Governance, compliance and new electronic business processes are radically changing the security landscape in a multitude of ways. One of the most profound of these changes is a lot more integration between identity and security.
Yes, these two disciplines have always been complementary, but large organizations now want to align security policies with specific users, roles, and business initiatives. This demands technology integration that aligns access and security policies with networks, applications, and data.
Assuming that this trend continues, which vendors are best positioned? Here is my quick take:
From a technology perspective, IBM and Microsoft are in the best position with broad portfolios of identity and security offerings. Microsoft has already anticipated identity/security integration through its product strategy, roadmap, and organization. IBM's identity installed base and services muscle are also valuable assets. CA is also a leader in my book. Although its security portfolio is not as extensive as IBM or Microsoft, it earns points with its identity leadership, Global 2,000 installed base, and mainframe coverage.
HP has great industry knowledge, services prowess, and licenses all the technology it needs. Close behind HP are a myriad of other services-led firms like Accenture, CSC, Deloitte, PWC, and Unisys. I also place Novell on this list as it has great technology but needs some help to sell outside its legacy base.
The dark horses:
Oracle has some but not all of the pieces but it may want to go deeper into security now that it owns Sun. Symantec has no identity presence but could partner or buy its way in. Ditto for Cisco and EMC/RSA. Juniper's strong portfolio of security and network identity products (i.e. RADIUS, identity and policy control) may make it the go-to partner for marrying network- and application-layer identity. Courion could be scooped up.
The question marks:
There will always be a market for stand-alone security vendors but without a strong identity play, vendors like Check Point, McAfee, Websense and others may find themselves moving toward increasingly narrow niches.