They Just Keep Getting Bigger--Maybe

According to The New York Times, Symantec and Veritas are in discussions aimed at having Symantec purchase the company best known for its data backup packages. Like so many of these stories, there are obvious story lines, and those that are a little more subtle.

The obvious story line is that the number of players in the security market continues to decline as mergers and acquisitions continue at a goodly clip. There are, of course, aspects both good and bad to consolidation, but financial and market forces seem to be moving in the "fewer/larger" direction, so there's little constructive that I can say about it. The less obvious story line actually has more meat, in my opinion; security is gradually moving from asset protection to business continuity assurance.

Think about it: Most security is focused on keeping "the bad guys" from succeeding in their dastardly deeds. Business continuity doesn't really care so much where the threat comes from, it just wants to keep software, hardware, and data assets available and useful to the proper users. Assurance includes security, but doesn't stop there, extending to backup and restoration, disaster recovery, maintenance, regulatory compliance, and a host of other issues. At a recent conference I noticed more people handing out business cards that read "Data Assurance" or something similar, and it's a trend that can work for the security professional on a number of levels.

First, the change in scope can mean that you have meaningful control over more aspects of the network infrastructure, so that security stands a chance of being built into, rather than bolted onto, the network. Next, the greater responsibility can translate into larger budgets--seldom a bad thing in the corporate world. Finally, taking a broader view of assurance can make you much more effective in designing security--the extra work and responsibility can carry some solid professional benefits in horizon-broadening.