Howdy! Hola! Good Morning! I had a good holiday. Feeling good. Five days off, at home, with wonderful weather will do that. Plus there are a lot of changes in my life and a bunch of new professional opportunities that are really quite exciting. So I am feeling better than good. Unchained! Even a little sassy. Anyway, let’s get right into this post, shall we?
For those of you who know me, you know that I have been in data and database security for over 12 years now. As CTO with various firms that develop security software, as a consulting security practitioner, and as a CIO. And lately I have been doing a lot of research. Too much. Market trends, acquisitions, obscure executive quotes, public company PowerPoint presentations, how marketing organizations spin their value, PR and how they create image, blogs, face to face meetings, product analysis, analyst reviews and just about everything I can get my hands on.
Lately a couple of things have happened. First, a lot of research has illuminated a couple indicators within the database security industry. Second, I have discovered some hard evidence to support a couple of quiet predictions that I have had for a while. Finally, I find myself unburdened of several responsibilities so I can talk more freely about all of the above. This has all lead me to a new series of posts on this blog that I will be making on the database security industry at large. In this post, acquisitions and market sizing.
I am making the prediction that by year’s end, three of the top four database security companies will be acquired. In fact, I will bet that 5 will be gone within an 18 month window of time. There are a dozen firms or more for those of you who do not watch this segment on a daily basis. And they will be gobbled up by larger firms. Yes, some have been predicting this for 2 years. This is the first time that I have made this statement because the market is no longer nascent, and there is genuine customer demand. A lot of research and a lot of conversations, and I am convinced this we will no longer be waiting as these mergers & acquisitions will happen. It does not require a huge leap of faith when you realize that there are about a baker’s dozen established firms in the areas of security, systems management and database management that have been circling and investigating the market space for a year or so. But the music is about to stop in this game of musical chairs, and several key players who could genuinely use database security in their portfolio will be left out of the mix. Yes, giant systems management & security vendor, I am talking about you. Plus a few others who will wait until they feel the market size justified the investment, only to find that they waited too long.
Second, the market size of database security is about to double. Rich Mogull posted a comment last week on the Database Activity Monitoring size at $70M for 2007, plus or minus $20M. I believe his number is accurate, but does not include assessment, which is half again as large, so I think 70 is a safe number. I am predicting $130M by the end of 2009. I will leave auditing out of the picture for now as predicting its size, impact and customer demand is more black art than science. As these components are not always tracked as a single offering as they should be, rather as fragments, the market size has the illusion of being smaller than it is. Regardless, with the onset of the acquisitions, this market will quickly eclipse DLP.
I do not believe I am not shimmying out on a slender branch here as growth of this segment should not be a big mystery. The current group of players are small firms with small sales teams and limited reseller relations. These products are about to be sold by an order of magnitude larger global sales forces, and quadrupling the number of customers who see these products. The acquiring firms will lend additional credibility to the technology, bundle it with existing products that (hopefully) create a more compelling solution, and the professional services that are often a required step in their deployment. And let’s face it, database monitoring, auditing, prevention and assessment are not considered a necessity by most enterprises today. But that is changing rapidly as companies realize that AV, Access Control & IDS try to keep outsiders out, rather than being geared to protect sensitive information. And where is a lot of the sensitive information stored that needs to be protected? Today’s players have proven the value of these solutions, and now the larger companies will step in and make the market.
In future posts I will discuss and analyze these as they happen. I will make comments on the business value proposition, the fit of the technology within the acquiring company’s existing product offerings, and provide analysis of strategic vision. Later. Next up will be product directions, roadmaps and synergies.
Recent Comments