Let’s talk about the convergence of networking and security: is it actually desirable? And is it even possible?
To answer the second question first: of course such convergence is possible, to some extent at least. But what does “to some extent” actually mean?
It’s pretty clear that adding some security functionality to networking hardware and software is desirable, practical, and easy to achieve. It may even be the best place for it. But there’s a problem.
The problem is that many security vendors’ products are best of breed, and many network vendors’ products are also best of breed. But while a large organization may only need one network vendor, the chances are that it needs multiple security tools, from a wide array of security vendors, to achieve the security posture it requires. There is, in other words, a great deal of heterogeneity when it comes to security setups. Once size doesn’t fit all.
Now you could argue that security is simply an expensive necessity that every organization needs to have in place, not something that provides a competitive advantage to a business. For that reason companies should mould their operations to fit a standard security package in order to benefit from the economies of scale that a standard security package could offer. It’s the same argument that prompts companies to use standard cloud-based software services for things like HR, sales and marketing automation and so on.
But that argument doesn’t hold water. Security is an expensive necessity, but different organizations are subject to different regulatory requirements and reporting procedures, and different types of activities have different security needs. These needs can be very nuanced: the security requirements of a company operating in one industry in one country can be radically different from one operating in a fairly similar industry in another country.
So while network and security convergence sounds sensible, you only need to drill down a little bit to see that to be effective it would have to be far more complicated than it first looks. There are some big networking companies out there, and some of them also offer powerful and sophisticated security products. But none have the depth and breadth of security capabilities that many companies require.
So that leaves two possibilities. The first is a networking landscape that involves partnerships spanning multiple security vendors working together. That might be possible, but doesn’t that deprive organizations of the ability to choose best of breed solutions for their specific security problems?
The second is that network security is rethought out from scratch. The aim would be to produce a networking solution that truly has security functionality baked-in, not bolted on and called converged. And that’s not something that will happen any time soon.
There is in fact a third option. Networking and security remain, to a large extent, unconverged. There may be a consolidation of networking companies, and some networking companies may gobble up some security companies. But with this option, the boundary between networking and security may become blurred, but it doesn’t even begin to disappear completely. And that might be the best option for all.