Axent Gets a Lock on Corporate Security
Using 1s and 0s to build defense walls around corporations is Pete Privateer's job as operations chief of Axent Technologies Inc., a security-software company based in Rockville, Md.
Axent, which earned $5.3 million in revenues during the three months up to June 30, is one of the larger firms in a swirl of many small companies that develop specialized security products now being consumed in growing quantities by corporate America. For Axent, business is booming; the company earned $3.5 million during the same period last year, and went public in April with the sale of 2.99 million shares.
Privateer's job puts him in the center of this fast-growing security industry. From this excellent vantage point, he shared with WT staff writer Neil Munro his perspective on the future of the security business.
WT: What is Axent's market?
Privateer: We're aiming at the market for securing enterprise computing environments. Anything from the desktop to the server to the networks, both the internal networks and the external networks. We are not aiming at the consumer market such as electronic commerce [but] at the corporate and government market. Probably the vast majority -- 75 percent to 80 percent -- of our business is with commercial organizations, but we are seeing an expanding role for government.
WT: Are major companies such as Microsoft and IBM going to eat your market and your company?
Privateer: [The major vendors] offer machines with highly secure operating systems, but that of course, is not where the problem lies. The issue that we see is that it is not just the operating system where the security problem lies. There's the problem on the server, [and] we are seeing an awful lot of critical information sitting out on the client.
If the world were to become Microsoft Windows/NT tomorrow, then I still think there would be a big opportunity for vendors like us. This is nothing new in the computer industry. Back in the 70s and 80s when IBM dominated the industry, they had some measure of security built into their mainframe operating systems, but there was nearly a billion dollar market for third-party security products. IBM did not put the independent software vendors out of business, and I doubt Microsoft will put the independent software vendors out of business.
WT: But is your future threatened by Microsoft and other major vendors that are adding security features to more and more of their products, including their Internet products?
Privateer: There is security built into NT, but there are many holes in it. That is an opportunity for vendors like ourselves. The world is not going to become Windows/NT, at least not overnight. And the world we live in is very much a heterogeneous world. We have many different types of operating systems, many different flavors of UNIX, midrange processors, many networking protocols, all of which have to function together. So the opportunity for vendors like us is clearly in providing a consistent way to manage security across all that disparate technology.
Let us not forget the databases that have security built into them, the applications that have security built into them. And of course, many times in-house applications [such as] funds transfer systems and payroll systems also have their own security built in, [and all of which need to be integrated].
WT: Is there any prospect that lawyers will start suing companies for failure to ensure proper computer security?
Privateer: We do expect to see [lawsuits for security failures].... Corporations are realizing that if they don't take adequate measure to protect their assets, there is a clear liability issue involved. They have fiduciary responsibility, either to the board of directors or to the Congress, to protect the corporate assets or the country's assets.... That [threat] has got a lot of people's attention.
What you have to do is take reasonable steps and measures that are in proportion to the value of the information, and in proportion to what others in your peer group are doing.
WT: How can you protect yourself from such suits when one of your products fails to repel a hacker?
Privateer: Products [and companies] that purport to provide iron-clad security, such as from some of the firewall vendors, are extremely dangerous because there is no lock made by man that cannot be broken by man. If you set yourself up in such a way that you say your lock is unbreakable, and somebody breaks it, I'm sure there is a lawyer out there who will come after you.
We take a different approach. We really talk to companies about the concept of risk management. We provide them with a way to assess their risk, and then to reduce the risk. We never make the claim that we eliminate risk because we think that is impossible.
WT: Will the government's increased focus on security boost your business?
Privateer: Absolutely. This country is extremely exposed to threats, both internal and external. We have no real problem in getting people listening to our story, that's the biggest effect [of the government's focus on security]. The reality is that less than 20 percent to 25 percent of security-related incidents really comes from external threats. In terms of where the real problem is, the Internet is less of a factor, although gaining ground. But it has got people thinking about security and has done us a great service. Now we are talking about information-warfare, and that has also got people to thinking about it.