space wars: ca seeks secure future
Post on 06-Jul-2016
214 Views
Preview:
TRANSCRIPT
Computer Associates (CA) may not be the first vendor that
springs to the mind of the average IT professional when
someone mentions information security. Nevertheless, the US-
based software vendor intends to dominate this area within the
next five years.
Simon Perry, CA’s vice president of security strategy for Europe,
the Middle East and Africa (Emea), says the company aims to be
number one in identity and access management (IAM) and in
security information management (SIM) with its eTrust family of
products by 2008 at the latest.
This, he claims, is achievable because of the supplier’s 27-year
pedigree in the related discipline of systems management. This
comes courtesy of its Unicenter offering for managing large
enterprises. CA has a large installed base of mainframe customers,
its focus is on the entire enterprise, and it has a presence in more
than 40 countries. But he acknowledges: “IBM is a player here and
the one to beat, followed by Symantec in the SIM space, both of
whom are entering with a heavy service-led offering.”
A key problem CA faces at the moment, however, is not so much
a dearth of suitable products, but rather a lack of profile and
brand recognition.
Alain Dang van Mien, a research director at Gartner, explains:
“The CA brand name is strong, but eTrust isn’t. CA created it only
two years ago, and three years ago it had no security products at
all outside of the mainframe. It made a couple of acquisitions with
Platinum and Memco and recruited people, but it still has to build
up brand awareness in the general security community.”
Perry acknowledges that the supplier has work to do in this area,
especially because it is competing with single-focus vendors such
as Symantec, which have high brand recognition because of their
traditional emphasis on the consumer market.
However, he says that over the past 12 months CA has been
replicating an initiative started four years ago in the US to boost its
visibility in Europe. This includes hiring key people such as Jim
Darragh, head of channel sales for Emea, who are experienced
enough to do the rounds of the conference and speaker circuit, and
spending money on targeted advertising in public places such as
airports.
But Perry also points out that CA’s entry into the security space
was no quirk of fate. “It was no accident that we closed the
purchase of Platinum after it had bought Memco. It was absolutely
a key part of our policy to get into the security market in a big way
and we’re now six years into a very deliberate strategy,” he
explains.
The rationale, Perry says, was to build on the company’s systems
management business and to exploit in revenue terms one of the
few corners of the software market that still has relatively high
annual growth rates. It was worth $3.5 billion in 2002.
Dang van Mien explains: “By 2001, Unicenter’s product licence
revenues were down by about 20 per cent, and it had to find a new
area to make money in. Security was the only sector last year with
tr
ac
ke
r16
Info
security To
day
January/February 2004
Space wars: CA seeks secure future
Meta Group’s Casper: CA is being squeezed.
By Cath Everett catheverett@hotmail.com
CA has a five year plan to win hearts and plug gaps. Will it be enough?
1742-6847/04 ©2004 Elsevier Ltd. All rights reserved.
double digit growth and we expect it to grow by nine per cent this
year. As a result, it will become increasingly important to CA.”
Perry confirms that Sanjay Kumar, the vendor’s chairman and
chief executive, sees eTrust as its most important brand from a
strategic growth point of view.
“Unicenter brings the most revenues into CA today, but eTrust
will grow the fastest and rival it in the coming years. Over the next
five years, are we going to double growth of the Unicenter brand?
Perhaps, perhaps not. But eTrust will become the same size (as
Unicenter) and we’ve told Wall Street it should look very closely at
that,” he says.
According to Gartner, CA’s security offerings generated between
10 and 15 per cent of the company’s revenues, or $138.5 million in
2002, and it currently has a 3.9 per cent share of the overall market.
It ranks sixth behind Symantec, Network Associates, IBM, Trend
Micro and Check Point Software.
One of the issues for CA, however, on top of the need to boost
market share, is that the security market is over-crowded and
fragmented. Many different types of firm from different sub-
disciplines are players.
As a result, says Carsten Casper, a research analyst at the Meta
Group, CA is being squeezed by the big boys, such as IBM and
Microsoft, as they move into the market, and by endless numbers
of specialists, all vying for a slice of the pie.
Its situation is not helped by the fact that most enterprises still
see security as a technical discipline rather than a management
issue. As a result, user companies still tend to invest in “bottom
up”, best-of-breed network security infrastructure-level offerings
such as anti-virus (AV) and intrusion detection systems (IDS).
But this is starting to change as organisations mature security-
wise. More and more appreciate the need for “top down” security
administration software such as IAM to improve the often scanty
return on investment from mix-and-match approaches.
Gartner’s Dang van Mien explains: “Security has to be
monitored and managed, but this has not been taken into account
much so far by traditional vendors, which is an advantage for CA
because it’s one of the few to do so.”
This means that if data centre staff are in charge of security,
they are likely not only to appreciate this message, but also to be
familiar with CA as a company. This may well lead them to favour
eTrust. But if security operations remain separate from the data
centre, professionals will be more prone to favour vendors such as
Symantec.
So what exactly does CA have to offer the IT professional in
terms of product offerings?
Perry divides the company’s lines into four main categories,
although he is keen to emphasise that buying one does not mean
having to buy all. Instead, he says, CA’s strategy is to sell
technology to customers in digestible chunks, while making it
clear that they can expand to the full suite over time, if they so
desire.
Its offerings comprise content management software such as
anti-virus and anti-spam; vulnerability management; identity
and access management, and the Security Command Center
(SCC) console. This is key to its strategy of “integration
management” as it can handle
not only CA products, but third
party ones too.
The company has spent
the last four years
integrating all these
applications at the event
and common services
layer. Over the next six
months it will roll out
upgrades that are
integrated more tightly at
the graphical user
interface and repository
level to work under a single
eTrust portal.
tr
ac
ke
r17
Info
security To
day
January/February 2004
CA’s Perry: We want to benumber one by 2008.
A lack of a key products, such as a firewall, means that there are
gaps in terms of offering an end-to-end enterprise suite, especially
on the network security infrastructure side. But Perry says: “It’s
more important for us to manage all infrastructure software
than to dominate any single product category. That said, we have
strong products, but not market-leading ones by market share,
within that space.”
This approach, he adds, fits entirely with the widely-held view
that some of these technologies, including AV and IDS, will simply
be absorbed into base operating systems or networks. Therefore,
Perry says: “We’re focusing on those areas that are the most
profitable and have the best chance of delivering cash flow and
share price, and growing the business.”
But, interestingly, CA is not simply selling eTrust, and the SCC
management console in particular, directly into its traditional
FTSE 100 enterprise customer base by exploiting its existing C-
level relationships. Instead, it has introduced a new
compensation scheme. This rewards its sales staff most richly for
sales to new customers. Next follow cross-sales to Unicenter and
other customers, and lastly sales of additional licenses to existing
users. Moreover, although exceptions will be
made at the request of large customers,
CA’s preferred fulfilment model for
eTrust will be the third party
channel.
Perry explains: “Medium-
sized companies with 500 staff
and upwards are our key target
market for expansion. The issue
is that if you have a number of
customers and you cross-sell to
them, you still only have that many,
but if they are involved in a merger
and acquisition situation,
you actually have
fewer, even if both
are CA users.”
As a result,
CA’s goal is to
extend its reach to
the second tier of
m e d i u m - s i z e d
companies. “If
you look at the
overall IT spend in Europe, this is bigger than the FTSE 100 in
total,” Perry says.
Perry explains the strategy here: “Our AV software is the beach
head for us via the channel. Right now, a lot of partners are only
doing AV, but they realise that they need to grow out of this over
the next five years or they won’t be making any money.”
Partners such as Tolerant Systems have seen the appeal of a CA-
based business plan that covers the next few years, he says. This
puts forward patch management systems as the next logical step.
Managed security providers such as Ubizen and Integralis, on the
other hand, have likewise taken the SCC console as a means to
improve their own services.
To boost its mid-market appeal, however, CA also plans to come
out with various bundles of product and services by the end of
February. While it has no plans to undertake either hosting or
outsourcing, it intends to sell various so-called end-to-end
solutions that address different security areas.
“Where the heads come from will be invisible, and whether it is
from CA or hand-picked partner staff, the result is that customers
will be able to buy a product and service wrap that includes product,
implementation and operations,” Perry says.
tr
ac
ke
r18
Info
security To
day
January/February 2004
CA’s strategy at a glanceKey aim
To have its eTrust security products take the number one slot in identity andaccess management and security information management by 2008.
On the plus side:
• Sanjay Kumar, CA’s chairman and chief executive, is backing eTrustheavily and sees it as the company’s most important brand from astrategic growth perspective
• CA is six years in to a carefully thought-out strategy to penetrate thesecurity market
• Strong management background, courtesy of its flagship Unicentersystems management offering
• CA is well known by data centre staff and has high levels of brandrecognition here
• CA is broadening its traditional model of selling directly to Fortune500/FTSE 100 companies and is now also targeting mid-sized companiesvia the third party channel
On the down side:
• Lack of profile and brand recognition in the security market and amongsecurity professionals
• Ranked only number six in the overall market in 2002 with a 3.9 per centmarket share compared to the leader Symantec with 19.4 per centGartner)
• CA could be squeezed if big players such as IBM and Microsoft enter themarket and by large numbers of specialist players
• Most organisations still see security as a technical discipline rather than amanagement issue
• CA must plug gaps in the network security infrastructure side if it is tocreate an end-to-end security product suite
Gartner’s Dang van Mien:A 50-50 chance of success.
It also won’t matter whether the contract is written on either CA
or on partner paper, he adds. This is because one of the company’s
key aims is to avoid channel conflict.
Gartner’s Dang van Mien believes that CA’s strategy has a
reasonable chance of success. He thinks that the security market
will hear a lot from the vendor over the next few years.
“The biggest issue is that the market is very unpredictable and
it’s not always clear how future trends will pan out. It depends on
global economics, particularly because security is seen to be like
buying insurance. But it also depends on mergers and acquisitions
and how quickly software becomes embedded, as this affects how
much money can be earned, and by whom,” he says.
Dang van Mien believes the best case scenario for CA is that it
becomes a market leader in user provisioning and embeds an
increasing number of its security products into Unicenter, for
which it charges, while continuing to build up the eTrust brand.
The worst case is that the trend towards embedding makes it
harder and harder to sell its products into the enterprise, that it
experiences no real growth, and that it starts to invest in a different
type of technology. This would see the eTrust brand wither and the
products given away for free as part of Unicenter.
“The reality will probably be somewhere in the middle. CA has
a 50-50 chance of succeeding, and it’s not clear at the moment
what will happen,” he concludes.
Cath Everett is an IT and business journalist who writes for titlesthat include: Computing, Computer Weekly, MIS, Financial
Director, Red Herring, and IT Consultant.
tr
ac
ke
r20
Info
security To
day
January/February 2004
top related