Security software versus security hardware - the pros and cons

As the security market continues to rise, we compare security software and hardware options.

According to IDC research, the A/NZ security solutions market reached more than US$1 billion in 2007 and the market is set to grow at a rate of 11.8 percent to reach more than US$2 billion by 2012.

During IDC’s recent Security Vision Conference, analysts, top solutions providers and experienced partners shared insights, showcased the latest solutions, as well as answered the enterprise’s most pressing questions.

“Traditionally, new technology adoption starts in the workplace, spreading across corporations before filtering out to consumers who then adopt the technology for personal use.

Today consumer technology is fast outpacing enterprise computing, with popular consumer software and gadgetry creeping into the corporate world,” said Patrik Bihammar, senior analyst, security solutions and system management software
at IDC Australia.

“With popular gadgets such as iPhones, iPods and BlackBerrys becoming commonplace and Web 2.0 technology such as Wikis, RSS feeds, blogs, social networking and other interactive technologies infiltrating the workplace, the risk of security breaches and data leakage are greater than ever, introducing waves of security implications that are fast becoming a real threat never before faced by IT managers,” added Bihammar.

Security vendors are turning to web-based services to ‘keep up with the bad guys’.

McAfee and Trend Micro are touting so-called ‘cloud’ networks as the latest weapon in their battle with cybercrime and security threats.

Both companies have constructed web-based systems allowing users and researchers to keep an updated record of potential security threats, and allow systems to check whether a piece of software poses a threat.

McAfee’s Artemis system will connect to the cloud to receive updates and check suspicious code.

Trend Micro’s Smart Protection Network will also allow users to remotely access an updated database of possible threats and check for emerging risks.

Security vendors are more reactive to movements in the market.

This includes the debate between offering security software, hardware or
a cocktail of both end-users.

We ask our industry experts: “What are the differences in supplying security software versus security hardware – and what drives customers to choose either or both?”

Jeremy Hulse
VP Asia Pacific, Marshal

Generally when talking to customers we will be asked the inevitable question of does it come in an appliance? Interestingly enough an appliance is simply a delivery platform, the software that operates on that platform is the most crucial and most changeable element.

Admittedly for purists there are pieces of hardware that are a differentiation in their own right, but I will keep this aimed at the content filtering market and mainstream hardware.

Argument for the software side is that with Internet growth you can now get rapid delivery of the product, if you have the prerequisite device to put them on. Most software is written to be deployed on mainstream O/S such as Microsoft that are pervasive through IT departments globally.

For those buying the software from a vendor, it allows them to utilise existing equipment within the environment that may not be utilised at present; provide scalable delivery platforms on which to run the software; enable a range of add-on applications or options that may supplement the software within their own environment; and easily implement regular updates to the software.

Argument for the appliance is that you buy a specific piece of hardware that is designed to do a task, the assumption being that you get a piece of hardware capable of running the software to a specific level, it is set up to a point where you can add your own customisable configuration, you can install it into a rack, power it on and let it run.

If it breaks you either have a high availability configuration, bought
a redundant spare or you call for a replacement.

Dominic Whitehand
Managing director, WhiteGold Solutions

We find that security software and security hardware are really two very distinct plays for resellers and their customers.

In terms of software there are the obvious advantages of easy, quick and efficient cost-effective delivery to the end-user — either for evaluation or purchase.
Channel suppliers do not suffer potential shipping delays and of course do not need to hold stock as such — unless they are operating specifically in the retail space.

This makes it easy to supply the product and also alleviates some potential pitfalls with vendors when it comes to stocking and credit capabilities.

Recurring revenues are attractive on the software, which is also a reason why channel suppliers like security software.

The obvious disadvantage is that the software still needs to run on a piece of hardware at the end-user site — so be it a Windows, MAC or Linux machine it needs to be looked after in terms of being patched and kept secure, with the latest updates etc.

This is an overhead and can present unwanted support issues for the supplier.

With security hardware everything is contained within the box and updated automatically online by the vendor, so the end-user can very often take the “Set and Forget” approach, which frees them up for more important tasks.

There are the obvious potential pitfalls of delivery times/delays for both new products and replacement products should the hardware fail.

This can be allayed by provision of good support services and replacement services by the reseller and their distributor.