The cybersecurity industry continues to experience impressive growth. According to research conducted by Momentum Cyber, nearly $22 billion went into the industry in 2018---$6.2 billion of which were investments. Hybrid cloud environments have shone particularly bright within this segment. As more enterprise organisations migrate to the cloud, hybrid cloud security is poised to dominate the sector in the upcoming years. This trend has been highlighted by the recent acquisitions of Israeli start-ups Twistlock (acquired by Palo Alto Networks for $410 million) and Luminate (acquired by Symantec for $200 million). Industry experts predict that these gains are part of a genesis of the “Hybrid Cloud Era.”
Insight from Dino Boukouris, Director and Founding Member at Momentum Cyber, best captures the enigma of the cloud security market: “People are looking for solutions that can protect them across hybrid cloud environments. How do we handle this infrastructure that's currently shifting?” Given the above figures, savvy investors and entrepreneurs must consider where else outsized, undercapitalised market dislocations lie in cloud security. The pace of change in the industry makes navigating the opportunities quite a challenge for investors.
As a partner in a VC firm exclusively investing in cybersecurity, I think Dino’s words hit particularly close to home. Cloud security—especially for hybrid environments—has occupied the bulk of our focus in recent years. We’ve kept our ear to the ground as innovation in the field proliferates and commercial enterprises move towards cloud dependency. We collected insights from leading CISOs and security professionals to learn more.
Defining the exact scope of hybrid cloud, and how it differs from general cloud security, is crucial to understanding its potential. Enterprise cloud infrastructure is categorised as hybrid cloud when it runs in both public and private clouds. Jay Leek, Managing Director at ClearSky Security, defined it best while describing his interest in it as an investor: “hybrid cloud is really where it's at, because while you’re moving to the cloud (and even once you're in the cloud), you’ll have legacy stuff that's going to remain there.”
Our interest in the cloud security market stems from two strongly held beliefs. First, that enterprises will require best-of-breed third-party solutions to secure modern cloud architectures that are increasingly both multi-cloud (i.e., spanning across two or more public cloud providers) and hybrid cloud (using both public and private cloud environments); and second, that the recognised shortage of security professionals is even more acute when it comes to cloud security expertise. Overall, we believe that securing cloud environments presents one of the biggest opportunities in the market today.
Why hybrid cloud security is more relevant than ever
Insight from Brendan Hannigan, CEO and Co-Founder at Sonrai Security and Entrepreneur Partner at Polaris Partners, expands on why hybrid cloud will continue to experience growing attention. With the explosion of virtual machines, containers, micro-services, and multiple public cloud providers, comes a radical shift in how applications are developed and maintained. According to Brendan, security teams find themselves with “huge sprawl across multiple cloud providers, across multiple cloud accounts” that need to be accounted for and properly secured. He cautions that it is paramount “to imagine how we will secure these environments in the future, because it's not going to be about firewalls, intrusion prevention systems (IPSs), and next-gen firewalls, or even next-gen SIEMs ... everything will be associated with protecting decentralised data centres and sprawling networks.”
Hybrid cloud challenges present opportunities
While the future of cloud might present unique challenges, Glenn Chisholm, CEO and Co-Founder at Obsidian Security and former CTO at Cylance, believes that these challenges drive new opportunities for innovation. Cloud fundamentally disrupts how enterprises look at crucial functions such as identity, visibility, and response. Organisations must change how they navigate these straits to accommodate the industry’s constant output of new offerings and available technologies. Finding and bridging these new gaps requires great inventiveness and innovation, and also provides the industry with ample opportunity for growth.
Alex Doll, Founder and Managing Member at Ten Eleven Ventures, has witnessed this exact principle manifest into real market effects first-hand. According to him, “many of the world's major enterprises have built elaborate compliance regimes for current and legacy operations, but haven't yet figured out how to apply them to hybrid clouds.” Companies are rushing to embrace the cloud because they are seeing the benefits of economies of scale, flexibility, and efficiency. However, it has taken longer for enterprises to gauge how to take existing HIPAA and PCI protections and move them into the cloud (let alone dealing with GDPR and other types of compliance). According to Alex, “translating these pre-existing regimes into the cloud will be a big deal.”
There are crucial lessons to gain from this looming transition. According to Glenn, “All of these technologies come to solve a problem and, ultimately, if you're going to look at a scenario and build something to address it, you need to think about it in current and future context. How does the enterprise do what it does now? How is the enterprise going to do what it does in the next five years? Where is the gap?” For entrepreneurs and security teams alike, anticipating the future state of cyber and developing a plan for tackling the challenges of tomorrow will be crucial for ensuring success.
Strategic advice for entrepreneurs looking to innovate in the space
While our industry advisors and fellow investors are excited about hybrid cloud, the sector is simply one of many potential avenues of future growth. The universal growth of cybersecurity presents opportunities across the entire security sector. Haiyan Song, SVP and GM of Security Markets at Splunk, maintains that entrepreneurs must avoid framing their offerings as purely IT solutions and present them as business solutions instead: “Make sure to apply data to what matters to their business, because security is no longer an IT problem; it's a business problem.” The better you can apply that knowledge to a customer’s unique business and security challenges, the better they will respond. In a similar vein, Jay Leek urges entrepreneurs to employ AI/ML as more than just a buzzword and actually put such technology to use. “Nearly 100 per cent of companies pitching us claim they use AI/ML, but roughly 98 per cent don’t use it in any way that matters. The 2 per cent or so that actually do manage to accomplish something with these technologies are massively disruptive and can truly make an impact.”
The next step is figuring out how to communicate your innovation to customers. Alex Doll recommends being pragmatic about the competitive landscape and where your solution fits within it. “Today’s cyber market is so crowded that you’re unlikely to come in with an idea that’s truly brand-new.” Entrepreneurs would be wise to avoid trying to invent a new market and should think carefully about how they plan on uniquely positioning themselves within existing structure instead. It is best to focus on how to differentiate yourself when bringing something new to market and significantly more straightforward than attempting to explain something entirely new.
In this vein, it is critical to have clear guidelines on how to determine and hone your message effectively from the earliest stage of your business development, so that your positioning resonates with potential customers. Glenn Chisholm recommends that entrepreneurs: “choose [their] investor very wisely, because at different stages of your company, you want different things.” He stresses the importance of recognising the opportunity in keeping an open mind: “It’s not all about the money, it’s about diversity of opinion. If you walk into a room and you have homogeneity of thinking, I'll guarantee you're going to lose.”
Ofer Schreiber, partner, YL Ventures