IT industry giant HP is experiencing marked growth of its security business less than a year after re-launching a number of its products and services under its Secure Advantage brand, company executives claim.
Sales of the integrated offerings brought together under the Secure Advantage umbrella, which include integrated network and data security tools and compliance management applications, are ramping up quickly, and HP has doubled the size of its security services business among enterprise customers in the last six months, say leaders of the initiative.
Marketing its collection of security assets under a common brand and theme of top-down IT risk management is paying dividends for the industry giant and allowing to compete more aggressively for deals across the market with vendors such as Symantec and McAfee and services and consulting giants such as IBM, according to Chris Whitener, chief strategist of Secure Advantage at HP.
"We're seeing demand both from companies that have already bought-into risk management as an operational requirement, and those who are only beginning to approach security in that manner and who are trying to cross the divide," Whitener says. "Many companies are still in that latter camp and don't know how to move from risk management as a concept into a process, or even how to calculate their own risks."
The reality that many enterprise IT shops are still approaching different areas of security and regulatory compliance on an individual basis — and that the strategy isn't working — is what has helped HP appreciate measurable growth across the Secure Advantage business, the executive says.
Concerns over rapidly emerging technologies such as virtualisation and services-oriented architecture, along with increasing requirements around data security and compliance, are also pushing most large customers to grapple with risk management, benefiting providers like HP who can offer the broadest array of related products and services, he said.
Looking out into 2008, HP is betting on several key areas, including encryption key management, virtualisation security, and compliance automation services to continue to drive new expansion of its business.
With both encryption and virtualisation, HP enjoys an advantage over the many point product vendors it competes against, based on this ability to support the technologies from the hardware level all the way through to operational support and management, the executive says.
"For something like encryption, the problem isn't finding a way to implement the technology, because so many products have it already built-in, but companies are struggling to stitch all these systems together, and we can offer a single point of integration and management," Whitener says. "It's almost the same thing with virtualisation, where a lot of the complexity can be eliminated when you look at what we can do all the way up from the hardware level."
The dramatic growth in security services since the launch of the Secure Advantage brand in June 2007 is reflective of similar trends as enterprises seek a smaller set of vendors and integrated technologies that can help simplify their operational and management headaches, he says.
Despite the fact that industry watchers have been predicting for several years that customers would seek to embrace risk management while streamlining their security operations, the trend is finally taking root among enterprise customers as the range of external forces, from malware attacks to regulatory measures, continues to widen, says Gary Lefkowitz, director of marketing and operations for Secure Advantage at HP.
"We're seeing verticals, including the retail and energy sectors, begin to emulate what has gone on over the last several years in the financial services space, driven largely by compliance but also by the fact that these large businesses are simply drowning in all the projects and technologies they need to employ," Lefkowitz says. "It's an overused term, but customers really are looking for solutions in this area nowadays, and that's why we're seeing the pick-up of these integrated packages of products and services."
Industry watchers say that HP is likely making inroads with its risk management strategy but add that the company still has some work to do in terms of adding more pieces to its overall portfolio.
Companies like HP and IBM must offer a high-level of security skill to win many of the larger IT management and outsourcing deals that they bid on, and they will continue to build-out their holdings to do so, says Andrew Jaquith, analyst with Yankee Group.
"The general trend is that if you are a large systems integrator or diversified technology company, and HP and IBM are likely the two best examples, you have to have a security story. It's not appropriate anymore to bolt it on after the fact, and if you're selling a large package of products, customers expect that these services are part of that," Jaquith says. "I don't think that HP has done enough yet to earn a strong reputation as a risk management company, and I'm not sure that's what really they want to be, but that kind of a reputation has to be earned, not just stated, and I'd say the same for IBM."
Jaquith says HP and IBM have both added important pieces necessary to appeal to customers around security and risk management, such as their rival acquisitions of code vulnerability scanning technologies, but the analyst believes that the IT bellwethers need more time to polish their offerings.
"Both have important products as part of their portfolios that they can lay a claim to, but these are not always the companies that people first think about with security," he says. "Investments such as those they've made in code testing could help them stake a bigger claim to risk management, but they must also continue to press forward, and none of this will happen overnight."