With what promises to be a turbulent year, the conversations we had as 2008 winded down indicated that the professionals in our community stood to catch some great opportunities in 2009. While we haven't written anything formally on annual predictions in the past, we decided to kick off the New Year with a look forward into what we feel are some key trends that are shaping up for our community and how we think the impacts will be felt.

Convergence continues to gain traction

Regulatory pressures coupled with the need for cost-saving efficiencies drives tighter operational alignment between physical and logical security. We expect to see an increase in attention given to this matter by the various professional organizations serving both sides of this equation as the overlap in their member communities increases with folks gaining certifications to bolster their resumes for a shaky job market.

Discussions with clients and colleagues late in 2008 lead us to believe that this charge could likely be driven by the physical security side looking to create or add value by attaching to information security processes, projects, and opportunities. The market will follow suit as physical security consulting, staff augmentation (such as guard force management) and VARs see a margin squeeze on the horizon and the nimblest either partner or acquire deeper information security expertise. We think that with pressure on both the buy and sell side,  the broader market will finally drive this opportunity to bear some real fruit.

We also feel that certain folks hawking PSIM (Physical Security Information Management) platforms and other specialized technologies are doing a disservice to this trend and will be perceived as such. Convergence is a critical step in ending the “balkanization” of the security and compliance industry across job roles and holds the promise of great things for organizations that can pull it off successfully. Look for other convergence opportunities as privacy, audit, and legal find alignment beneficial to their organizations.

With fewer People, it comes down to Process over Technology

Due to budget constraints, there is a renewed focus on efficiency and quality instead of the new shiny technology that takes training and headcount to manage.

“Efficiency is doing things right; effectiveness is doing the right things.”

-Peter F. Drucker

So much of the past few years of sales and marketing efforts by companies (both product and services) have focused on plugging holes with technology.  Typically, this involved combating the next new threat with an appliance, or worse, a feature looking for a product. In 2009, this “boogeyman approach” takes a backseat to doing things right in the name of efficiency. Look for an uptick in tools that support the security and audit processes of the organization as opposed to those that block a particular threat.

The Year of the Pilot

Many organizations will launch prolonged pilot programs and dabble in a few technologies but large scale deals and deployments will be far and few between. As larger enterprises continue to reduce headcount, look for shrinkage in license counts for those companies with large renewals this year. Vendors that worked longer term deals through 2008 only delay the pain, as we see this issue lasting into 2010 since rehiring is a lagging indicator for an economic turnaround and license true-ups lag even further behind.

SEs over Professional Services

In 2008, Symantec eviscerated its professional service team, opting instead to build a staff augmentation model euphemistically called “Residency Services”. This leaves a gaping void to be filled for troubleshooting the current install-base, as well as standing up new installations. Look for savvy sales teams to leverage the talent still available in their pools of SEs.

With fewer large deals, sales will try to reap additional dollars out of existing clients. This will cause clients to dig deep for unrealized value on their existing installations. Professional services dollars will not be spent to find this value, instead, the SEs will be dropped into the line of fire to “save the account” and provide value enhancement through “health checks” and other customer satisfaction programs. This places a greater burden on the SE organizations and makes being an SE an even tougher job with increased travel and longer time away from home.

Further supporting this trend, Guidance Software restructured its Professional Services and Pre-Sales Engineering for 2009 by collapsing the two functions nationwide and splitting the country into two regions. This will create conflict as consultants learn how to support sales and SEs are fielded for longer engagements (most Guidance deals come with at least 1-2 weeks of services) and need to learn the patience and bedside manner needed for this type of work.

Additionally, many of the downsized professional services staffs have deep technical expertise that hasn’t been overlooked by the channel. Look for the VARs to build up their bench strength by cherry-picking the best and brightest vendor talent as they become available.

Channel opportunities change

Symantec’s restructuring of their Professional Services, along with the new Residency Services program, has created problems as they learn how to properly write terms for and manage expectations on this type of business. While staff augmentation is usually well positioned in the face of economic uncertainty, sales forces for the major players also have watched a lot of talent pour out of their companies, undermining confidence in their ability to deliver.

Additionally, more deals and clients will go direct, bypassing the channel (McAfee may handle this better though), as vendors try to lock in margins and clients seek out economies of scale in purchasing strength.

Smart VARs will look to exploit this “perfect storm” with new, higher value offerings and will be able to take advantage of displaced professional services labor let go by their vendor partners. The savvy VARs that picked up discarded top notch professional services talent will become the “go to resource” for local vendor sales teams. Look for these VARs to make up lost license revenue by writing services-only business on deals where the vendor takes down the licensing revenue. There will be price pressure on these VARs however, as in some markets; they will be forced to compete on price and ease of doing business since their bench of expertise will now be in direct conflict with “free” services offered by vendor SEs happy to have a job. either way, the buyer wins on this deal by squeezing the margins out of both product and services.

Continued market consolidation

We will continue to see smaller companies get acquired as valuations drop in the wake of economic turmoil. IPOs remain far and few between (reda as: non-existent) giving start-ups fewer opportunities for exit and with cash flow as king, many “feature only plays” die on the vine. This will play havoc with clients and VARs alike as their portfolios of products will be in constant flux. Look for both to work to build relationships and strategies to help minimize the impact.

Some vendors will look appetizing as their stocks falter on poor execution (look at Access Data’s failed bid for Guidance as an example). For larger players, an alternative will be the shedding or spin out of various business lines into independent entities (as Nokia and RSA did in 2008).

Security as a service expands beyond monitoring

Our only technology specific prediction for the year is: As web 2.0 technologies become more commonplace and products become less appealing, look for organizations to begin adopting new “security as a service” (the other SaaS) offerings. These new service lines extend beyond the typical MSSP role of monitoring and log collection to take on operational issues such as the process opportunities we alluded to earlier. This charge will likely be led with smaller companies extending the already rich “IT as web-app” charge by going beyond help desk ticketing and looking to explore compliance and security cost reductions in operations.

Renewed focus on operations

For the latter part of 2008, we spent a lot of energy looking at how the market was behaving. In a crazy market, it was to be expected. While more important to the vendors and VARs, we will be shifting our focus back to how the professionals in our community are getting their jobs done and how to improve the state of the art.

Thank you all for a wonderful 2008, we look forward to your continued insights and conversations in 2009.

Recommend this article...

Comment | Add as favorites (0) | Link to this | Views: 32 | Read more...