Market forces have been instrumental in rolling out lots of good technologies. For example back in the 90s thanks to the web boom, component programming, and J2EE, BEA was the fastest company ever to $1 billion. I am still waiting for market forces to drive better security though. We have companies that are good at producing toothbrushes and toothpaste, we have companies that are good at telling you what brand of toothpaste your neighbor is using, we have companies that are good at producing conferences, and we have companies that are good at helping companies pass audits; what we don't really have though is - security companies of scale that help enterprises of scale solve real world security problems. I think it would be good if we did. The enterprises have a lot of problems, and they are in need of innovation in the security space, but the enterprises have limited ability to develop, and deploy security innovations (their top people are already spread thin), and the market has so far not listened particularly well to the enterprise's problems (or the ones who have a still fairly small) leaving us with a few billion of breached records washed up on the shore.
Instead we can find a better model in the automotive industry, Autoliv (ALV) (incidentally Motley Fool ranks them as a best international stock) is the world's largest supplier of seat belts and airbags. These are component parts that are refined and optimized by Autoliv and sold to auto manufacturers across the globe. Business Week:
Being No. 1 is a long tradition for Autoliv. Started in 1956, it was one of the first companies in the world to manufacture seat belts. It has maintained market share by constantly improving quality and design, spending 6% of annual sales on research and development. It also built up share by acquiring U.S. air-bag manufacturer Morton International Inc.'s Automotive Safety Productions Div., a world leader.
Ok, we have a company with a multi decade track record of leadership of deploying safety mechanisms, and they spend a high percentage of sales on R&D.
Autoliv's early success was helped by close cooperation with Swedish carmaker Volvo, whose marketing strategy has long been largely based on safety. But Autoliv quickly branched out. It now supplies nearly all major auto companies and has factories in 32 markets.
Hmm...close cooperation with customers instead of marketecture and throwing "suites" (in name only) over the wall....
The big challenge is to meet carmakers' increasing demands to cut prices. "The new generation [of products] has to cost less," says Westerberg. The company is moving its production to low-cost countries such as Poland and Tunisia while closing down or consolidating elsewhere. It has bought several suppliers to slash costs and production time.
Being sensitive to cost instead of marking things up by orders of magnitude simply because know that something its on the auditor's checklist.
The strategy is paying off. Sales were up 14%, to $3.8 billion, for the first nine months of 2003, with a 15% profit increase, despite a worldwide slowdown in car sales. Analysts estimate sales for the whole year hit $5.2 billion. Westerberg aims to continue the trend with more sophisticated air bags designed to comply with new U.S. standards. Westerberg can think up quite a storm on those strolls.
Wait - they listen to customers, innovate new things, control costs, and deliver safety mechanisms to market while growing their business? When will Silicon Valley answer the bell on this model?
All snarkiness aside, we do have some reasonable examples in companies innovating in the security space, I would just like to see them scale. And would also like to see companies that are already large scale to meet the size and shape of the problem, we have at least one good example of this. It is strange to me that companies like Sun, Red Hat and others, seem to approach security as a game to sell more hw/sw instead of a viable market in and of itself, why don't they step into the breach (pun intended) and work to solve these problems? Maybe they should fly to Stockholm and learn about side curtain air bags? I mean Autoliv is a $3+ billion business that sells security innovation, maybe its not as interesting to Sun as backup tapes, but that's not chump change either.
**
Gunnar Peterson teaching Web Services Security training, NYC, March 10-11