This year our biggest product category was access control. This seems right because as the enterprise morphs into a ubiquitous environment – with few if any borders – there needs to be a way to control who can access it and who cannot. With such challenges as cloud computing and SaaS, that is a bigger job than it may appear on the surface. In fact, it is a bigger job than last year.

I am getting ahead of myself. That is not the only access control story this year.

A big piece of the access control story is how to sell access control. There is a serious movement in the genre toward combining functionality. While each of the com­panies we looked at are relatively pure play within their product spaces, they also all are looking at ways to combine what they do with other aspects of access control. This is the trend toward convergence that we have been seeing for the past few years, but now it is driven by both economic and practical considerations.

And, lest we forget the technology, we see that the year has brought some enabling capabilities to this product group. The ability to provide access control services, as well as access control products, is both business and technology driven. But for the first time in my recollection, technology is not the primary driver. All of our innovators – especially those in this product group – are almost painfully pragmatic.

That pragmatism, a tough business climate and some interesting enabling technology (but not as much as in previous years), made up the access control stew. And while it does have a bit of a bit­ter taste – in that we did not see serious technological innovation – there is an underlying satisfaction in knowing that security vendors finally get it: It's not the geek stuff that is important sometimes. It's being around to innovate another year. And that means being driven primarily by business needs.