VCs still hot on security

Venture capitalists continue to pour money into the IT security segment as emerging attacks and compliance demands pave the road for future spending among customers.

Market watchers, including the Computing Technology Industry Association (CompTIA), have predicted significant growth in corporate IT security budgets for 2008.

In a recent survey of just over 1,000 companies conducted by the industry group, more than 50 percent of respondents said they plan to spend an average of roughly 20 percent more on security technologies and services in 2008 than they did in 2007.

Based on that opportunity and the wealth of new security companies coming into the market backed by strong technologies and qualified management teams, VC experts say that they will channel more funds into the sector this year in the hopes of getting behind the industry's next big thing.

Among the leading areas for investment, they say, are companies building technologies aimed at addressing issues of data protection and applications security.

"We believe that companies looking at protecting applications and data is a fertile area, there are a lot of VC-backed companies that have been funded that have attacked different elements of the problem, but there's still a huge corporate need and plenty of room for innovative companies to succeed," said Justin Perreault, a general partner with Commonwealth Capital Ventures.

"I think we'll continue to see consolidation in the space because ultimately, companies don't want to deal with 20 different vendors, but there are still a lot of opportunities for companies to get to market with IPO or acquisition exits available to them long-term," he said.

One of the companies that Commonwealth has put its money behind to that end is Ounce Labs, a maker of applications source code analysis tools. Perreault said that his firm believes that customers are already buying into the concept of using code-scanning technologies to address the issue of data leakage and that companies such as Ounce that can automate the process without placing an additional burden on software developers stand to benefit from the trend.

At the same time, areas of the security market such as the NAC (network access control) and DLP (data leakage prevention) segments may have already worn out their chances to garner new investment from the VC community. "The truth is that so many security sectors are already wildly overfunded with too many companies, they may even have great ideas and technologies, but there are just too many," Perreault said. "With NAC and DLP, there are probably more people than the market can support or than there are large companies to buy them all up."

At the same time, VCs need to remain mindful of the idea that there are always opportunities for companies to enter an already crowded space and revolutionize things in some way. The most common example of that scenario is the rise of a company such as Google in the search market, but issues, such as managing spam, that have been addressed by vendors for years clearly still have a chance for innovation, said Paul Maeder, co-founder at VC firm Highland Capital Partners.