A number of high-profile security breaches over the last two years is driving IT pros to rethink their approach to security. More than 300 million private accounts have been breached in attacks at some of the largest U.S.-based companies as well as the federal government. A common theme among the breaches at Target, JP Morgan, and Home Depot is that the companies lacked a comprehensive security strategy that tied together multiple layers of security, according to research by my firm, the Rayno Report.
By Scott Raynovich
This era of heightened security risks combined with growing use of the cloud is leading to a broad shift in security architecture to cloud-based and Software-as-a-Service (SaaS) security models, according to Rayno's "Next-Generation Cloud Security" report. Enterprises are finding they need a wider range of tools geared toward the cloud. They also need a coordinated strategy for monitoring and responding to threats at the highest level of the company.
“If we rewind the tape, our security systems could have been better,” Frank Blake, the former Home Depot CEO, told The Wall Street Journal after retiring. He said his company needed to place a greater emphasis on data security: “Data security just wasn’t high enough in our mission statement.”
The types of security software and tools that can be included to monitor data and networks is vast, including: endpoint monitoring, encryption, email security, web security, identity and access management, intrusion-detection systems, network firewalls, virtualization security, database security, data loss prevention, and distributed denial-of-service (DDoS) protection.
With an expanded number of security tools, corporations need to implement systems that work together and are increasingly automated. One model is to tap into systems that can monitor threats in the cloud and generate an automated response, such as shutting down access to a system when suspicious activity is discovered. This model, usually with a subscription element, promises more proactive security.
Almost $600 million in venture capital has been pumped into cloud-security startups in just the last few years, according to the Rayno's cloud-security research report, which looks at 23 private and public security companies.
Zscaler is the latest "unicorn" to be created out of the cloud-security surge. Unicorns are private, venture-backed companies that reach $1 billion in valuation. Zscaler recently announced it had received $100 million in Series B funding The company has raised a total of $138 million.
The security drive has led to a boom in the revenues and share prices of security leaders in the public markets. The Rayno Report's analysis of the public pure-play vendors in cloud security shows they have grown from $2 billion to $4 billion in revenue in just three years, with a compound annual growth rate (CAGR) of 24%. Market leaders FireEye, CyberArk, Palo Alto Networks, Proofpoint, and Qualys are showing huge gains in the past year.
The fear and need driving the investment in security is not likely to slow down any time soon. This indicates that the Fortune 500 companies are now playing “catch-up” with regard to security technology.
It's clear that enterprise IT managers are beefing up their security technology and developing new strategies for defending against the bad guys, especially in the cloud.