We speak with Frost & Sullivan Industry Director of Cybersecurity Toph Whitmore about the cybersecurity market and how it will change as more companies head to the cloud. Whitmore also shares new emerging investor opportunities in the cloud-era cybersecurity market and the top cloud cybersecurity companies to know.
What are the factors contributing to the rise of cyberattacks and data breaches?
First, the nature of work has changed. Hybrid workspaces that span on-premises and remote work stretch security boundaries, extending attackable surface. Enterprises forced to rely on VPNs and perimeter-based security are more vulnerable to cyberattack now that every home office is a corporate branch office to be secured.
Second, cyberattacks are lucrative. Entire business models have sprouted up around threat activity. Threat actors have matured and not in a good way. Advanced Persistent Threat (APT) groups are frighteningly professional, patient and deep-pocketed (many are state-subsidized). As a result, attacks have grown more sophisticated, frequent and damaging.
Third, traditional hard-wired network topologies are vulnerable to attack. Period. Trying to thwart 21st-century threats with 20th-century technology is foolish, and yet many enterprises continue to try to protect antiquated networks with performance-impacting and ultimately unsecure hardware-appliance security stacks.
Where is the cybersecurity market headed?
To the cloud. Growth in the cloud ZTA (Zero Trust Architecture) market will sustain, with the cloud ZTA platform market growing from 30-40% annually over the next five years. Driving that growth will be enterprise security transformation: Organizations continue to aggressively transform from hardware-based security models to cloud Zero Trust Architectures. Growth will eventually (five years, maybe?) slow as enterprise cloud-based security adoption becomes ubiquitous.
All this portends further convergence between the connectivity and cybersecurity markets. Look to traditional networking companies to acquire, merge, or partner with cloud-based cybersecurity vendors.
There will be further industry consolidation in the cybersecurity space because of enterprise customers looking to simplify service integration: Customers are seeking cybersecurity "ecosystem" platforms. (It's easier to work with a single platform vendor than integrate multiple technologies. Also, more APIs can mean more cybersecurity threat risk.) Expect significant M&A activity in the coming two years as cloud ZTA vendors look to broaden their service portfolios.
What should investors looking at the cybersecurity market know and understand during this time?
For the next several years we're going to see a lot of enterprise security transformation. There are still so many organizations burdened by legacy infrastructure. There is significant growth opportunity in this market, as long as you can identify the vendors best positioned to take advantage.
There are two types to assess. First, traditional hardware security companies have an established base of security customers, many of whom are still tied to hardware and maintenance contracts (many of those enterprise customers have large security teams with hardware certifications).
Second, are what I call the "cloud-first, cloud-only, cloud-forever" cloud ZTA service providers. They offer a no-hardware approach.
Few large enterprises can make the leap from all hardware to no hardware overnight. For the traditional hardware-based security vendors, success will depend on how well they can transition those customers (especially their own) to a (dramatically different) cloud ZTA subscription and service model. For the cloud-first players, success will be measured on how well they can poach hardware customers and convince them to take the (full-scale) leap to the cloud.
What are some new emerging investor opportunities in the cloud-era cybersecurity market?
The activity in the cloud ZTA space has focused on large enterprise. The understandable vendor strategy seems to be "win over the Fortune 500 and the rest will follow." But the real business opportunity is in the middle of the proverbial customer pyramid: The vendor(s) who can figure out how to sell cloud ZTA security to the mid-market masses will make a lot of money.
What are some top cloud cybersecurity companies to know?
The usual suspects in the cloud ZTA space are Zscaler, Palo Alto Networks and Netskope. Other players include traditional hardware providers like Cisco, Citrix and Fortinet. I'm particularly interested in two other vendors: Axis Security and a little company called Google. Axis has extended its ZTNA capabilities to include internet security, taking it into the cloud ZTA market. More interestingly, it's poaching customers not just from hardware security companies, but other cloud ZTA vendors, making it one of the first vendors in the space to accomplish that. Google is now offering its BeyondCorp service to major enterprise, and, with its peerless cloud-edge distribution, could potentially disrupt the space (especially in small to mid-markets).
This interview originally appeared in our TradeTalks newsletter. Sign up here to access exclusive market analysis by a new industry expert each week. We also spotlight must-see TradeTalks videos from the past week.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.
Other Topics
Stocks Cloud Computing Cybersecurity
TradeTalks
Nasdaq
TradeTalks is Nasdaq’s regular series covering trading news, market trends and education.
Read TradeTalks' Bio