Data Security as a Vertical

[DATA SECURITY SY...]

Quite often in infrastructure or policy papers, you'll see "security" drawn as a horizontal tab, spanning across several industry verticals (e.g. finance, healthcare, government, etc). Many people think that a security solution that is used by governments should be good enough to be used by banks. A security solution used by banks should be good enough to be used by the healthcare sector. This is terribly terribly misleading.

While some basic security products (such as firewalls, VPNs) can be sold to many companies, they are more like components of a larger picture and not really seen as security solutions addressing the needs of the industry. In my opinion, the data security industry operates in more of a vertical solution instead of a horizontal solution. Data security companies that do well tend to sell more into a specific industry and find it difficult to branch into other industries without significant and fundamental changes to their solution. I know of a number of security companies who sell into the government sectors, but they face challenges selling to the banks. Similarly, companies who have been selling security solutions to banks don't seem to be able to sell their solution to other industries easily. Hence the dilemma. A good security solution for the banks is not likely to sell well into the healthcare sector. Ouch.

The implications of this observation are far reaching. On the surface, it means that a new security player should focus on a particular industry, rather than attempt to reach out to everyone. If we think more deeply, we'll then realize that security companies may be better off expanding by region while sticking to the same industry, rather than trying to expand across industries. But I think most importantly, it implies that if some company comes out declaring with its horns blaring that their security solution can address everything for everyone, they are most likely to be selling snake oil.

What do you think ?

Teik Guan

[Oren Imaizumi]

Totally agree. Wouldn't think you can have one solution to fix all problems.

The requirements for each industry is different. However, there comes the affordability and reliability issue. Having an existing technology in place means that the infrastructure/product is stable and likely to be cheaper?

Do correct me if I may be wrong.

Thank you

[Gerald Ang]

Yes. I think you have a good point. It's hard to make an all in one solutions with the very diverse requirements of various industries these days. It's pretty complex!

I think it all boils down to knowing the strengths of the company, it's products and where it fits in.

The security environment is so vibrant with the strong reliance on data security and more.

What do you think are the critical success factors to be a good security provider in the business sense?

[DATA SECURITY SY...]

hi Gerald,

Critical Success Factors for a security provider...this is a nice topic.

Beyond the success factors that affect all businesses, I believe that a security provider has to be genuine about providing security. I once heard a comment which I would like to share here:

"The security of the system is proportional to the integrity of the security provider".

This is so true. You may be using the latest algorithms or the strongest keys, but if your provider does not upkeep his principles, and chooses some shortcuts here and there, you're not going to have a secure system.

Thereby lies the contradiction with the business. If you're delivering a security system, and you realize that there is some potential vulnerability that was missed out in the design, would you go out of your way and spend additional resources to fix it ? or would you keep quiet and roll it out first ?

painful business decisions.

Teik Guan

[albertjames]

External data security related attacks on the healthcare industry have increased 85% between January 2007 and January 2008 . One challenge is that one in four healthcare executives does not know where their sensitive data is located . Also, many organizations do not have a security framework in place to provide optimal protection.
------------
albertjames
transmitter