HP going big on security?

A quick poll of industry analysts taken in the wake of HP’s SPI Dynamics acquisition finds mixed perceptions over the notion of HP staking a serious claim in the security industry in the coming months and years — at least in the same mold that rivals such as EMC, IBM and Microsoft have jumped in with both feet via their own aggressive MNA strategies.

On one hand, some believe that HP has merely made a very strategic move in adding Web applications and software vulnerability assessment tools in the form of SPI to its portfolio of software development assets (much in the same way IBM added code scanning tools via its buyout of Watchfire earlier this month).

On the other hand, some believe that HP will begin to take steps in rounding out its security product and service portfolio in the same manner that EMC did via its buyout of RSA, IBM via its buyouts of ISS and Watchfire, and Microsoft via its long string of acquisitions of smaller security vendors including FrontBridge Technologies, Giant Software, GeCad, Whale and Sybari, among others.

(It’s also worth noting Google’s step into the security game, most notably via its recent acquisition of GreenBorder.)

For its part, HP denied having a broader security acquisitions strategy in place on its conference call with reporters and analysts today.

“We’ve done three acquisitions in the ID management space, since then this is our first security-related acquisition,” said Sandeep Johri, vice president of strategy and business planning for the Software Business Unit at HP. “We are not setting out to become a security vendor as in a prevention vendor from a firewall or thoroughbred security perspective.”

Johri also offered a monosyllabic answer of “no” when I asked him if HP harbored security platform plans like its rivals, and he said that HP had been courting SPI for a year-and-a-half, and that the deal was not a reaction to IBM’s Watchfire buyout.

A roundup of analyst quotes on the topic at hand:

-Chenxi Wang, Forrester Research:

“HP is definitely trailing product and service-wise in security, [SPI] will give them a much-needed boost, and I think there will be other areas of investment. I wouldn’t be surprised to see them strengthen in the security services area much as IBM has done with ISS.”

(It’s worth noting that Dr. Wang worked previously as an independent consultant with HP’s Labs group, though on utility computing projects, not pure security issues.)

–Jon Oltsik, Enterprise strategy Group:

“If you’re doing big deals these days you need some security expertise, either through partnering with others or doing it yourself, but if you’re doing business process outsourcing or building a development environment, as HP is, security has to be part of it.

There have been rumors of HP getting into the security space, and if they do it makes sense to jump in with both feet. There is the rumor that HP would try something big like a buyout of Symantec, but I think that’s a stretch at this point. HP has OpenView and ProCurve and professional services in its portfolio, and they can cherry-pick smaller, high-value startups like SPI and build on that portfolio.

Symantec would be a big pill to swallow, and I’m not sure the smoke from HP-Compaq has ever cleared completely, so, that is a deal that would surprise me. But, there is McAfee, Secure Computing and CheckPoint, and a lot of companies in the multi-$100 million revenue range that could certainly fit into HP’s plans.”

–Joseph Feiman, Gartner:

“HP won’t try to become a network security provider; the most probable concentration point for security in the company is becoming part of the security testing team, as with the SPI deal.

Some customers do see a panacea from their security problems in a single vendor that provides everything in one, and from that viewpoint, HP, with penetration into enterprises, has added another piece on the applications testing side, as with IBM-Watchfire.”

-Chris Christiansen, IDC:

“HP is very interested in the security space, especially in some of the more high-growth areas. As a purveyor of servers and systems management, storage management, and networking management solutions, it makes sense that they would have a greater presence in the security market and look to profit more highly from security.

They seemed to be open to more acquisitions in the space when I spoke with them. Likely areas could include security-enabled compliance, e-discovery, NAC, messaging security, and content filtering and control around data leakage and information protection and control.”