Vertical Industry Information Security

Historically, information security has been a pretty horizontal domain. Regardless of your industry, company size, or geographic location, you needed security policies, physical security controls, and security technologies like firewalls and antivirus software. This remains true but over the past few years, we've seen a lot of growth in specialized information security requirements for different industry business processes. Financial services firms continue to embrace a multitude of tools for fraud detection. Health care institutions are way ahead on using desktop virtualization to support physicians' needs and provide better methods for authentication and data protection. Utilities companies implementing smart grid technologies need security tools that can monitor devices, control systems, and new non-standard protocols. This trend will only continue as cheap technology leads to new industry-specific hardware and software across the entire business spectrum. So moving forward, horizontal security must be supported by specialized vertical security solutions. To be clear, I don't mean regulatory compliance alone. There is a pressing need for new purpose-built tools for security policy management, monitoring, and enforcement for industry-specific business processes. Some security vendors understand these new requirements and are taking advantage of the opportunity. RSA bought into the fraud detection business a few years back and it now makes up a major portion of revenue. Imprivata went from a general purpose single sign-on appliance vendor to an Identity and Access Management (IAM) specialist in the health care industry. Nitro Security's SIEM platform can collect and analyze data from industry control systems and smart grid infrastructure. IBM and HP also play here by combining deep industry knowledge with strong information security services and consulting. The market for network security, endpoint security and security management is extremely good right now -- financial upside as a consequence of the frightening state of cyber security. Major industries now require specialized security tools that may or may not exist. Leading security vendors like Check Point, McAfee, Symantec, and Trend Micro as well as the VC community should recognize that vertical industry specialization may represent the next big security opportunity.