Opportunities and Challenges for Information Security Companies

Date:   Monday , March 29, 2010

Information security is no longer an IT stepchild but a mission-critical effort: a data breach has an immediate effect on a company’s bottom line, on its marketshare, its stock price, and in some cases, on its ability to survive the loss of confidence and loss of contracts. A recent study revealed that 32 percent of customers withdrew their business from a firm after it suffered a security breach. Add to lost revenues the cost of responding to a data breach (averaging several dollars per record), and a comprehensive and adaptable security platform pays for itself many times over.

Why is a comprehensive approach an advantage? Most importantly, a patchwork of software products from a variety of vendors creates security gaps that lead to breaches. And mistakes occur as users move between interfaces. On the practical side, the more products, the more work to train for, use, and manage them. And for every different security platform an organization adopts, there is a need to repeat work, whether it is creating templates for each and every program or copying the results from one program into the next program in the security lifecycle.

No CIO that I know of is looking to cobble together a solution set that will burden his or her team. Nor does he want to invest dollars in solutions built for today’s threats, but not tomorrow’s. Instead, we are recommending, and seeing a good response to, a more ‘holistic’ approach that manages the flow of sensitive data through an enterprise system.

It’s not easy, of course; multiple platforms in the customer technology stack legacy systems from obsolete vendors, and homegrown or custom databases created with varying methodologies by different developers. So security vendors with products for Oracle databases and applications will find that their customers may also have another database or a legacy system and will want to extend the same security functionality to all platforms.

CIOs are looking for solutions that can share intelligence, reuse work already done, and adapt to the constantly evolving threat and compliance landscape . . . and without a lot of additional investment of time or money. Accordingly, we believe that a flexible and comprehensive approach to creating a product suite will meet that need, giving CIOs more security for their dollar and giving security vendors an advantage in the market.

Rajesh K. Parthasarathy is the President and CEO of MENTIS Software. Founded in 2002, MENTIS provides information security solutions for
databases and applications.