Compliance Fuels Security, Systems Acquisitions


Compliance requirements are fueling convergence between systems management
and security markets, highlighted by several acquisitions over the last few
years, experts said.


Last Wednesday, Altiris agreed to acquire Pedestal Software for threat management for $65 million. BMC
filled an important gap in an existing identity management product line by
buying OpenNetwork for $18 million. Novell shored up its resource management
and IT asset management suite by moving in on Tally Systems for an
undisclosed sum.


While the three purchases don’t seem to have much in common other than an
effort to broaden management software portfolios, the deals were perhaps
fueled by larger business governance mandates, such as Sarbanes-Oxley, SEC
17a-4 and HIPAA, according to Burton Group analyst Phil Schacter.


The software additions should make it easier for vendors to help corporate
customers meet federal compliance and governance regulations. Gartner
analyst Ronni Colville, who tracks the maneuvers of management vendors such
as Altiris, Computer Associates, IBM and BMC, agreed.


She said needs for compliance and secure environments are big drivers for
the IT Infrastructure Library (ITIL), a series of documents used to
implement processes for IT service management. ITIL is popular in Europe and
is starting to pick up speed in the United States.


“There’s a lot of pressure around IT becoming more business driven,”
Colville said in an interview. “The way it manifests is in that customers
need to be a better buyer of IT technologies, and the way that happens is
they’re now buying single-vendor solutions.”


“Vendors are trying to broaden their solution stacks,” she said. “Gone are
the days of the best of breed. From audits to vendor relationships, there is
a push to getting everything from one vendor.”


For example, the Altiris bid for Pedestal will help the company ensure
compliance for desktops, laptops and servers by managing threats to
and vulnerabilities in computer networks. Novell moved on Tally to pad its
ability to provide inventory checks for compliance.


Though less obvious than Altiris’ and Novell’s moves, BMC’s purchase of
OpenNetworks was a reaction to customer requests for secure Web applications
in the name of compliance, said Somesh Singh, general manager and vice
president of BMC’s identity management business.


“OpenNetworks has done a tremendous job helping Blue Cross/Blue Shield stay
in HIPAA compliance,” Singh said. “Compliance and auditing is a major driver
for lots and lots of customers to take on ID management projects.”


Chicken vs. Egg?


Singh said many of BMC’s customers have already purchased systems management
and want to add security to brush up their networks. He said security is a
nascent market compared to management, noting that it started as a market for the consumer and small- and medium-sized business segments.


Colville agreed, noting that most of the customers she talks to have systems
management in place, and want to fortify their networks with security.


If this seems like a bit of a new spin on the chicken vs. egg theory of
what came first, it is. Compliance has helped pave the way for convergence
between systems management and security, sure. But what is driving what?


Colville said security revolves around systems management, allowing that
security analysts will say that systems management revolves around security.
She described security as the driving force behind buyers, with systems
management folks as the chief implementers of the technology.


“To some degree, there needs to be an actual partnership,” Colville said.
“Security may have more power, but they’re not the doers. There needs to be
tight synergy between security and systems management. You don’t want
different tools to manage one system.”


Purchases by Altiris, BMC and Novell aren’t the only evidence of the convergence of systems management and security. HP nabbed server automation companies Novadigm and Consera.


In a flipside to that coin, security powerhouse Symantec bought
remote PC management outfit On Technology in 2003 and later bid for
Veritas Software.


Traditionally known as a storage vendor, Veritas in recent years has acquired
application performance management and other types of computing software
that ease network pains.


Singh thinks systems management will ultimately cannibalize security.


“Security is going to fold into the systems management world because it
logically doesn’t make sense for you to manage infrastructure without
security being weaved into every part of it,” Singh said. “Eventually it
will be the same market.”

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web