Friday, August 25, 2006

Fun Bits on "Security Consolidation"

So, here is a quote: "Networking giant Cisco's acquisition marks a step toward the convergence of the networking and Internet security markets."

Your mission, should you choose to accept it, it to date it! The choices are:

  1. 1978
  2. 1998
  3. 2000
  4. 2003
  5. 2006

The correct answer is here (it is the paper that the quote came from), but where am I going with this? IBM-ISS thing made some people scream "Convergence!!!", but is it really? Like I implied in one of my earlier papers, security will likely never be fully absorbed into any other space. Sorry, if you think that I lack business sense for suggesting this, but there are some pretty powerful reasons for why security will likely stay separate forever.

Now, that doesn't mean that "network security" won't get fused with "networking" and "system security" won't merge with "system management." But "information security" as a whole likely will likely not be part of a bigger anything. I can think of any uber-smart analogy, but saying that security will merge with networking is akin to saying that /broken analogy alert!/ "physical security" will merge with "banking." Huh? Will networking include some network security, systems include some system security, storage include data security, applications include some application security, etc? Sure! Will any of them become synonymous with the broader security? Not likely!

Will I have to eat some fresh crow meat for this non-prediction in a few years? Maybe, but - hey! - punditry has its risks :-)

BTW, this post is largely inspired by Pete's post here. Read Pete's piece on more insight on the subject...

Dr Anton Chuvakin