August 24, 2010 By Dan Lohrmann
Everyone's talking about Intel's pending acquisition of McAfee for $7.7 billion. The list of questions is long. Did they pay too much - or too little? Is this the beginning of a new trend or a one-off acquisition? What does this say about the security industry and/or about the state of cyber security in general? What will the impact be for government technology professionals? What can we learn from this action? Bottom line, why did Intel do it?
Leslie Fiering, research VP at Gartner, told SC Magazine , "The goal is to collect and develop IP that can go directly to silicon and bring security down to the hardware level. The embedded security will run outside the OS with a broad variety of software developer hooks. It is highly unlikely that Intel will make any of these proprietary or in any way specific to McAfee.... Bringing security down to the hardware level is particularly critical at a time when exploits at the OS level are getting more sophisticated on PCs and mobile OSs are still highly immature in the security arena."
Renee James, Intel's senior vice president of software and services, told USA Today , "It's true in mobile solutions that we will have more enhanced security hardware, It is an accurate assumption that in the mobile devices market we will be doing integration into the chip."
Rich Mogull from Securosis.com had a very interesting perspective . He said that Intel bought McAfee for three reasons:
1) The name - " Yes, they could have bought some dinky startup or even a mid-sized firm for a fraction of what they paid for McAfee, but no one would know who they were. Within the security world there are a handful or two of household names; but when you span government, business, and consumers the only names are the guys that sell the most cardboard boxes at Costco and Wal-Mart: Synamtec and McAfee...."
2) Virtualization and Cloud Computing - " There are some very significant long term issues with assuring the security of the hardware/software interface in cloud computing. Q: How can you secure and monitor a hypervisor with other software running on the same hardware? A: You can't. How do you know your VM is even booting within a trusted environment?"
3) Mobile Computing - " Meaning mobile phones, not laptops. There are billions more of these devices in the world than general purpose computers, and opportunities to embed more security into the platforms."
So what does this mean for government? I'm staying out of the analysis of how this will affect medium-term products, pricing and competition with Symantec, Trend Micro and other security companies. However, it does underline three trends that express the central importance of cyber security for the next decade.
1) Cyber security is still hot - and getting hotter. This reality may seem obvious, but recent Gartner surveys of priorities from CIOs has seen security drop to the bottom half of the top ten list. A few years back, security was the #1 issue. To illustrate this point, here's another 2010 priority list - from a different source. The same trend can be seen in the 2010 NASCIO list of top State CIO priorities - with security at #6.
However, a deeper look at these lists and the technologies reveal that security is an important component of all the items at the top of these lists - in areas such as virtualization and data center consolidation. The fact is that technology leaders are demanding that security be built-in for these solutions and projects. In many ways, security has evolved into something new.
2) More specifically, this cyber security trend is heading up and down at the same time. In the second decade of the 21 st century, security will be moving into "the cloud" (or cloud computing) and into mobile devices that are getting smaller and more powerful. It remains to be seen if Intel can be successful with building effective security into their chips in the same way that anti-lock brakes and air-bags are getting safety built into newer cars. It is pretty clear that Intel (and others) want to try and build more security into the chip sets. Security is becoming more of a "must-have" and less of an "optional extra" in order for new technology offerings to succeed.
3) Prepare for more acquisitions and an evolving landscape in the security space. Over the past few years, Symantec and McAfee have been buying smaller security companies on a regular basis and filling in holes in their offerings. This trend will continue, but now even bigger companies (like Intel) are buying the largest security companies (like McAfee). Will other large communications and/or technology companies buy security companies? Will the likes of AT&T, Microsoft, Google, IBM, HP, EMC, AMD and/or others keep buying into this space? Probably - in fact this is already happening with smaller security companies. A blog on Symantec's website asked if Symantec would be bought next?
These are interesting (and exciting) times. I certainly did not see this pending acquisition coming. Nevertheless, it looks like more change is coming. Hold on to your seat belts.
What are your thoughts on this pending Intel purchase of McAfee?
August 15, 2010 By Dan Lohrmann
Are recent announcements of product offerings from Google, Microsoft and others going to fundamentally change government technology service delivery? Has the long foretold government paradigm shift now begun? Will we look back at 2010 as the pivotal year? Or, is this just another over-hyped tech story?
Lately, I am thinking that the answer may well be yes - we are witnessing a fundamental shift in technology service delivery for government. However, I think the full transformation could take up to a decade (or more) to complete.
In my opinion, the tech giants are starting in the email and office suite space and will succeed in making these commodity purchases for governments over the next few years. Meanwhile, more complex applications and mission-critical data will be moving into "government clouds" which are private and more secure. Bottom line, we have started down this new "yellow brick road" but certainly have a ways to go to arrive at the "Emerald City."
There are many people saying that recent announcements are game-changers. Here's a quick rundown on several interesting articles and related research on this cloud topic:
Government Technology Magazine recently did this story on the Google certifications for government . I have also written several blogs and other articles on Cloud Computing security issues and offered recommendations to government technology executives on the cloud. A few months back, CIO.gov released the Federal CIO Council's report on the " State of Public Sector Cloud Computing ."
Last week, the Digital Daily pointed to recent implementation challenges in LA, in this article Cloud Computing: Good Enough for Government? Microsoft told us back in February that FISMA-compliant cloud offerings are coming this year. I expect to see those offerings over the next few months, which will mean that they will match Google's FISMA-compliant offerings - with a similar price. These offerings also ensure that data is stored in the USA to help us with potential legal issues.
(One side note of caution: true FISMA compliance requires much more that just secure hosting by Google or Microsoft or others. It requires end-to-end security which includes our databases, PCs as well as office environment policies, procedures and even training. I worry a bit that these "compliant answers" are somewhat over-hyped in that government officials who may not know any better will think that they "done" with security if they just use one of these FISMA compliant services.)
For more technical details on this topic, you can also read this PC Magazine blog entitled: The Changing Cloud Platforms: Amazon, Google, Microsoft, and More
Meanwhile IBM and smaller companies like Secure-24 are focusing on private cloud offerings. The International Business Times highlighted IBM's offerings , but almost every tech company I speak with now has one or more cloud offerings.
So what can readers do to learn more? I like these six questions that Accenture recommends IT Executives ask regarding cloud computing. (Click on the recommendations and conclusions boxes when you get to this website.)
My view is that as we see even greater pressure to cut costs in 2011 and beyond, all of us will incorporate elements of these new cloud computing services into our offerings, if you don't already have them implemented. There's is no doubt that government technology execs will also need to improve their contract monitoring and vendor management skills in this new online world.
What are your thoughts on these new, improved "cloud offerings" in government?
Building effective virtual government requires new ideas, innovative thinking and hard work. From federal stimulus projects to enterprise architectures to cloud computing, Dan Lohrmann will discuss what's hot and what's not in the world of technology infrastructure.