Security is not a product, it’s a process.
Did Intel do enough to make the most of its investment in McAfee, or did its focus on using security to boost chip sales simply miss the point?
The company entered the security industry back in August 2010 following the tried-and-tested formula for accelerating competitiveness in a new market: sinking millions (in this case, US$7.7 billion) into one of its players. The McAfee acquisition made it the owner of one of the best known names in endpoint protection.
Intel’s PR team proclaimed the deal would significantly bolster Intel’s security capabilities, allowing it to push the security issue down onto the silicon and lead the entire cyber security ecosystem.
But here we are, six years later and we see Intel selling the majority stake in its security business to asset management company TPG for a mere US$3.1 billion.
The way the story has played out would suggest Intel entirely missed the point. Its desire to use the McAfee security story to dominate the global microchip market was poorly conceived. Any one product offering will never counteract the global security threat.
Getting established in the security industry is a long and difficult struggle. To make your mark in this fickle sector, you need a cogent strategy that doesn’t relegate the core security value proposition to being a supporting argument for something else.
Intel wanted to say ‘buy our chips since we own security’, but the engineering wasn’t there and neither was the value proposition.
It was obvious that Intel wanted to focus on bolstering its chip business. The selling off of products that were never destined for supporting the silicon story showed the industry that the company was not focusing on the big picture – end to end threat management.
New companies selling products or services to the security industry try to categorise it in relation to their specific wares, such as endpoint protection, whitelisting, firewalls, consultancy engagements or incident response.
However, those of us who have been in security long enough know that it’s not a product, it’s a process. Furthermore, no single product or service will make a business secure – in fact, 100 percent security is not possible, given unlimited time, means and motivation. You need to sell your wares as part of the solution.
Intel tried to make security all about the silicon. This entirely missed the point since threats comes in all shapes and sizes and no product or service will tell the entire story.
It tried to dominate with a strategy that leveraged its core business, but failed to see the big picture.
These missteps have left Intel with 49 percent of a standalone company that will now have to play catch-up with competitors after falling 5 years behind while wedded to Intel.
The lesson here is: if you’re getting into cybersecurity, it really needs to be your sole focus. Strategies like Intel’s that are driven by ulterior motives will be doomed to failure.
Learn from Intel’s mistake and leave security to those that can see the bigger picture.