When it comes to information security, networking giant Cisco seems like its at a crossroad. In 2009, Cisco acquired cloud security provider ScanSafe for $183 million and it announced security products and services for the iPhone earlier this year. That said, 2009 seems to be highlighted by noteworthy security issues. For example:
1. Cisco hinted that it will end-of-life both CSA and MARS.
A few short years ago, these products seemed like they would anchor Cisco's security strategy.
2. Cisco's main message throughout 2009 was around cloud security. Fine for vision but since cloud computing is a confusing category in its infancy, these messages probably didn't help move any products.
3. In several discussions with Cisco sales reps and channel partners, security products have become a low priority. To paraphrase one sales person, "I have no time to work on a $100k sale when my quota is in the $10s of millions range." I also noticed a lot of network security deal bake-offs between folks like Check Point, Crossbeam Systems, Juniper, McAfee, Sourcefire, and TippingPoint but not Cisco.
4. Instead of buying a DLP player (a growing software category), Cisco chose to partner with RSA. Fine but not typical Cisco behavior.
5. Cisco walked away from Guardium, a database security company it invested in, and then let IBM acquire the company unchallenged.
Cisco has a huge installed base and an unbelievable halo effect. Given these assets, I'm sure a "bad" year for Cisco security still produced plenty of revenue. Nevertheless, Cisco seems much more passive and confused about its security play then it did a few years ago when it seemed intent on owning all-things security -- from the network (firewall, NAC, IDS/IPS), to clients and servers (CSA), to network applications (email, XML) to identity (entitlement management).
Cisco's 2009 rhetoric about cloud security, collaboration, and reputation were pretty weak -- not what you'd expect of a leader. In 2010, Cisco must establish itself in the server market, press forward on Telepresence and Tanberg, and fight on all fronts without the help of HP or IBM. Can it do all this and re-establish itself in information security? Maybe, but I believe this is a tall order. Moving forward, information security seems like a tactical market for Cisco at best.