Government emphasis on compliance drives another security acquisition

Enterprise security giant Symantec announced yesterday that it will acquire the privately held vulnerability assessment and security compliance vendor Gideon Technologies. While Gideon focuses on commercial markets such as financial services and health care as well as the public sector, Symantec’s press release makes it clear that what it finds most attractive about Gideon’s SecureFusion product is its capabilities to scan networks and assess compliance with key federal regulations, including FISMA and Federal Desktop Core Configuration (FDCC) standards, using the Secure Content Automation Protocol (SCAP). Gideon has made support for federal standards compliance a priority, building in a variety of control standards from NIST and even aligning to the Consensus Audit Guidelines (CAG), which are not mandated but which have been embraced by many current and former government IT executives. SecureFusion appears to be a good fit with the rest of Symantec’s security management and monitoring toolset, and the combined product offering should appeal to government agencies seeking to establish or enhance situational awareness.

This move by Symantec demonstrates once again the market influence the federal government has, in particular the way the federal emphasis on compliance-based security management continues to drive market opportunities for commercial security vendors. In much the same way as EMC’s recent decision to acquire Archer Technologies, the clear and present need for federal agencies to procure and implement tools to assess and monitor compliance in an automated fashion seems to outweigh any potential move away from compliance-based security in favor of effectiveness-based alternatives. In Gideon’s case, it’s not a coincidence that its core commercial markets are the industries with the broadest and most complex set of regulations. Even with a steady stream of suggestions coming from Capitol Hill that major compliance-mandating regulations like FISMA, HIPAA, Sarbanes-Oxley, and the Privacy Act are in need of substantial revision, it seems safe to infer that Symantec’s due diligence and market research on the Gideon acquisition must have left the company confident that regulatory assessment and compliance solutions will remain a lucrative market for the foreseeable future.