Cloud disruption in Cyber Security

Recently we witnessed one of the most sophisticated cyberattack ever realized. An important number U.S. companies and government agencies were targeted and breached including U.S. Department of Defense, Homeland Security and Treasury. In addition, private companies including Microsoft was also attached.

The attackers compromised the software provided by SolarWinds starting in March 2020 and laterally moved within the system until July, creating opening ports spying on the network without notice.

The damages are not yet clear. But what is clear is that it will fuel the ongoing transition in the Cyber Security industry and that it will benefit a number of cloud security vendors that as Core we have been recently following closely.

Morningstar’s Cyber Security analyst Mark Cash indicated on the incident: “First, we expect incident response and remediation services to be in high demand as entities grapple with the immediate consequences of the breach. Next, we believe there will be a high attach rate of cybersecurity products with those services. Last, we believe that governments and businesses will hasten their adoption of zero-trust security architectures to provide enhanced protection. In turn, we expect these trends to boost growth for companies with leading incident response teams that can upsell products and provide a tailwind for firms providing zero-trust security offerings as customers become more aware of their threat exposure.”

PwC's latest survey finds that 96% of executives have shifted their cybersecurity strategy due to Covid-19 and 40% of executives say they are accelerating digitization. I believe that this attack has only increased this percentage. The consensus is that cyber security spending to increase by 20% in 2021.

One of the main reasons why attacks have been more successful in the recent period is that while the principles of data protection are the same whether the data in a traditional on-premises data center or in a cloud environment, the applications are however quite different when it comes to cloud security vs. traditional security. Moving data to the cloud introduced new attack-surfaces, threats, and challenges and it is much more dynamic therefore traditional static solutions are unfortunately outdated.

No alt text provided for this image
Cloud-native security solutions, built specifically to protect cloud resources, excel where traditional on-premises security solutions struggle. Looking at the current numbers, only 30% of workloads use cloud technology, and this could move to 55% by 2022 leading to a large increase in spending in the cyber industry.

Exploding endpoints and volume of data being accessed from remote employees made the situation very complex, which resulted in a next step of the cloud shift with some of the recently glorified cyber security names playing a vital role in this strategic change. Vendors specialized in advanced threat detection, zero trust architecture, data security, and identity security surged in terms of revenue and hence valuation.

The trend of moving to cloud required the use of container databases in building modern applications and the open-source software platform Kubernetes became a very popular way to deploy and manage those containers. Since cloud infrastructure is hyper-growing, Kubernetes and container security is naturally following the trend. There have been significant acquisitions going on in the sub-sector as well. Palo Alto Networks acquired RedLock for $173 million in 2018, Twistlock for $410 million and PureSec in 2020 and combined the products to create Prisma Cloud.

We believe that over the next decade, there will be a significant growth opportunity in cloud security. The vendors who will be providing the most effective and easiest to implement solutions protecting the critical cloud deployments within a hybrid platform will be the real winners.