Bessemer has funded 16 security startups--more than any other traditional VC firm--but there are some areas of security that even we have never funded, despite the large number of these projects getting funded elsewhere. These opportunities fall into my Anti Road Map (without which I could never focus on my real road map)...
Biometrics: too expensive to deploy in large communities, and still easily defeated by slipstreamers and man-in-the-middle malware (as explained in prior posting Doomsday Hackers and Evildoing Robots). And as Bruce Schneier points out, it's easy to change your password--but what do you once your retinal scan is compromised?
Homeland Security: long sales cycle, and hard to find enough commonality across governmental bodies to build repeatable businesses.
Single Sign On: requires way too much ongoing integration to be useful. Think about the last Universal Remote Control you bought--it ends up as just one more remote control on the coffee table. (The one promising exception may be Encentuate.)
Mobile firewalls: Eventually this will emerge as a real category but enterprises won't roll this out until (i) widespread attacks cause real pain, and (ii) mobile devices converge to one or two operating systems.
Enterprise Document Rights Management: Boy, we've seen some terrific work done in this area by startups like Authentica and Alchemedia (acquired by Finjan), but Microsoft will own this space. The embarassment from leaked documents is too episodic for users to regularly define permissions, and enterprise initiatives often lose steam, yielding to more chronic pain points. Plus, the damage is too intangible to quantify, limiting price.
Innovations in Cryptography: Does it matter whether it takes one billion computers or 100 billion computers to decrpyt a key? Cryptography today is the strong link in the chain--the key is simply not a vector of attack, nor will it be any time soon.
As a scientist and a skeptic, I welcome disagreement. Hopefully I have provoked some entrepeneurs among you to convince me I am wrong, either now by posting, or later on your IPO prospectus. Indeed, there is always room on Bessemer's Anti-Portfolio for the next great Enterprise DRM company!