time a certain vaporization of enterprise network perimeters has taken place. This is directing the organization’s priority around database protection. There have also been increased cases of new traffic with old threats and more recently - new traffic with new threats, as in the case of Web 2.0. This sector has brought along with it a sudden surge in security threats thanks to the new traffic - VOIP, video streaming where applications and data are becoming primary targets for attacks. New threats are calling for newer means to secure the enterprise as hackers have gotten sophisticated and Fire Walls are only the first line of defense. Entrepreneurs can translate this need into an opportunity by innovating in this space. Both public and private companies are increasing their spending to upgrade their security to include AV, IDS, DoS protection and IPS/end-point solutions to add additional layers of defense.
Interestingly, compliance continues to drive the markets. A CIO/Price Waterhouse global survey shows that corporate budget spending is expected to increase by 51 percent in this sector. Entrepreneurs should look at this sector aiming the key customers challenges that include knowing what levels of controls is acceptable, understanding the scope of necessary controls and what inadequate documentation of existing processes could lead to.
In the wireless arena, mobile security promise as a hotbed market in the future. Similar threats that exist in laptops today will find their way into the mobile space only the level of threats would increase. Major platform vendors are integrating key capabilities into network/switching fabric as multi-function appliances gaining traction in the enterprise.According to VentureSource, VC investments in IT software and hardware security companies fell from $1,529 million in 2004 to $703 million in 2006, a two-year decline of more than 50 percent. However, despite this, the security sector will remain over funded in 2007, though we will likely see a decline of new venture dollars in the space. The year will continue to be an active year for security M&A. With 800-1000 pilot companies’ around- ‘consolidation’ is going to be the key word. We can also expect anywhere between three-four IPOs in the sector. New project areas of priority for IT security customer spending this year, that VCs and entrepreneurs could benefit from will include: compliance, database security, end-point encryption, identity and access management, information leakage prevention, intrusion prevention, messaging security, network admission control and web security.
Ajit Sancheti, Co-founder and CEO of Mu Security
Mu Security enables enterprises and service providers to evaluate new products and software updates for known and previously undetected security vulnerabilities of any IP-based product or application using the Mu-4000 Security Analyzer platform. The company is backed by pre-eminent venture capital firms, including Accel Partners, Benchmark Capital and DAG Ventures. It is headquartered in Sunnyvale, California.
Enterprise security is all about companies protecting their assets. Software applications that are not robust are layered with security devices in an attempt to make them secure. However, what people are discovering now is that not only are their applications still insecure, but the devices being loaded on networks to make them secure are themselves insecure. Hence you are unable to verify what is secure and what is insecure. That is where the future of enterprise security is headed: securing the security devices. In this industry, not many have questioned these companies if they were secure and immune to these attacks. For instance, when you upload an application to protect your network, you will want to verify if it has a hack surface that could be violated, and preferably before it has been hacked into. A recent article identified certain security devices that had more bugs when compared to the application it was meant to secure!
Nobody is talking about how to build a secure network. It is mostly about how to build a better Firewall, better utility et al. Furthermore, hackers are not the only issue these days as the devices connecting the network may communicate in an unfamiliar protocol. When that happens, it is likely that the system will crash. That is just as important as hackers getting into a system. Network is only as good as its robustness.
In this scenario, what security needs today is a way to methodically find vulnerabilities and flaws in enterprise security devices before they go live on the network. This would include all the devices that exchange information between networks that is IP connected- storage, security, and voice. Interestingly, there is a massive move to IP based networks like routers, servers, firewalls application servers and satellites, cellular communications, home networking and gaming. The world is moving IP a lot faster than we can keep their resilience robust.
T. M. Ravi, Co-founder and CEO of Mimosa Systems
A provider of e-mail data management solutions, Mimosa Systems enables access to vast information by users. The company is funded by prominent venture firms like August Capital, Clearstone Venture Partners, JAFCO Ventures.
One of the biggest challenges one sees in security is around management of e-mail, documents and other enterprise content. Companies and organizations in the last three or four years have begun to recognize e-mail as a business record. However, there are significant implications on how e-mail can be captured, retained, and the time period it should be retained to make it discoverable and searchable.
There is a whole new segment that is emerging around compliance and risk management. Companies across vertical segments and ranging in different sizes—from huge enterprises to mid-market companies,—are beginning to archive their e-mail and documents and keep them across a period of time.
Ajay Jain, President and CEO of Quantum Secure, Inc.
Using its patented graphical Policy Engine, security managers at Quantum Secure deploy business policies from a web console and enforce them across multiple system platforms worldwide. The company ‘s pre-packaged enterprise applications provides out of the box configurations and business processes ready for deployment. Quantum Secure have been privately funded by the founders, and strategic investors.
In order to provide ‘holistic security management’, the latest trend for Corporations and Government Organizations is to marry their disparate Physical Security systems (building access control, surveillance video, life-safety sensors and systems, etc.) with that of IT and Network Security to improve efficiency, security, strategy and communication. In the technology world, the daunting task is to interoperate and correlate the data from physical security systems (which is flat, disjointed and proprietary) with that of existing logical security systems (IT & Network).
Physical and logical security staffs have the same goal—protect enterprise assets—yet they exist as independent factions. The CFOs are increasingly feeling a sense of budgetary déjà vu as both, physical and logical security departments require financing for common initiatives like access control, identity management and credentialing, compliance management, event monitoring and management, intrusion detection and surveillance.