Collision course
Many in the channel believe that the two worlds of storage and security are set to collide
Many in the channel believe that the two worlds of storage and security are set to collide. Simon Meredith looks at the opportunities this may present to resellers in the last report from our five-part series
Security and storage, it seems, are going to be sold together. At least that’s Symantec’s eventual plan. But there is no firm agreement about if this is actually what the customer wants, or what the market needs. Some observers see it as a commercial tactic designed to differentiate vendors and make them stronger in what is going to be an increasingly tough market. For the channel, it may mean taking a very different approach to selling security and storage.
Following its acquisition of and on-going merger with Veritas, Symantec has set out on a course that will bring storage management and security together. It is not the only recent merger designed to do this – last year InTechnology bought Allasso and recently Network Appliance acquired encryption software house Decru.
Steven Rose, UK managing sales director for Symantec UK and Ireland, believes these marriages will work because they are what customers want. Rose says: “Enterprises are looking for a combined backup, availability and threat-protection set of applications with an over-arching management tier, as well as fewer suppliers and an architecture that will support Unix, mainframe and the PC.”
It is different for consumers though, argues Rose. They will probably stick to buying point products for the time being and most SMEs are likely to do the same – although there are already combined products on the market that appeal to the smaller business and there is no doubt that the mid-tier is on Symantec’s radar screen.
But big business is the priority for Symantec and Rose notes that there are already companies doing what Symantec intends to do. Computer Associates (CA), IBM, Hewlett-Packard, Hitachi and Sun can all offer the corporate customer all-singing and dancing storage and security management solutions.
Strategically, Symantec has to challenge for the enterprise business and this is really what the merger was all about, says Graham Titterington, principal analyst at Ovum Consulting.
“There certainly is a need to protect data, including backup data (see graph, right), as demonstrated by the recent stories (mostly from the US) about tapes containing credit card data going missing. The regulatory and compliance environment is also driving the development of secure storage.
“In the case of Symantec and Veritas, these companies have a need to move up the stack into enterprise business continuity to escape the commoditisation of the low-end security and storage markets, a process that will be speeded up by Microsoft’s entry into these markets,” argues Titterington.
Microsoft already has a position in the low-end of the data backup solution market in its Data Protection Server. This is only available for Windows file servers at the moment. But versions for Exchange, SQL Server and Sharepoint products are expected, and it has been buying up companies in the security space. In July it acquired FrontBridge – a subscription-based filtering service and messaging backup vendor, and earlier this year it bought anti-virus and anti-spam developer, Sybari Software. These technologies are expected to find their way into Exchange and Windows at some stage.
There has been no sign of Microsoft moving into broader storage management, but it can’t be far from the minds of the company’s strategists. As Titterington points out, there is a lot of concern around compliance and the growth of email repositories is also high on IT managers’ agendas.
With Microsoft coming into the market Symantec and other vendors need to broaden their scope and also start to look up the value chain. This is in fact what the merger is all about, according to some of Symantec’s rivals
Jason Phippen, EMEA director of product marketing for BrightStor at CA, says: “Microsoft is attempting to do something that CA has been doing for years and make up for deficiencies in both businesses. Veritas was very strong in the enterprise business, whereas Symantec didn’t really have a presence there. It is not being driven by customers, it is being driven by business efficiency.”
In his view, storage and security will make happy bedfellows, but only to a certain degree. “The convergence story is being driven by vendors – it’s not something the customer is asking for. What they are asking for is more secure storage so they are, and will remain, separate. There are some disciplines in security that can complement storage management, such as granular identity access management and encryption of hard disks and tape, but that is about as far as it goes.
“In CA, storage and security are different business units and we leverage the economies of scale where it is relevant. But for customers, storage and security are different concerns,” says Phippen.
Vendors of point products have a stronger view. “I don’t believe security and storage are converging,” says Frank Coggrave, regional director for UK and Ireland at Websense. “It is just two separate areas being sold under the same roof. The focus for Symantec and Veritas is on economies of scale, not the customer.”
Titterington also has doubts about whether the two disciplines will be drawn together very closely. “Storage and security vendors have tended to be separate and not even speak the same language. Mention ‘security’ to a storage vendor and they will talk about keeping multiple copies of the data to ensure its availability, and that’s the last thing you want if you are trying to preserve its confidentiality and integrity. The merger of Symantec and Veritas is a positive thing, but we have to wait and see how it will work out.”
The picture may be further complicated. Networking vendors are now building serious security into their switches and routers, Cisco has entered the market for SAN and is looking at providing switch-level authentication to control the attachment of storage devices to the network.
Ian Bond, consulting systems engineer for Cisco, says: “Traditionally, storage systems have been considered secure because deployments have been limited to part of a single data centre, in essence a physically isolated environment. However, the advent of networked storage means storage security should be firmly on the list of priorities.”
One concern here is that there will be some confusion among users – and resellers – about which combination of solutions will do the best job. Symantec’s argument is very much that the over-arching approach with a management application controlling all storage and security resources and activities is the best approach. Point vendors will continue to put forward the ‘best-of-breed is best’ argument, but Rose thinks the dynamics will change further.
“We are seeing a consolidation and it will boil down to 10 or 20 vendors globally who will have products in a number of different columns and another group who will provide the nuts and bolts”, he says. In other words, CA or Cisco or EMC,
might all provide the same storage management software – developed by a specialist – but under different names. But it will take time for the market to develop to this extent.
Rose acknowledges that while the vendor landscape is being reshaped there may be some uncertainty among customers and the channel: “Yes, I think there will be confusion and that’s a fundamental part of the evolution of the network. The counter to that is that we will have larger organisations that will need to cover all the different aspects of their business and will need the over-arching solution.”
In the end, it is only the customers that don’t have their own priorities sorted out that will be vulnerable to any confusion. Security, Coggrave points out, is too important to be lumped in with a storage solution every time. Equally, adds Phippen, it is hard to see a storage solutions provider losing out because they do not have built-in security.
But having storage and security products in the same portfolio is convenient for resellers. Phippen says: “They have access to more products and more resources. If a reseller is selling storage into an account, it becomes much easier to say ‘who looks after your security’ and to grow business organically.”
Rose also sees very strong cross-over benefits for resellers. “There will be a change. The point vendors will continue to offer point products but if you are going to address the enterprise you will need to do more and step up to the customer’s need,” he says.
But while more resellers may take both sets of products to market, specialist storage and security VARs still have a future, says Phippen. However, they focus on the high-end of the market. “With very large customers, both storage and security are going to become very complex issues”, he says.
The solutions for enterprises that place a high value on their data will undoubtedly be very complex, this will present both a challenge and an opportunity for the channel. VARs that step up to it can expect substantial rewards, but they need to recognise how the situation is changing for the customer, rather than what is going on up-stream in the channel says Eran Farajun, executive vice-president of Asigra, a specialist provider of online backup solutions.
“The market is actually diverging, not converging (see box, below). Storage products are branching off as secure storage into their own market segment. There are increasingly more remote laptop and hand-held users on the market that produce critical business data, which need protecting just as much as an office PC,” says Farajun.
New products will need to be developed to meet specific needs and they will find their way to market through conventional routes. The more complex solutions that can be expected from the likes of Symantec, will be taken to market by a more specialist breed of reseller.
“We will have broadline channels but also much stronger vertical channels that sell to petroleum, to retail, to insurance, to investment banking sectors. They are completely different environments. What we are talking about is a complex sale that is intellectually stimulating and where the customer needs to understand where the threat is coming from and that it is constantly changing,” says Rose.