➤ Election security in 2020 will broaden as the campaigns, municipalities and the federal government increase investment.
➤ Fragmentation in the industry complicates government and election security solutions.
➤ While innovation is good, consolidation of niche providers will continue in order to address broad cybersecurity issues across government and industry and simplify the business.
Ron Bushar, FireEye government CTO
While enterprise security is driving much of the growth in the cybersecurity industry, government solutions are also growing as rapidly as headlines about election hacks and foreign espionage.
About 30% of FireEye Inc.'s business comes from world governments, said Ron Bushar, FireEye's chief technology officer for government services. The company offers an election security package that combines infrastructure technology with preparedness and mitigation, and it recently added a free public resource on election security.
S&P Global Market Intelligence recently discussed the trends and industry surrounding government security with Bushar. What follows is an edited version of that interview.
S&P Global Market Intelligence: Does part of your election security product cover social media manipulation?
Yes. We provide social media monitoring ... we also look for amplification of fake accounts or creation of fake news sites, and we work pretty closely with some of the big social media providers. It seems to be more focused lately with some of our federal government partners, where they're trying to counter some of that.
Do you have to be careful about avoiding conflicts of interest representing security for various governments?
Yes, of course. There's always a balance ... and we only support countries and governments protecting themselves, not going after others. That's a different world. This is a little bit different than selling iPhones. There are certain countries that we made the determination we just won't do business with them, from a government agency perspective. You have to forgo some markets.
Looking at the fragmentation in the industry, is that a problem for creating effective solutions for elections?
It's a real challenge. It's not like we're creating ride-sharing apps, right? A government agency or a board of election, they have a limited budget already, and you're asking them to take their limited budget and focus on security, and they're only going to have one shot at it, so you've got to get it right. You can't just easily pivot to something else, because these systems have to be certified, they have to be tested, evaluated.
I think you're seeing fragmentation because there's so much money pouring in. There are a lot of opportunities for investment. But I think you see a lot of very niche products or very edge solutions. I don't want to take innovation out of it because you need innovation, but if you focus on one product set in security, it's such a broad area you probably miss eight other things.
I think there will be a lot of consolidation because organizations can't afford nor can they manage hundreds of tools and applications. That's not just a security issue, that's simplification of IT platforms in general. None of it is bad. Like I was saying, there's a lot of really cool innovations coming out in the market, but I think if we focus on widget solutions we lose the bigger picture, where you have to build a strategy and structure that makes sense as well.
Can you comment on the reports that FireEye is considering a sale of the company?
No, but I know that we've been on the other side of it. If you look at our history, it's been buying solutions to fit into a more holistic strategy since 2013 really. We've been heading in that consolidation and platform direction for a very long time, believing that's the way organizations want to buy and the way security needs to be delivered. The cybersecurity market is very chaotic. It's fragmented. It's very complex messaging, sometimes very inconsistent and conflicting messaging. It's not the prettiest industry these days.
One positive is the big platform players out there, the Google, Microsofts, Amazons of the world, they're building, I would say, security 101 into the platforms, where it's baked into the foundation or it's an add-on. I think that's a great starting point.