Monthly Archives: August 2006

What’s It All About, Tucci?

Associated Press technology writer Brian Bergstein has produced a feature article examining the continuing, serial-acquisition-fueled expansion and evolution of EMC Corporation into, well . . . what exactly?

After spending more than $7 billion in the past three years on acquisitions that have extended the company’s reach into areas such as document management, message archiving and compliance, and information security, here’s how EMC CEO Joseph Tucci now describes the primary challenge facing his company:

“The biggest obstacle we face is what we spent the whole decade of the ’90s doing — that EMC is the storage company. We have to get customers to view us, as we’re calling it now, as an information infrastructure company.”

Perhaps so, but at least it was evident to everybody what a storage company did. It provided storage. Just what is an “information infrastructure company”? Isn’t that a nebulous description, an ambiguous designation, to foist upon bemused customers, partners, and employees — much less market analysts and journalists?

I am not saying that there isn’t an unseen method to the apparent acquisitive madness that drove EMC from its storage-hardware abyss into its current status as a growing company with nearly $11 billion in annual revenue and approximately 28,000 employees, even more than it had during its dotcom halcyon days, before the bubble burst like an the ulcer of a decadent gourmand who had far exceeded the boundaries of civilized consumption.

What I am saying, though, is that Joseph Tucci and his lieutenants must do a better job of explaining EMC’s raison d’etre than they have done in recent interviews with business journalists, the trade press, and market analysts.

EMC’s executives should be embarrassed at their inarticulate fumbling and inept communication. If you have a plan, as a richly remunerated CEO, you should be able to convey it clearly and cogently, not jabber vaguely about wanting to be viewed as an “information infrastructure company.” In making such a murky statement, you’ve generated more questions than answers, more fog than light. I don’t think that’s the intention.

It’s beginning to seem, rightly or wrongly, that EMC has been opportunistically acquiring companies in a variety of disparate growth markets rather than assembling a coherent portfolio of integrated products, services, and solutions that meet its customers’ needs. If that’s a mistaken view, Tucci and company need to set the record straight, without recourse to obfuscatory jargon and vacuous cliches.

Lenovo Snares Fourth Executive from Dell

Given Dell’s recent history, it might seem odd for Lenovo to raid that particular competitor — rather than, say, HP — to find an executive to lead a new business unit dedicated to customer service. Still, that’s what Lenovo has done, adding its fourth erstwhile Dell executive to its leadership team since December.

As reported at eWeek.com, Christopher J. Askew, 44, yesterday was appointed senior vice president of the new Lenovo Services unit, the company said in a statement. He will be based in Singapore and report directly to CEO William J. Amelio.

Amelio, himself a Dell defector, has been reassembling his old executive team at Lenovo. On August 17, as covered on this blog, Lenovo announced that it had hired two other Dell executives, and former colleagues of Amelio, to lead different units in its Asia Pacific and Japan divisions.

Will HP Buy Into Security?

In the aftermath of IBM’s announced acquisition of ISS, market analysts and pundits have speculated that HP should and might acquire a security company of its own.

For example, Cowen Co. research analyst Walter Pritchard wrote the following in a research report issued yesterday:

Larger systems software companies have been aggressively acquiring security software vendors and point technology . . . and HP has been notably absent.

Pritchard thinks HP should be considering an acquisition of Symantec or McAfee. I think don’t think HP will buy either vendor, each of which relies too much, even today, on revenue from antivirus products that are facing a growing competitive threat from Microsoft, a key HP partner.

HP is Microsoft’s number-one reseller of Exchange. Does it really want to get into competition with Microsoft, knowing that the software giant already is moving to provide inbound messaging hygiene, including antivirus, for Exchange business users as well as for users of its consumer products? I don’t think so.

To the extent that HP might buy its way into the security market at all, I am more inclined to agree with the assessment of Momin Khan, an analyst at Technology Business Research:

They might have to go smaller. We think they’re in the market to spend another billion dollars with two or three acquisitions [total] over the course of the year.

Let’s say that’s true, and let’s assume they won’t want to acquire a vendor that derives a large share of its revenue from sales of antivirus software. HP could opt to buy a couple private security companies in areas such as intrusion prevention and data leakage prevention (DLP), sometimes known as outbound content control (OCC).

If HP pursues that course of action, then Sourcefire would make an excellent IPS candidate, bringing a solid set of services, a good installed base of customers, and stellar security credentials. In the DLP/OCC space, Vontu is an early market leader in a market that is growing and drawing the attention of the major players.

Perhaps HP would consider buying Check Point, but I think the price there is too rich. Check Point is reeling, though, and it must infuse itself with new growth prospects and vitality through acquisitions or it must agree to an acquisition by a bigger industry player.

Maintaining the status quo is not an alternative for Check Point, which is being pummeled on one side by larger vendors with greater marketing power, stronger brands, and more extensive market coverage, and has been beaten on the other side by smaller, nimbler upstarts that have been quicker to innovate.

HP and Check Point have been longtime partners, and it’s possible, though not probable, that HP might decide it should own Check Point, which has been weakened in recent years, as Luc Hatlestad of VARBusiness has written, by poorly and slowly integrated acquisitions, micromanagement by CEO Gil Shwed, poor field operations, and an executive exodus that has made it difficult for Check Point’s business partners to identify the company’s main players without a regularly updated program.

It’s not a given that HP will make security acquisitions, but, if it does, I would be surprised to see it turn in the direction of either Symantec or McAfee. Given the remaining roster of vendors available, current and future market dynamics, and HP’s particular circumstances and criteria, the company would be more likely to make smaller, targeted acquisitions — which would offer more compelling returns on investment — than to make a huge acquisition of a company with a significant antivirus overhang.

What’s Venture 2.0? Does It Exist?

I’m looking forward to the series of posts that Peter Rip, managing director at Leapfrog Ventures, has begun writing on his blog.

I’m simplifying for the sake of brevity, so please visit Rip’s site for the complete picture, but Rip’s basic thesis is that the technology-related venture-capital industry is broken and needs desperately to be fixed.

The assumptions, methodologies, and practices that worked well in the past, Rip posts, are not working now. The cycle on which they all were predicated has been shattered, and that has left the VC business in a strange new world, without the benefit of a reliable map or a functioning compass.

Here’s an excerpt of Rip’s first post that ought to whet your appetite, as it has done mine, for what will follow:

. . . . The thesis of these essays is that the venture cycle has fundamentally changed for Information Technology and that formulae that worked over the past 20-30 years no longer broadly apply.

  • Globalization is both a risk and an opportunity with venture branding.
  • Capital is no longer scarce, nor is access to venture capitalists.
  • Information technology is no longer rarified and, in many cases, it is inexpensive.
  • Global 2000 Enterprises, once the ‘go to’ customer for any fledgling IT startups, no longer have the risk profile they once had for IT innovation.

As I said, these observations are not new, nor are they particularly insightful.  And some firms are already responding.  The move to Cleantech is a move to exit IT (or diversify) to find alternative industries.  The move to build Indian and Chinese outposts are brand extensions.

So, what does it all mean — for venture capitalists, for entrepreneurs, for the industry at large? Is there a Venture Capital 2.0? If so, what will it look like, and how will it differ from its predecessor?

Let’s see whether Rip can sketch an outline for us.

Pondering the Implications of Expanded Citrix-Microsoft Alliance

News broke yesterday that Citrix and Microsoft are expanding the existing relationship between the two companies. They will work together to deliver a line of Citrix-branded branch-office appliances that will fuse the capabilities of Microsoft’s Internet Security and Acceleration (ISA) Server with Citrix’s WANScaler WAN-optimization technology.

WAN optimization is a hot market, forecast by Gartner Group to be worth $1.5 billion in 2008. Among the vendors with horses in the race are Cisco, Juniper Networks, F5 Networks, Packeteer, Riverbed Technology, and Silverpeak.

Cisco, Juniper, F5, and Citrix bought their way into the market through acquisitions. Citrix just closed its $50-million acquisition of WAN-optimization specialist Orbital Data Corp., whose products and technology have been relabeled Citrix WANScaler and will form the technological foundation for the partnership with Microsoft.

It’s interesting that the announcement was made now, because the resulting line of multifunction Citrix branch-office appliances won’t reach market until the second half of 2007, with some skeptics suggesting products won’t ship commercially until early 2008.

Microsoft and Citrix say the new branch-office-box appliances will be unique, marrying WAN-optimization techniques and technologies with consolidated branch-office services in a single, easily managed multifunction appliance. An estimated 55 percent of enterprise employees today access mission-critical business applications from a remote office location, according to Citrix’s research.

Before these applications reach the intended user, Citrix explains, they must travel long distances over wide-area networks (WANs), a process that can significantly degrade performance, impact the user experience and force expensive bandwidth upgrades. Support for workers in locations beyond headquarters is a major challenge for corporate IT departments.

Bill Snyder at TheStreet.com points out that Microsoft’s motivation for this move is to thwart Cisco’s ambitions to dominate application delivery and optimization between corporate headquarters and branch offices. That’s an area on which Microsoft has its own ambitious designs, and it would prefer not to see Cisco roll to unchallenged dominance.

However, if you look closely at this relationship, the resulting line of boxes will be Citrix products running on Microsoft’s iSA and Windows Server platforms. So, Microsoft’s motivation perhaps is not as as interesting as Citrix’s motivation.

If Citrix should fall in this endeavor, Microsoft won’t miss a beat; for Citrix, the results would be more dire.

In fact, since this not an exclusive relationship for Microsoft, it might entice another WAN-optimization vendor to port its code to the Windows-based ISA server. Stranger things have happened, especially now, when the growing confluence of networking, applications, servers, and clients blurs increasingly with each passing day. It used to be easy to sort out where Microsoft’s commercial and technological jurisdictions ended and where Cisco’s began.

Now, as Cisco moves up the OSI protocol stack and Microsoft looks at how networking networking technologies can help it form service-oriented architectures to deliver its next generation of applications, the boundaries between the two vendors’ territories are more ambiguous.

All things considered, then, Citrix probably made a good move in choosing Microsoft as its partner in this space.

The company was destined to have a hard time distinguishing its Orbital technology in a competitive field of WAN optimization and branch-networking products and technologies. It needed a hook, a wrinkle, that could give it some credibility in a realm where WAN-optimization specialists and larger networking players would implicitly (and perhaps explicitly) question Citrix’s credentials and qualifications in the space. So, rather than attempt to fight the battle purely on WAN-optimization and networking turf, Citrix attempted to shift the field of battle by embracing the olive branch extended to it by Microsoft.

You can hear echoes of that thinking in the following remark by Wes Wasson, VP of product strategy with Citrix’s application networking group:

Microsoft gives Citrix tremendous credibility, technology, and market reach in the branch office market. . . . By joining forces with Microsoft, Citrix will be able to provide a much more compelling solution than either standalone WAN optimization players who have only a small part of the branch solution) or traditional networking vendors who have had little success in providing true application-layer services to enterprise customers.

In making this move, putting its WAN-optimization and application-traffic management technology atop Microsoft ISA Server, Citrix is taking a calculated risk. It is betting that it will derive more advantage from working with Microsoft — and from its fabled marketing muscle and channel partners — than it will be disadvantaged by selling a Windows-based network appliance, a type of beast that often is not viewed as favorably by paying punters as competing boxes that run on hardened Linux or FreeBSD derivatives.

It’s probably the best bet Citrix could make, though. On its own, it would lose the battle for the hearts and minds of network managers against competitors such as Cisco, F5, and Juniper. Now, with Microsoft as its partner, it has a fighting chance, either with a direct appeal to those same network managers or by attempting to sell around them, taking their pitch to the Microsoft IT faithful and to the enterprise CxOs.

It might not work — and a lot depends on Microsoft’s level of commitment to the relationship — but it isn’t a bad play.

Now, will this development in any way affect the relationship between Microsoft and LAN application-traffic management leader F5 Networks? Microsoft works closely with F5 on a few fronts, including on providing a resilient and highly available infrastructure for Microsoft’s Live Communications Server (LCS), which clearly is of strategic importance to Microsoft.

If the relationship with Citrix warms further, I suppose there is a chance that Microsoft might swap F5’s BIG-IP application-traffic management switch for Citrix’s NetScaler products as a key strategic puzzle piece in large-scale rollouts of Microsoft application environments.

That might be an ulterior motive for Citrix in its pursuit of this ISA-based WAN optimization initiative. To take additional business from F5, and to displace it in a key relationship with Microsoft, would Citrix consider reengineering its NetScaler product line, which is based on FreeBSD, so that it, too, could run on Windows?

F5, as far as I know, has shown little interest in porting its Linux-based Traffic Management Operating System (TMOS), which forms the basis for its application-traffic optimization products, over to Windows. It’s the market leader, battling head to head against Cisco to retain the top spot, so it is unlikely to deliberate such a radical engineering overhaul unless the move was deemed absolutely necessary. We have heard in the past that Microsoft would like to get a lot closer to F5, but we don’t know how close F5 is willing to get to Microsoft.

As for Citrix, having gone down the Windows road with Microsoft once, who is to say it won’t do so again, especially if the result is competitive advantage and legitimacy in a market where it currently ranks as an underdog against established, strong players?

Stay tuned. The market for WAN optimization, and for application delivery in general, is a hotbed of vendor gamesmanship and intrigue.

Epilogue on IBM’s Acquisition of ISS

Well, we knew IBM was shopping for a security acquisition, and ISS made more sense as a target than some of the other companies alleged to have been on IBM’s shopping list.

In an all-cash deal, IBM announced its acquisition of Internet Security Systems (ISS) today. The ISS purchase is the fourth major software acquisition for IBM in the past month, following the company’s acquisitions of Webify Solutions, MRO Software, and FileNet.

iBM had been making increasingly restive noises about wanting to become a major purveyor of security products and services for enterprise customers. ISS goes some of the way toward fulfilling those ambitions. IBM said it intends to use ISS’s expertise, service teams, and its software to extend and enhance the security-related solutions its provides to corporate customers.

If all proceeds according to plan, IBM will leverage ISS in three key respects. It will integrate ISS as a business unit within the infrastructure management services unit, part of IBM Global Technology Services; it will integrate some of ISS’s technologies and consoles into its Tivoli systems-management software; and it will mandate IBM Global Services to promote and sell ISS-derived managed security services to enterprise customers.

Like IBM’s other software acquisitions this month, ISS provides high-value code around which IBM Global Services can wrap consulting, deployment, and management services.

The question now is, will IBM make other security acquisitions to fill remaining gaps in its security portfolio? I think it’s certain that other acquisitions will follow, but not right away and not nearly as big as this deal.

Breaking News: IBM Acquires ISS for $1.3 billion

Well, my musings on IBM as acquirer of ISS proved correct. Details to follow.

ISS Rumors Rekindled

The Enterprise Strategy Group’s Jon Oltsik, writing on his blog at CNET’s News.com site, reports on rumors, previously discussed here on this site, that ISS is “in play” to be acquired.

He also suggests that other security companies, including Check Point and McAfee, might be swept up in a growing wave of market consolidation. I had suggested here earlier this summer that Check Point found itself at an acquire-or-be-acquired crossroads, and the company might be tempted to consider either option.

Cisco Pulls Trigger on Arroyo VoD-Server Acquisition; Big Decisions Await Competitors

In an acquisition that many of us had anticipated, Cisco Systems officially pulled the trigger on a $92-million cash purchase of Pleasanton, Calif.-based Arroyo Video Solutions today.

In one respect, Cisco’s decision to acquire Arroyo could be seen as an inevitable reaction to Motorola’s acquisition earlier this summer of Broadbus Technologies, which competed against Arroyo in the video on demand (VoD) server marketplace. Both Motorola and Cisco, through its $6.9-billion acquisition last year of Scientific Atlanta, provide digital set-top boxes that deliver television and video programming into the homes of consumers who subscribe to video services from cable MSOs and telecommunications carriers.

After Motorola took the plunge in acquiring Broadbus, Cisco was thought to be close behind in snapping up Arroyo. Cisco and Arroyo had been talking prior to Motorola’s acquisition of Broadbus, but it’s reasonable to assume that the acquisition of a leading VoD-server player by its top rival in set-top boxes might have greased the decision-making skids within Cisco, which is not as quick on the acquisitive draw as it used to be.

Both Cisco and Motorola, before their respective VoD-server acquisitions, had apprehended the need to assemble a full video- and content-on-demand solution set. Now both companies own the server infrastructure and the delivery points inside consumers’ homes, making them attractive technology partners for MSOs, carriers, or others looking for a technological foundation to enable content to be delivered as and when needed into content-hungry residences.

There is no question, however, that Cisco now can provide a more extensive range of enabling technologies, as part of its content-on-demand offerings, than can Motorola. That’s because Cisco also owns the routing, switching, and content-optimization network infrastructure that customers require. Motorola, for its part, still must partner with Cisco competitors, including Juniper Networks, to fill out those pieces of its solution set in the VoD and CoD spaces.

Both Juniper and Motorola stand to lose business because of Cisco’s capacity to offer a more complete solution, encompassing not only the necessary network infrastructure but also the content–on-demand servers and endpoints.

With content on demand becoming a seemingly unstoppable wave of the future, the business logic that would drive a potential merger between Juniper and Motorola becomes more compelling. It might not play out right away, but speculation about such a pairing is sure to grow.

Cisco clearly believes it knows where the market is heading, and it has a content-on-demand vision that it is attempting to realize. As Mike Volpi, head of Cisco’s router and service provider technology group, explained:

The industry is quickly evolving from pure video on demand to anything on demand with any content delivered to any device.

With the Arroyo acquisition, Volpi reasoned, Cisco put itself into position to allow content and service providers to , ”serve content how, when, and where consumers want it.”

That means Cisco will be looking not only to help fulfill the content-delivery aspirations of MSOs and carriers, but also of other service providers, wireless operators, and, conceivably, content providers that want to circumvent that rigid command-and-control mindsets of the telecommunications-industry titans.

Cisco, as a provider of enabling content-delivery infrastructure, really doesn’t care who wins that battle. Cisco is like a referee at a sporting match, who gets paid no matter who wins, saying, “May the best business model win.”

An interesting aspect of the Arroyo technology is that it will allow advertisers to insert commercial pitches that can be targeted to the viewer’s demographics. I am sure that tidbit will grab the attention of Google and Microsoft, which each has its own master plan for dominance of video advertising.

Google, though — at the moment, at least — is an avowed adversary of the telecommunications establishment, whereas Cisco and, to a lesser extent, Microsoft, are viewed with less suspicion by those ensconced in the comfortable wing-back leather chairs in the mahogany- and oak-paneled boardrooms of the telecommunications establishment.

No matter how you look at it, though, Cisco holds a lot of great cards. It now owns practically all the pieces of a content-on-demand infrastructure that can deliver as-wanted video (or anything else, including music) all the way from a data center of clustered, load-balancing content servers to the homes of viewers or interactive participants. It can deliver contextually and demographically relevant advertisements with that content, too.

Not one of its competitors can do the same thing on its own. That means they’ll be forced to partner effectively and extensively, or — if the market demand is seen to be as big as many believe it to be — they will have to begin merging to match Cisco stride for stride. As the history of technology markets amply demonstrates, however, big mergers are fraught with risk, and the time it takes to integrate them successfully gives your competitor a large opening to consolidate market gains.

Whatever happens, the stellar technology team Cisco has acquired from Arrroyo is seen as providing a critical puzzle piece that allows it to authoritatively answer Motorola’s purchase of Broadbus while adding to the breadth and depth of a solution set that cannot be matched by any other vendor.

This acquisition cost Cisco just $92 million in cash, but it could have major ramifications across the industry at large.

The Security Industry’s Illicit Triangle

Just as law-enforcement officers and criminal lawyers would be out of jobs if there were no miscreants on the streets, security vendors and the security professionals who justify and buy their products would be forced to pursue different livelihoods if it weren’t for the malignant presence of hackers and malware creators.

It’s one of those timeless paradoxes. Those who defend against and combat malicious parties also depend on them for their careers. Without online malefactors, well, what would we need with antivirus software, intrusion detection and prevention systems, anti-spyware software and services, and the entire growth industry that has been constructed around the threats to online communication and commerce? Answer: Not much.

Fortunately for the security vendors and the professionals who buy from them, there doesn’t seem to be any end to the creativity, determination, ingenuity, and perseverance of the Internet’s criminal community. They are endlessly inventive, these bad guys, and they always find a way to get around the latest barriers, bulwarks, defenses, and locks that the security community throws in their path.

In makes you wonder, as Tim Wilson of Dark Reading has done, about the actual dedication of the security industry — both the vendors and the corporate-security gurus who buy their products and services — to shut down, or at least meaningfully mitigate, the dangers and threats posed by the bad guys.

Admittedly, these are cynical questions that lead ineluctably to tenebrous ruminations about human nature, as well as about the business of security technology, but I applaud Wilson for leading us down this gloomy path. These are questions we should ask, questions that should be posed and pondered by the trade press, market analysts, and corporate customers more than they have been.

Here’s an excerpt of Wilson’s commentary, The Real Threat to the Security Industry:

It’s a harsh reality, but the fact is that every security pro’s livelihood – indeed, the very growth of the security industry itself – depends on the threat increasing, not decreasing. The greater the danger, the more money allocated for security staff, technology, and pay raises. If the danger ever decreases, security will become less important, and those dollars will begin to go away.

Indeed. If you follow the logic, then – and this gets so twisted it might damage your brain — it is always in the interests of the security industry to portray the threats and dangers as growing in breadth, depth, and severity. Implicitly, then, security vendors must admit that they’re been waging a losing battle, that they have failed to successfully thwart and contain Internet malefactors. Yet, they want to be rewarded for failure — perennially and into perpetuity.

To sell more of their products and services, they must somehow convince corporate purse holders that, even though they have failed continually in their fight against the online criminal class, somehow investing in their products and services represents a good investment because, well, the alternative (not investing in said products and services) would be worse.

It’s not exactly an inspiring message, is it?

As Wilson writes:

What I am saying, however, is that the security industry itself has a vested interest in making the threat seem as scary as possible. Want to get enterprises to buy security technology? Publish a survey that demonstrates a growing threat in that area. Want to get your CFO to buy off on a large security project? Show him a report that demonstrates a high cost per incident. Vendors and IT people both need big threat numbers to justify their growth.

So, in the end, the security guardians can choose one of two arguments. Either they can tacitly concede that they have been ineffective in combating and defending against online threats, and will continue to lose ground against them in the future, or — and this probably is nearer to the truth — they can exaggerate and overstate online threats to gild the lily and make marketing and selling of their products and services easier. They certainly cannot claim to have been successful in their war with the dark side, or we would be facing an increasing escalating and more sophisticated array of threats, would we?

Security vendors are the drama queens of the technology industry. I am sometimes surprised that they don’t hire directors of horror films to run their marketing departments. Like those horror-film directors, security vendors benefit from scaring their audience. Unlike those horror-film directors, though, security vendors purport to be representing reality. As such, they a case to prove, and far greater responsibility is incumbent on them in that regard.

If you set budgets at a major corporation or service provider, ensure that you understand the motivations of security vendors and their decadently symbiotic relationship with your security IT professionals and the malevolent parties on the Internet. Force them to justify the investment in their products on the basis of actual need rather than on the basis of exaggerated and misplaced fear.

In other words, keep them honest. Some of them don’t seem capable of following that course of their own volition.

Dog Days of Summer for Technology Industry

The last few days have seen an acute paucity of newsworthy developments and events, unless one likes to cover the industry’s Web 2.0 social scene. Perhaps everybody is having a final couple weeks of vacation before getting back to newsworthy endeavors.

Whatever the reason, meaningful news has been conspicuous by its absence.

Antivirus Star Leaves Symantec for Microsoft

Microsoft already has given notice that it will be a formidable business threat to Symantec and McAfee in providing security solutions for consumers and businesses who use Windows-based computers.

Now Microsoft is signaling that it is serious about winning mindshare and technical credibility from the closed society of antivirus researchers and signature developers.

In a development that will discomfit Symantec as much as it will elate Microsoft, eWeek reported this past week that respected virus-hunter Vincent ‘Vinny’ Gullotto has left the former to head Microsoft’s Security Research and Response team, which is mandated to handle all aspects of the software giant’s malware research and response.

Although Gullotto comes to Microsoft from Symantec, he perhaps is best known for his work at McAfee, where he served as vice president of research for McAfee’s Anti-virus and Vulnerability Emergency Response Team (AVERT).

Roger Thompson, chief technical officer at Exploit Prevention Labs, explained the significance of Microsoft’s acquisition of Gullotto as follows:

Much of what gets done in the anti-virus industry is based on personal trust. All the Microsoft anti-virus guys have been newbies, or outsiders. Vinny would be regarded as an insider.

Microsoft becomes increasingly credible in the antivirus world and the larger security community, and Symantec loses a valuable technical contributor.