Some comments
from an industry analyst I have corresponded with. Take it for what it's worth. It's only one analyst and it's still early yet. Plus, it's a singular perception, but one I would think needs to be addressed for Wave to become ubiquitous. And it would sure be nice to have more concrete info. Planting flags is great, but who will be capturing them?
Analyst:
Thanks for the question. The TCG is a "worthy" group - the main players are the big names in the industry, and as such, [company] welcomes the idea. The problem is the same as all other industry groups - we have many players, each with their own agenda. In this example, we can look at HP, who have the old Praesidium security stack, and Intel with its LaGrande on-silicon security initiative, trying to work with IBM (Tivoli security) and AMD (little security, but sure aren't going to go for LaGrande). Where the TCG's strength lies is in the area that it is trying to play - embedded computing, where the level of proprietary solutions is still high.
The biggest problem we have found with industry groups (and yes, I know that the TCG has been incorporated as a not-for-profit organisation, but it is still driven by the big vendors) is that it tends to lead to a set of low- to mid-level standards that are then supported by each vendor "110%" - and the extra 10% causes all the problems. If Intel pushes LaGrande technology down into XScale, then they will be able to link pdas, phones, computers, telemetry and other systems at a security level built into the silicon - but they'll make sure that the interfaces meet the TCG's standards. If AMD then wants to play, they will need to emulate the LaGrande technology - and will be at a disadvantage to Intel. Although Intel has a big interest in embedded systems, it will still be taking the bigger picture view of cross-platform security - as will HP, IBM.....
Industry groups can also act as a brake to innovation - what happens when all the base TCG standards have been agreed? A member comes along and says "Our market has identified a specific issue that we must address quickly". Everyone else sits there and looks at ways that they can profit from this - do they already offer a solution? Can they make the "new" standard work to their advantage? Getting a RFC through to being part of a core standard is becoming far too long winded - even within groups that are less vendor driven (e.g. LDAP security took 5 years from inception to agreement - and it's still not enough).
Bottom line is that any group that works together to drive a modicum of standardisation is welcome, but it will never solve the underlying problem: that the world changes, the markets want innovation, and innovation and open standards do not fit well together.
If you want to discuss this more, please get in touch.
Me:
Thank you for the response. I am an investor in a small company called Wave Systems and I am trying desperately to understand the space and their place in it. Unfortunately, they have not been as open or clear as they should be with the information I should have as an investor. (Whether due to conditions imposed on them by bigger vendors or for competitive reasons, I don't know that, either.) So, it leads me to canvass and query whatever sources I come across that has some familiarity with this new security space. Any clarity you provide would be welcome.
Analyst:
I can't really comment to an in-depth level on Wave, but my understanding is that they are but a piece in the overall security jigsaw. I don't believe that they have a fully comprehensive offering against the likes of CA, Symantec or NAI, nor do they have the reach and brand of an RSA. Wave has created itself a strong niche in the motherboard security area, but as to how sustainable or profitable this could be in the longer term, I leave to your imagination.
However, if they can work with the likes of, say, IBM or Philips in the telemetry side of things and create trusted computing security solutions between vehicles, home and business environments, it becomes something a little stronger - but IBM is likely to say that they already have great chunks of this themselves (although I believe that they do already utilise Wave in some of their areas).
Overall, I would expect Wave to either become a target for acquisition (but I would expect them to have an over-inflated expectation of value, based on their higher-stack security solutions that cannot fully compete in the market due to brand and reach), or to languish as a low-end security niche player.
With the security market being in such a flux at the moment, I am not surprised that you cannot get the information you would like from Wave - they probably have little idea of the way forward themselves. Everyone says that they want security - few know what it means, and fewer are willing to pay the right amount for it. Wave's messaging does not seem to clear up much of the ambiguity, and is based on "ultimate" security messages, rather than "suitable" security (the first being unobtainable and expensive, the second what companies will actually buy). They will have watched many of their peers disappear into larger companies, and will either be worried by the prospects, or will be excited that it could happen to them - both views distracting from the need for a strategic roadmap.
Device security will be a big area in the near future - but IBM already has a lead, and the likes of RSA have a strong market presence. Without extensive marketing and brand profiling, Wave cannot hope to be a big player.
Me:
Thank you. May I share our correspondence with others?
Analyst:
Who do you wish to share it with? I would prefer to give a view like this directly to Wave, rather than them finding it through a secondary channel. If it is to be shared amongst a controlled internal group, then feel free.
Me:
An online investors forum. If you prefer not, I understand. We all seem to be flopping around guessing as to what direction the investment will go. have you tried contacting Wave? (www.wave.com)
Analyst:
You can put my comments in if you wish, but I would prefer them to go in under "an industry analyst said..."
I have had contact with Wave in the past - as I said, there are some strengths there, but I do not see them as being strong enough in brand and marketing to be long-term viable. As an investor, I would only be looking for the exit strategy option.
