February 5, 2008 - Volume 3, #11
Good Morning:
I remember it like it was yesterday, but it was 1995. Matt Cain, a
fellow META analyst, and I were walking out of Lotus' Cambridge
headquarters after a day of meetings. We both looked back at the
building and he wondered aloud
who was going to own Lotus in a year's time. It was a prescient
comment, since no more than 6 weeks later IBM launched their hostile
bid. I was kicking myself in the ass for not buying those call options
on Lotus when we walked out of the meeting.
Lou Gerstner had some big cajones to offer $3.5 Billion for Lotus. That
was a lot of money in 1995. It was all about Notes at the time, and
hoping that the 1-2-3 franchise wouldn't erode as quickly as it did.
Lotus certainly had their ups and downs. Lumpy quarters, Wall Street
frustration. And then this IBM bid comes in at a huge premium. What
else could Lotus do? No one else had the balance sheet to rescue them
from IBM's clutches. So they grumbled a little, negotiated a little and
finally relented with an extra couple hundred million in their pockets.
[1]Do you see any
similarities to another deal that is making headlines? Of course,
Microsoft/Yahoo. It's not necessarily the sign of the apocalypse, but
it is certainly an indication of the transference of power in the
technology space.
In 1995, IBM bought Lotus because they were having trouble competing
for mind share with this upstart company outside of Seattle called
Microsoft. IBM was still smarting that they made Bill Gates a
billionaire by giving him the PC operating system franchise, so they
certainly weren't going to let him take the collaboration franchise as
well.
But in reality, by that time IBM was no longer a player, and it truly
indicated that Microsoft was the dominant force in all of technology.
Not that IBM wasn't huge, but they had struggled and were rapidly
becoming a services player. They would not be dictating technology
architecture moving forward. Lotus lost that battle and IBM couldn't
save it.
Yahoo! will relent and fall into Microsoft's embrace. Maybe they'll get
another $1 or so on the share price, but they will sell. No one else
will come forward with a bigger bid and it's not like Yahoo has a lot
of momentum nowadays. Staying the course isn't an option, not after
blowing a quarter and reducing the outlook for 2008. But more
importantly, to me this also indicates
the transference of power to Google. Microsoft is admitting they can't
compete with their own online stuff. Which they can't, so this is a
good shrewd move, timed perfectly by Ballmer and crew.
Will they execute? Who knows? Who cares? Microsoft had no choice. They
are playing the only card they have right now in the search and online
world.
It really is amazing how history repeats itself in this
business. I've been around long enough to have seen each
movie, a couple of times. As they say in Battlestar Gallactica, "it has
happened before and it will happen again." Yes it has, and yes it will.
You just have to pay attention to see the cycles repeat.
Have a great day.
"Remember Big Fish Eat Little Fish" picture
originally uploaded by theothermattm [2]
Technorati: Information
Security [3], CSO [4],
Security
Mike [5], Internet
Security [6]
 [7]The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [8] |
Get Your Special Report: 6 Easy Steps to Protect Your Identity and get access to Security Mike's Portal today www.securitymike.com [9]  [10] |
Top Security News
pointing
out a little pork in the proposed
US Federal budget [11] for this year. OK, not just a little pork -
A LOT OF PORK. $30 BILLION earmarked for cyber-security over the next 7
years. Holy crap. $30 Billion. The projected expenditures would be $6
billion this year. First of all, I hope by now we all know that
throwing money at the problem doesn't make it go away. Not by a
long shot. Not that having money and the ability to make investments
isn't a good thing - but it's certainly not a panacea. This entire
thing seems a bit back assward to me. Normally, security professionals
have to do a good job with limited resources and then some type of
catalyst (like a breach perhaps) will make the light bulb go off in the
corner office, and the investments will be made. But with performance
like FISMA and all the other indications that a lot of the money spent
today by the Feds on security is wasted, how on earth do they think
that throwing more money at the problem is going to help. All I can say
is that it'll be a great Q3 in public security land if this budget goes
through.
Link to this [12]
Dr.
A recently published a byline in
ComputerWorld [13] that discusses the role a security policy has
in our efforts. It's a good read and makes the point that you need a
policy because the regulations say you need a policy. As early as
HIPAA, there was a requirement for a security policy - whatever that
means. And that is really the point. The policy is only a piece of
paper (or likely a lot of pieces of paper) and if the organization
doesn't make conscious efforts to change the culture and accept
security and data protection as important aspects of day to day
operations - it doesn't make a difference. That takes marketing, that
takes selling, that takes a lot of evangelizing within your
organization to make the policy real and to evolve it over time as
things change.
Link to this [14]
MXLogic
would point out the re-emergence of
PDF spam in more inboxes [15]. What should users do? Probably not
much different. Thump your email security vendor on the head if their
accuracy is going down. Continue to train end users about why they
shouldn't open PDF files or even messages from people they don't
know.
Link to this [16]
The Laundry List
- More PCI nonsense from Secure Computing. Now they have put up a PCI website to help customers beat the deadline. Give me a break, this is about 18 months late. - Secure Computing Release [17]
- ConSentry wants to get into the closet. The wiring closet that is. Go after the 800 lb. gorilla in their pen. Sounds like a fun way to spend the day. - ConSentry release [18]
- Fortify offers to scan e-voting machines for free. And what do they do if they find something? It's not like you can push back the election like a software project off the rails. - Fortify release [19]
- Sourcefire downgraded by Jeffries - stock gets pounded to all time low. That wouldn't be newsworthy (unless you are Marty), but this is the first I've heard from the Street about the macro economy impacting security spending (outside of financials). - AP coverage [20]
Top Blog Postings
http://www.computerweekly.com/blogs/stuart_king/2008/01/security-metrics-are-we-secure.html [21]
Link
to this [22]
http://thurston.halfcat.org/blog/2008/01/26/do-awareness-metrics-fail-the-so-what-test/ [23]
Link
to this [24]
http://www.securitymetrics.org/content/Wiki.jsp?page=Welcome_blogentry_310108_1 [25]
Link
to this [26]
http://sm-blog.securitymike.com [27]
Check out the
latest on
the Security Incite blog
http://blog.securityincite.com/ [28]
Read the
most recent Daily
Incite
http://securityincite.com/security-incite-rants/daily-incite [29]