So there I was on the phone to an Analyst today explaining (at a fairly high level )  some of the basic features of LiveEnsure^TM  when he says – “  ahh – I get it – this is identical to Bank of America’s SiteKey/Site Pass system.”   Not having the details of said banks system at my fingertips – I was unable to correct the Analyst on his incorrect conclusion with any hard science.   We were also running out of time,  it was a bad line and…all I could say was – it is not the same – there is much,  much more going on under the hood with LiveEnsure^TM.   

Experts from Gartner have said that the recent 'froth' of M&A activity in the security space does not constitute a 'trend'.   While 'one swallow does not a summer make'  I would contend that this is in fact a trend and that it set to hold for at least another year.  

Why?

Well first of all the 'froth' was in fact more like a large set of Atlantic rollers breaking on the Cape coast!!!
 Consider the number of deals that have taken place in the last 6 months ( see previous blog) crowned by the recent announcement by HP of its acquisition of Arcsight for $1.5bn.



(http://www.ft.com/cms/s/2/e7ace394-bec1-11df-a755-00144feab49a.html)

Secondly see this article also in the FT on how ;




You have to say that security is a growth industry and why would the 'Trend' not continue ???

Have a great weekend.

• Perhaps the most high profile of these was the recent acquisition of MacAfee by Intel ( a $7.8bn transaction ) representing a premium of over 50% to the then prevailing market price.  A PE multiple of about 48 and 3.8 x Revenue. This was Intel’s largest ever acquisition.

• Symantec acquired Verisign’s Authentication business for $1.28bn - approximately 4 x revenues. (Second quarter revenues from this Unit was about $100m )  ( May ) ;

• CA has announced it will acquire Arcot systems for $200m in Q4 2010.  Arcot provides Identity Access Management and Authentication products  (www.ca.com/www.arcot.com) ; 

• VMWare has announced it will acquire Integrien and TriCipher.  (Sep) 

• HP has just announced it will acquire ArcSight for $1.5bn ( Sep) 

• Gemalto Acquires Israeli Start-up Trivnet for $40 mln ( Sep );
• Google bought Slide for $182m ( July ); 
• St Bernard  Software acquired Red Condor ( July ) 
• MacAfee acquired Trust Digital ( June );  
• IBM acquired Storwize ( June ); 
• Webroot acquired White Cloud ( June ); 
• GFI Software acquired Sunbelt Software ( June ) ; 
• IBM acquired Big Fix ( Speculation $400m - June ) ;  
• TrustWave acquired Breach Security ( June ) ;  
• MacAfee acquired tenCube technologies ( July ) ; 
• Symantec acquired Guardian Edge for $70m ( April);  
• Symantec acquired PGP corp for $300m ( April) ;  
• Cisco acquired Rohati Systems ( Feb ) ; 
• HP bought 3Par for $2.4bn after a bidding war with Dell (Sep).    The price paid was  nearly 12 x revenue. ( It has revenues of $200m but no profit !) 
• Dell acquired Ocarina networks ( June );  
• Apax bought a majority stake in Sophos ( Valuing the business at $830m) ( May) 

I found this article at www.smallbusinesscomputing.com and I am repeating it here verbatim because I believe that it captures the essence of the challenges that lie ahead and the need for education and the provision of simple but effective authentication solutions. 

What SMBs Don't Know About Security Can Hurt You

April 23, 2010

Small and midsized businesses might be the lifeblood of the U.S. economy, but according to the latest Internet security survey from Panda Security, their generally lackadaisical efforts to protect consumer data is also making them a prime target for cyber thieves.

More disturbing, particularly for customers swiping their credit cards or purchasing products and services online, the survey reveals that the vast majority of SMBs claim they don't know how to effectively prevent identity theft, lack the resources to install the technology that could thwart the majority of cyber attacks and, worse, seem to believe that it's really not their problem.

Panda Security's survey of 300 executives and financial professionals at SMBs (defined as companies with between 1 and 500 employees) spread across 38 different industries, found that 63 percent of companies acknowledge being worried about cybercrime but say they lack the knowledge to protect their businesses.

This apparent institutional ignorance is especially acute when it comes to banker Trojans, a particularly virulent form of malware that tricks people into divulging usernames and passwords for their online banking accounts.

Fifty-two percent of the survey respondents said they had "little or no familiarity" with banking Trojans, even though the mainstream media has provided extensive coverage of high-profile identity theft scams such as the infamous T.J. Maxx hacker attack that resulted in the theft of more than 40 million credit and debit card numbers, the largest identity theft case ever prosecuted by the U.S. Justice Department.

SMBs are even more clueless when it comes to how they think these thefts will be resolved once they've occurred.

The survey found that a staggering 63 percent of companies either "strongly or somewhat" believed that their banks would return all of the funds stolen in these attacks, a sign that most SMBs aren't particularly motivated, or capable, of implementing at least a modicum of security technology and processes to prevent themselves from being swindled.

But in the Panda's survey, only about 37 percent of victims said they recovered their stolen funds, while 28 percent reported "most" of their stolen funds were reimbursed.

"While online banking security is a general concern among most SMBs, most of them have little knowledge about the specific threats targeting organizations of their size," Panda Security's Sean-Paul Correll, said in the report.

It's precisely this false sense of deserved recovery that has prompted three states to recently pass legislation allowing banks to recover costs and damages from retailers that endure data breaches after failing to comply with Payment Card Industry standards.

"U.S. law puts the burden on business owners for keeping funds secure, rather than the banks," Correll said. "The majority of SMBs surveyed weren’t aware of this fact, which means they are operating with a false sense of security."

Lacking IT resources

They're also operating with less resources and general technology acumen than large companies.

"SMBs typically have fewer in-house resources and budgets for IT security, placing them at greater risk of attack," the report concluded.

While 64 percent of those surveyed said they have protective and procedural methods in place to detect or prevent online banking fraud, 15 percent admitted they had not updated security software on all of their online transaction systems and were "unsure" of their security software altogether.

Finally, 58 percent said they don't even have insurance to protect their business from banking fraud or identity theft.

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.

With over two billon Internet users and five billon mobile phone users these global networks bring people ever closer together. These technologies which include broadband (terrestrial) and 3G (wireless) allow for more and more data to be carried. We have entered the next Tech Cycle which is called the Mobile Internet. It was preceded by four tech cycles starting in the 1960’s with the Mainframe cycle. Approximately every decade thereafter we have had a new cycle; Mini-computers - 70’s; PC’s - 80’s and desktop Internet - 90’s.

The Mobile Internet cycle triggered by the launch of the iPhone will see mobile internet access overtake fixed access by 2014. This will be driven by smart phone take up and 3G/4G rollout. We are already at the critical point of over 1bn 3G users. Other drivers are video ( YouTube); Social networking (Facebook) and VOIP.

Much of this take up is occurring in emerging markets; there are 5 babies born every second - but there are 30 new mobile phones subscribed to every second.
The majority of these users do not have a bank account and so there is and will be a huge need for financial services such as (remittances/money transfer/payment services) to be done via the mobile.

In addition this increasingly connected global community is accelerating its usage of the Internet for commerce, communication, entertainment, trade, governance and so on -- in fact we are rapidly approaching the time that ALL human activity and interaction will 'somehow' be connected to the Internet.

Online fraud and identity theft have become the scourge of the Internet and are mitigating the efficacy of this Mobile Internet ‘revolution’. Now that Facebook has 500m members and issues of privacy and data protection are exercising the minds of Governments and corporations the need for broad based secure identity management and authentication solutions is escalating.
The current practice of using user names and passwords for ‘identification and authentication’ are seen as inadequate and vulnerable to hackers. New solutions are called for !

If you found my previous post somewhat disconcerting then have a look at this link which is the UK Information Commissioners Guide to the new legislation. " The code explains how the Data Protection Act applies to the collection and use of personal data online. It also provides good practice advice for organisations that do business online and are therefore subject to the DPA."

http://www.ico.gov.uk/ebook/ebook.htm

and if you want more in depth information about the legislation itself then have a look at this video from Stewart Room. It makes it somewhat more accessible.

So how do you value your privacy in the Facebook age ?

Does it matter to you that the calls you make, the emails you send, your credit card transactions, the Internet sites you visit, the images of you travelling to work, your social networking posts are now stored at data centres in the Cloud and retrievable by myriad marketers, Government agencies and companies ? None of whom you ever entrusted with your information in the first place. Your digital footprint is a permanent record of your every move.

Data is the pollution of the Information age. Everything we do generates data, and a secondary spin-off of Moores law is that every year it gets cheaper to store and process this data. So rather than sort through our e-mails and delete the ones we don’t need – we just keep them all – it is easier and cheaper to do so. The same thing happens with all of our data now.

Most of ‘your’ data actually belongs to someone else. All of your G-mails, everything you post on Facebook, all of your Amazon transactions – this information belongs to those companies who then harness this information to maximize their advertising revenue and to optimize the selection of products they want you to buy. The data gathered usually has a primary purpose such as the airlines frequent flyer programs where your travel needs are customized (your seating requirements and meal choices ), while its secondary purpose is to target you with a holiday special to some exotic destination, once sold to a 3rd party marketing company.

The data we generate has value – whether to a company seeking to sell us more product or to a Government agency who is trying to track a terrorist cell. The utility of this data depends on its accuracy – so what may be useful to a marketing company such as your age, salary band and postal code will be insufficient for a National Security Agency . Companies are able increasingly to use this data to control their customers. Think about iTunes and the iPhone and how Apple has managed to control the whole eco-system end to end from the device to the content to the retail process. This is not necessarily a bad thing – users are happy to have this managed for them especially as technology becomes increasingly sophisticated and complex.

But what happens when you lose control of your data ? When your information is unwittingly exposed to the world. This is a failure of security. But do you care? This is where the issue of the new generation gap becomes relevant. The Internet generation gap. The younger generation seem to be far more relaxed about their information being made public. They are living their lives ‘in public.’ What they did last night at a party is posted onto Facebook either by themselves or their friends. For the whole world to see. This is ‘normal.’

So what seperates these ‘digital natives ‘ (those who have grown up with the Internet, with cell-phones, in the digital age with ubiquitous connectivity) from those of us who grew up when vinyl was still de rigueur , who watched TV according to a schedule; Generation X’ers who grew up in the pre-celebrity era – when football stars were paid a living wage, when videos and CD’s were mainstream. Bruce Shneier believes this divide – this generation gap can be classified as the divide between those who ‘get ‘ Twitter’ and those who don’t. Age is not the measure; your level of acceptance and comfort with the nuances of social media, your fluency with social media, is.

The social norms of the digital natives are created by their environment, the world they were born into. Privacy in the pre-Internet age arose from the inefficiencies of prevailing technologies – telephone calls and letters were difficult to track. Now this has changed and because of the massive processing power of Googles’ search engine and other technological innovations privacy has been significantly diminished. Anyone can Google you and find you on Facebook/Twitter/Googlemail and through your friends and friends of friends they can discover a lot about you. Ask any major HR department when they interview job candidates how they do their ‘checking’ on candidates. There is not even a measure of privacy through obscurity, because even the sheer volume of data out there, is no match for the processing power of search algorithms.

In the past you categorized your friends into different groups with whom your socialized – family, school friends, work colleagues, clubs and so on. There was a natural compartmentalization between these ‘Groups’ - today it is difficult if not impossible to section off your friends into such groups. To control your privacy now you have to explicitly engage with the privacy policy on the social media site / email provider or whatever service you seek online. Many people will accept the default settings just so that they can get on with it – inadvertently leaving big holes in their privacy.

However regulators and law makers are starting to get firmer and they will have to force providers to allow users to opt in rather than to blindly accept default privacy settings. This should prevent some of the recent privacy debacles like the introduction of Google Buzz and Facebooks’ recent efforts at changing its privacy policies which saw the wholesale disclosure of peoples private information including their emails.

A good example of how the Regulators are starting to get to grips with these issues is the Code of Conduct recently published by the Information Commissioner in the UK – linked below. But remember that privacy and security do not equate. Security is about you controlling your information. It is up to your to take back control of your data and not to leave it to others. You need to start thinking more about security and how it can be used to protect your data.

But more of that another time.


LINK TO INFORMATION COMMISSIONERS CODE OF CONDUCT - http://bit.ly/boDtlp

I suppose what I am really excited about - ( notwithstanding the doom-mongers of Global Warming, un-payable National debt, Euro-zone contagion, GM food and England’s prospects in the World Cup amongst other paranoia permeating and eating away at the soul of our society !! ) - is the fact that we have entered the next Tech Cycle. Amidst the threat of a double dip recession, oil spills in the Gulf of Mexico and Greek unrest who cares about the next Tech Cycle – the next Dot Bomb ? You may well ask !

The fact is that there have been four Tech cycles in the last 50 years and each one has been bigger and better than the preceding one. Let's remind ourselves of what they were :

1. The mainframe computing cycle started in the 60’s with the main players being IBM, NCR, Sperry ; then followed
2. The mini-computing cycle in the 70’s with the major companies being Digital Equipment, HP and Wang and then;
3. The PC era of the 80’s/90’s where we saw the rise of Microsoft, Intel, Apple and Cisco – finally leading up to;
4. The Desktop Internet Computing cycle which began in the 90’s and has lasted well into the Noughties with a few bumps along the way like the Crash of 2000. The winners here have been Google, AOL, Yahoo and Baidu.

We are now well into the next Tech Cycle. The mobile Internet computing cycle. It did have a false start in the early 2000’s with the extravagant and outlandish promises of 3G – but the technology was just not ready nor were the devices.

That has all changed. With the launch of the Apple iPhone and with it the first truly mobile browsing experience - we have witnessed in the last two years the beginning of the mobile internet cycle.

Driven by newer and smarter smart phones, netbooks, laptops and now iPads / tablets and of course with true high speed networks that have reached critical mass the Mobile Internet Cycle is taking off.

What does this all mean.? Well based on the experience of the previous Tech cycles, the prospective winners of this cycle stand to win and win big. Each subsequent cycle has produced bigger and stronger companies than those of the prior cycles. Key drivers in this phase will be new and clever mobile devices (smartphones), new Web services increasingly hosted in the Cloud and social networking particularly the likes of Facebook and their communities around which new services and games will be created.

So far the winners in this cycle are Facebook, Apple and Google. More will follow.

These are exciting times for anyone involved in the world of wireless, Internet and payments. These are all coming together to create a whole new eco-system that will transform the way we live our lives.

It is now time to think BIG.

About the MACRO picture.

How the massive growth in INFRASTRUCTURE continues unabated and how it will impact on you and me.

Our lives are slowly adapting/evolving because of the availability of more and more BANDWIDTH, faster PROCESSING speeds and the increasing ubiquity of WIRELESS networks – both GSM and WIFI.

How are we changing the way we behave?

You just need to look at two markers –

1.) MOBILE phone growth especially in emerging markets ( there will be almost 5bn mobile phone users by the end of 2010) and

2.) growth in SOCIAL media especially the likes of FACEBOOK (400m users and growing ) which takes up an inordinate amount of our spare and working time.

People are increasingly connected in an ALWAYS ON ALWAYS CONNECTED WORLD. The curse of the CRACKBERRY has now been extended to all SMART phone users. We have become slaves to technology.

Almost every human interaction whether work or play is increasingly reliant upon some kind of interface with the Internet or IT network. Whether working on a computer, making a phone call, travelling in a car or public transport, shopping, watching a movie, attending a sports event, you are either knowingly or unknowingly (e.g. CCTV) interfacing with an IP network.

And it will only get worse as the new technological infrastructure continues to rollout. Fiber optic networks and the processing technologies allowing for those networks to carry even more data, broadband networks, the proliferation of IP connected devices that will eventually morph into the so called ‘ Internet of Things ‘ are all examples of the ongoing relentless growth in IT infrastructure.

Both business and personal users will increasingly depend on getting there IT services from the ‘Cloud’ in the form of Software as a Service as the Service Levels achieved from the Cloud match (and increasingly exceed ) those of in-house proprietary infrastructure. Clearly security is and will continue to be a concern but the technological race is on for solutions that address the security requirements demanded by the Cloud.

We can either embrace this new reality or behave as Luddites and stick to the old order. The world is changing so fast and information technology is leading that change. It is incumbent upon those of us who are custodians of the infrastructure and the services provided on it to carry out our responsibility to inform and educate those who we want to be our users / our customers.