A Happy New Year 2011 to you all! It is interesting to start the New Year reflecting on what went down in the security world in 2010 – here’s a compilation of some of the noteworthy events in 2010:
- January: EMC/RSA acquires Governance, Risk & Compliance (GRC) company Archer Technologies.
- April: Symantec purchases encryption company PGP Corp. for $300 million and Guardian Edge for $70 million.
- May: Symantec purchases VeriSign’s Identity & Authentication Business, including its Secure Socket Layer Certificate Services, for $1.28 billion
- May: Sophos sells the majority of its business to private equity investment firm APAX Partners for $830 million
- June: SonicWall agreed to be acquired by an investor group led by Thoma Bravo in a deal valued at $717 million
- June: McAfee acquired mobile enterprise security firm Trust Digital
- July: IBM acquires compliance and security management company BigFix.
- August: Intel buys McAfee for $7.68 billion!
- August: Hewlet-Packard announces plans to acquire software security assurance company Fortify Software,
- August: VMware acquires SaaS authentication and access management company TriCipher.
- September: HP enters into a definitive agreement to buy ArcSight for $1.5 billion
- November: Trend Micro acquires mobile encryption company Mobile Armor.
- December: Juniper Networks acquires virtualization network security Altor Networks for $95 million.
This represents a lot of activity, with a significant amount of money (around $12 billion) changing hands.
At the RSA conference, security for virtualized infrastructure topped the category list of security innovation at this year’s RSA 2010 Innovation Sandbox competition, including Altor, Catbird and HyTrust. At Vmworld, VMware launched a comprehensive vShield suite for virtualization/cloud security, and announced partnerships with Cisco, Intel, McAfee, RSA, Symantec and Trend Micro. Also at VMworld, Cisco executives introduced the Cisco Virtual Security Gateway (VSG) for Nexus 1000V.
Federal CIO Vivek Kundra unveiled a 25 point implementation plan, calling for data center consolidation, a “cloud first” policy, and secure IaaS; clearly, the federal government is committed to working in parallel with private enterprise. The wikileaks incident is a reminder of the need for focus and attention in these areas – it is also a harbinger of things to come in the upcoming “cloud without borders” world; does perimeter defense suffice, how do we arbitrate and police data privacy, what constitutes effective remediation and who controls jurisdiction? Sound familiar?
In this land grab phase, the role of security is clearly manifest. With security/privacy concerns a top of mind issue in the journey to these new data center architectures and cloud consumption models, there is growing consensus on the need to “build in” versus “bolt on” security into such converged/managed stacks.
So, if we use the 2010 rearview mirror as a guide to the 2011 windshield, we can expect to see a continuation of these trends. Security and network virtualization/consolidation/cloudification, and security management/orchestration/compliance will continue to be areas of investment across the industry.