• United States



Contributing Writer

Could Government Integrators Take Their Big Data Security Analytics Skills to the Commercial Market?

Jul 17, 20134 mins
Cisco SystemsData and Information SecurityIBM

Technology and skills are there but private sector affinity is still lacking

After the terrorist attacks of 9/11, intelligence agencies and law enforcement organizations in Washington realized they had a problem. Federal agencies had pockets of intelligence spread all over the place and needed to consolidate them into massive data repositories. Additionally, the feds needed help sorting through the noise to find nuggets of true intelligence value.These new requirements led to a number of initiatives. Former Reagan National Security Advisor John Poindexter created the Information Awareness Office (IAO) and a program called Total Information Awareness (TIA) funded by DARPA. While TIA was deemed as a bit too creepy, other programs such as Human Identification at a Distance (HumanID), Genisys, and Genoa followed. Heck, even the Edward Snowden-revealed PRISM program from NSA is rooted in this progression.Yup, the feds were busy collecting, consolidating, and mining intelligence data but they couldn’t do it alone. Government integrators quickly joined the party and developed a world-class skill set around data analytics. This was before anyone even coined the term “big data.” Government integrator’s data analytics acumen is about to come in handy in an entirely new realm – big data security analytics. In fact, many government integrators are already moving in this direction. SAIC announced DigitalEdge for real-time data ingestion and processing in the commercial market. Boeing acquired big data security analytics innovator Narus. Booz Allen has introduced a big data cloud analytics architecture which can be applied to cyber security. The list goes on and on.Why are these federally-focused organizations turning their attention toward big data security in the commercial market? Because there is lots of money to be made. According to a recent ESG research report, 44% of enterprise organizations believe that their security data collection and analytics requirements qualify as big data today while another 44% believe that their security data collection and analytics requirements will continue to grow and be considered big data within the next two years. With 88% of enterprises (i.e. more than 1,000 employees) as a total addressable market, government integrators see billions of dollars of opportunity. What’s more, big data security analytics is a new market so while CISOs are likely to listen to security analytics incumbents like IBM, HP (ArcSight), LogRhythm, RSA Security, and Splunk, they may be open minded toward vendors with big data experience at the CIA, DoD, and NSA. There is no doubt in my mind that traditional government integrators have the right big data analytics chops for this job but selling security solutions to Goldman Sachs is a world apart from bidding on multi-year contracts with Federal agencies. To succeed, BEA, CSC, Lockheed, Northrop Grumman, Raytheon, and others must:1. Adopt a commercial sector go-to-market strategy. Based upon my experience, I can’t emphasize enough how different it is to do business within the Beltway. Government integrators tend to be multi-billion dollar companies that sell next to nothing in the commercial sector for a reason. To capitalize on the big data security analytics opportunity, government integrators will need an experienced team, ample budgets, and the right tools to compete with organizations that have been selling into the enterprise for years. 2. Put their experience in context for the commercial market. Mining intelligence databases for terrorist spending activities or facial recognition makes for a cool story but not a commercial solutions sales pitch. In aggregate, CISOs are really interested in 4 things: risk management, security efficacy, business process support, and operations cost. Government integrators must avoid science fiction-like experience and tailor their solutions and marketing to these 4 priorities. 3. Eschew custom solutions. In the Federal space, it’s often fine to show up with a bunch of open source code, proprietary software libraries, and an army of developers. This won’t fly in the commercial space. Vendors with the best out-of-box data collection, processing speed, algorithms, visualization tools, and intuitive investigation workflow, will end up as winners in the big data analytics game regardless of where they are located.4. Include services. For every enterprise that has the skills, resources, and strategies around big data security analytics, there are another dozen lacking in one or several of these areas. Government integrators need consulting, planning, implementation, and operations services for enterprises that need big data security analytics but need help consuming and benefiting from this technology. The big data security analytics market is in its Genesis stage so the boys in Washington have as good a chance as anyone to capitalize on this burgeoning opportunity – if they can take their vast experience and wrap in with a commercial market package.

Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author