Small companies can create specific security solutions including those for the IoT. With consolidation, these companies could see big exits.
The following is a guest post by Rita C Waite (@ritacwaite), growth strategy & investment manager at Juniper Networks.
Last year the number of cybersecurity incidents rose 48% to over 42.8 million events. With over 117,339 attacks per day, hackers and malicious organizations pose an increased risk to individuals, enterprises, and governments. In parallel, enterprises are increasing their exposure, shifting their workloads to the cloud, and generating more sensitive data through IoT and mobile Bring Your Own Device policies, requiring better tooling to secure this dynamic environment.
The opportunity in security for investment over the last few years has been clear. The need for improved reliability and automation is requiring additional innovation and investment based on AI/machine learning, advanced cryptography, and orchestration technologies. According to CB insights, venture capitalists invested almost $3.8B into security companies in 2015, up 69% from the year before. While this traditional venture investment has slowed slightly in 2016, corporates and their Corporate Venture Capital (CVC) arms are expected to participate in an all-time high of 80 deals that will contribute $1.5B in funding this year.
Be circumspect when looking at the reports suggesting a slowdown of investment and M&A activity in the cybersecurity market. The combination of security incidents with increased exposure at the enterprise level points to opportunities for startups to think beyond traditional security frameworks and rebuild security from the ground up.
What is driving the opportunity?
Growing Security Budgets: Security budgets are expected to increase from 5% to ~15% of overall IT spend by 2020, according to a report from the SANS Institute. With the priority of digital asset protection in line with that of physical assets, companies have been pressured to expand the role of information security in their organizations, beginning with their budgets. Security has become a core piece of any business, warranting its own resources, departments, and deliverables.
Efficacy First, Integration Second: With new threat vectors created every day, companies are pursuing a layered approach to their security strategy, choosing best of breed solutions for their security requirements. This fragmented market is creating an opportunity for small organizations to solve very specific problems, focusing their resources and creating environments for success. This fragmentation will lead to an eventual consolidation, as companies with differentiated approaches get picked up and the market moves towards a more integrated solution — on the way creating rich exit opportunities.
Accelerated Cloud Adoption: The cloud is a highly distributed and dynamic environment with its own security requirements. According to Gartner, security and privacy concerns are the top inhibitors to public cloud adoption. Companies moving workloads to the cloud need new tools to centrally manage security policy and monitor network activity. Visibility and control over all workloads and tasks within a cloud computing environment remains a challenge. There is a clear need for integrated and automated security solutions to provision and enforce policy across all workloads, enabling the full potential of the cloud.
Securing IoT: Security is the biggest challenge for the Internet of Things (IoT). Decentralized IoT devices are difficult to manage and often deployed with security vulnerabilities. These devices and platforms are built on simple processors and operating systems never intended to support complex security technologies.
The IoT vulnerability was most clearly articulated recently in the widespread DDoS attack on DNS provider Dyn. While all devices were shipped with a default password, a preventive measure would have at least made it more challenging to commit (like a required password reset from the onset). This illustrates a need for more automated and flexible data in IoT devices. Machines need to be more intelligent in order to process real-time data, communicate in real-time, and have automated reactions to accommodate incidents like the attack on Dyn.
Rethinking the ‘slowdown’ narrative
Recent reports have suggested a slowdown in investment, implying a shrinking market and declining opportunity. This is not the case. Enterprise spending is higher than ever — both in budget and private placements. These dollars are going to niche solutions targeting very specific problems, creating the perfect environment for small, agile companies to grow. At the same time, market forces are pushing more applications to the cloud and interests toward IoT — both of which share glaring security concerns.
Solving the security problem is a moving target with the highest stakes. From what we can discern, there are great opportunities for investors out there.
Rita Waite is the Growth Strategy & Investments Manager at Juniper Networks where she focuses on emerging networking technologies. She is Juniper’s representative and observer to the Board of Directors of several portfolio companies. Rita is also a VP of West-to-West, an organization that promotes and supports Portuguese entrepreneurship in Silicon Valley. Rita graduated from the University of San Diego with a B.A. in Economics.