[wp_tech_share]

 

After being canceled in 2021 and postponed numerous months this year, the 2022 edition of the RSA Conference (RSAC) finally went into the books last week. Perhaps throwing a bit of caution to the wind–we are still in a pandemic after all–I met with nearly 40 vendors, 23 of them consisting of at least a 30-minute conversation and sometimes a couple of hours. In this blog, I summarize three takeaways from my week at RSAC 2022.

  1. Buzzwords starting with ‘S’ keep coming: SWG, SD-WAN, SASE, and now SSE

The industry likes buzzwords that start with ‘S’ for whatever reason. The first ‘S’ came some twenty years ago with the arrival of SWG (Secure Web Gateway). Then came the second, SD-WAN, around a dozen years ago. After that, things were quiet until three years ago, when the third, SASE (Secure Access Service Edge), arrived. And the most recent, SSE (Security Service Edge), emerged last year and was in full view at RSAC 2022.

So why SSE? I blame the pandemic.

The pandemic caused an explosion in remote work that exposed severe inadequacies in enterprise IT networks to handle large numbers of remote workers. Fortunately, a crop of vendors–most with a SWG pedigree–were poised to help with their cloud-based security that was ideal for remote work. But SWG was a twenty-year-old marketing term and no longer cool. So instead, vendors wrapped themselves in the SASE mantel.

Confusion ensued since there were competing narratives by networking vendors, who ironically were primarily SD-WAN vendors and tended to remain more faithful to the original SASE premise of network and security convergence. So instead of picking sides, the industry created a new term, SSE, to let security vendors distinguish themselves. So yes, today’s emerging SSE vendors are, in many instances, yesterday’s SWG vendors. What’s different about SSE than prior SaaS-based SWGs is that now multiple security functions run in the cloud, such as CASB (Cloud Access Security Broker), ZTNA (Zero Trust Network Architecture), and FWaaS (Firewall-as-a-Service).

At RSAC, there wasn’t much talk about SD-WAN, but there was about SASE and SSE. It was humorous to hear certain security vendors sometimes use SASE and SSE in the same sentence as if they were freely interchangeable. On the one hand, they were trying hard to check off all the buzzwords, but on the other, a clear symptom of immature markets.

 

  1. Traditional Network Vendors Double Down and Get More SASE

Two stalwarts of the enterprise networking landscape, Cisco and Juniper, introduced updates to their SASE portfolio.

Cisco has had all the pieces to deploy SASE for some time, but there was no substantive integration. At RSAC, they introduced a new strategy to build a tighter integration between the Cisco SD-WAN and SSE (Umbrella) houses through a new unified manager based on the Meraki cloud management platform. Moreover, Cisco intends to sell everything, whether the cloud service or the hardware, as a subscription.

Meanwhile, Juniper has improved its recently introduced cloud-based security platform, Secure Edge. At RSAC, they announced the addition of CASB and DLP (Data Loss Prevention) services to Secure Edge. Like Cisco’s management approach, they also have a unified manager, Security Director, spanning SRX firewall elements and the cloud-based Secure Edge.

Both Cisco and Juniper are taking an interesting approach to SASE. It’s not all in the cloud since the networking/SD-WAN piece is still effectively on-prem, but nor is it disaggregated bag of parts. They’ve provided me with a lot of food for thought that I plan to infuse into my upcoming SASE research.

 

  1. Cloud Workload Security Remains a Smorgasbord

Over the last half-year, I’ve been meeting with vendors large and small to understand what cloud workload security, i.e., securing apps/workloads moving to a cloud architecture, means to them. From the onset, things have been cloudy (no pun intended).

On the one hand, we can all agree that the enterprise shift to the cloud is a significant change in IT architecture. The challenges, nuances, and caveats that must be dealt with during the journey from a traditional on-prem legacy app enterprise to a cloud-based, cloud-native app enterprise are significant.   It’s a problem-rich environment that has given rise to dozens, if not hundreds, of security vendors.

On the other hand, the marketing most cloud-focused vendors use to describe themselves is on the verge of hyperbole. But it makes some sense why this is. Considering there are so many problems and challenges to solve, there isn’t any one company that solves them all or even close. So in a landscape that still requires many technologies from many vendors to solve most cloud problems, what does an individual vendor need to stand out? That answer is that they lean heavily on marketing and make it seem like they cover more than they do.

At RSAC, I met with a handful of cloud-focused security vendors, which only reinforced my conviction that it is a smorgasbord of products and overly creative marketing and far from being a single product or even a handful of solutions. Some vendors focus on threat detection. Some focus on risk and compliance. Others focus on the identity implications. Others seek to protect container communication. It’s a literal zoo of vendors. However, in this zoo of vendors, there are some emerging delineations.

Give me any cloud-focused vendor, and I’m pretty sure they’ll fit into one of three significant buckets,  code security (coding/build security),  IaaS/PaaS platform security (ensuring the runtime platform is as secure as possible), and app/container security (runtime security). I’ll be delving deeper into cloud workload security in an upcoming advanced research report. Stay tuned.

While not a numbered takeaway, my parting thought is that after two years of working exclusively via video conference, I’ve concluded that it doesn’t replace face-to-face meetings. There’s a quality and richness that face-to-face brings that current video conference technology fails to replicate. As such, I look forward to upcoming opportunities to engage the security community in person and the next RSAC in April 2023.

[wp_tech_share]

I recently had the opportunity to moderate a panel for the Business Innovation Leaders Forum that brought five veteran security executives together to discuss contemporary CISO demands and challenges. On the five-person panel, I had two CISOs at major multi-billion firms, the former Deputy Director of the U.S. National Cybersecurity division, the godfather of Zero Trust, and the Executive Vice President for the cloud and security business at a major telecommunications company.

This blog summarizes five takeaways that stood out from our discussion.

  1. The COVID pandemic has been both a crisis and an opportunity

The pandemic has been an enterprise crisis. The pandemic compounded the rate of technology and threat change, which was already a source of discomfort for many enterprises. Two key examples are the shift to remote work and the acceleration of enterprise digitalization (the shift and embrace of public cloud for enterprise apps), each of which has thorny security problems to solve.

But the pandemic has also been an opportunity for enterprises. The massive disruption caused by the pandemic has provided the impetus for new ways of looking at security problems and has driven investment that in a non-pandemic environment would not have been possible.

  1. Enterprise users have and will continue to pose a complex security challenge

If a CISO’s job wasn’t already challenging enough, they need to contend with enterprise users being humans that flourish off three Cs: curiosity, convenience, and comfort. Curiosity will lead to users doing unexpected things that may open security holes. Likewise, users will defeat security measures they find inconvenient. Passwords on a post-it note, anyone? The pandemic-induced need to work remotely has caused many users to appreciate the comfort of working at home and no longer want to commute to the corporate office. Yet, remote work has enormous security implications compared to the traditional office environment.

Rather than fight the users and change behavior, a CISO needs to continually evolve and always look for new security controls that match the current user landscape and behaviors.

  1. The threat landscape is not only more brutal but innovating faster than enterprises can counter

Not only has the Internet threat landscape gone from being a tough neighborhood to open warfare, but the threat actors are moving at a blinding speed. Threat actors aren’t constrained by processes like enterprise change control, which is valuable in preventing unintended IT instability, but often leads to slow, glacial response during an active attack.

So what’s a CISO to do? While there’s no panacea, the panelists repeatedly remarked on the need to focus on the security fundamentals, like knowing what in the enterprise needs to be protected and developing a solid security plan focused on that needed protection.

  1. Security vendors are a double-edged sword: New products are distractions, yet relationships are key

The security vendor landscape is highly fragmented, with hundreds of products vying for CISOs’ attention. New products are a dangerous pitfall. Persuasive vendor marketing for new products may lull CISOs into thinking they need the product even though the reality could be the opposite. Unless a CISO is working off the knowledge of what needs to be protected in their enterprise and a robust security plan, a CISO can’t assign security value to any new product.

However, a CISO is not to shirk all vendors.   The panel agreed that relationships play an essential role, particularly with those select vendors seen as trusted and willing to listen to the CISO. Bi-directional communication is vital to help vendors develop security controls and technologies that benefit the enterprise.

  1. Zero-trust is a strategy, not a product: The folly of mixing up strategy and tactics

Among hot industry buzzwords, “zero trust” has been white-hot recently. Vendors of all stripes have applied the buzzword to their products and looking to turn zero trust into a product sale. “Buy my product, and you will have zero trust,” say many security vendors. However, the clear consensus of the panel was that zero trust isn’t a product but a strategy–and a valuable strategy at that.

Putting the value of zero trust aside, this situation highlights how easy it is to mix strategy with tactics. A CISO that buys a “zero trust” product from a vendor may think they are covering all necessary security bases. But, the reality is that this CISO is stuck in the tactics that may or may not align with the strategy that the enterprise needs to follow. A CISO that doesn’t have a coherent strategy – anchored to knowing what needs to be protected and having a good plan – is at best wasting IT budget on products that minimally improve security posture. Still, at worst, creating a false sense of security that eventually will lead to an enterprise being compromised.

There are several more key takeaways from the discussion, and I highly recommend watching the playback. However, if there were a common thread among all, it’s that CISOs face a wide variety of challenges that can only begin to be addressed by a diligent focus on doing the fundamentals right.

 

Watch the on-demand video:

CYBER SECURITY – MEETING CISO DEMANDS

[wp_tech_share]

 

Scoring 2021 Predictions and Looking to 2022

Happy New Year! It’s an excellent opportunity to reflect on our 2021 predictions and share what we believe 2022 has in store. First, though, we need to temper our enthusiasm for projection by the fact the Covid pandemic continues to throw unexpected curveballs. Let us hope that the latest omicron variant is one of the last, if not the last. Nonetheless, let’s take stock and grade our predictions from a year ago first.

A year ago, we made three predictions for 2021:

  1. Enterprises will embrace the Work Anywhere securely mentality and make cloud-native SASE solutions mainstream
  2. Cloud-centric security will continue to grow faster than the overall market
  3. Firewall revenue will rebound after a meager 2020

On our first prediction, we can definitively say that enterprises embraced Work Anywhere based on the pandemic still forcing remote work in 2021. But beyond being forced remote workforce, we continued to hear how enterprises codified officially the role hybrid work will play long-term.  Full-time remote work may not the new normal, but a blend between some days on-site and some remote will be. Hybrid work is no longer an employee perk but an expectation.

However, we did get wrong that SASE solutions would go mainstream in 2021. While SASE as a mandate did gain in importance, only a minority of enterprises deployed SASE fully. Moreover, a larger than expected swath of enterprises chose to stay with a traditional Firewall architecture.

Our second prediction of cloud-centric security revenue growing faster than the overall market has been spot on. We predicted revenue growth to be north of 20%, which has been for most of 2021 for the Software-as-a-Service (SaaS) and virtual appliance form factors that we categorize as cloud-centric security. While 4Q21 numbers are not in, we don’t expect any significant shift in their growth trajectory. As enterprises shift towards being entirely digital, multi-cloud, and mobile-friendly, they have been voting with their wallets and favoring SaaS and virtual solutions.

 

 

Our third prediction proved correct, with the physical firewall appliance market rebounding in 2021 from a tepid 2020. Enterprises that halted upgrades in 2020 are back in full swing doing refreshes to get greater capacity and the latest features.

 

 

Looking into 2022, we make the following three predictions:

1 – Only a minority of enterprises will fully deploy SASE in 2022, but all will force SASE of their vendors

If there’s any maxim in enterprise IT, change comes slowly for most enterprise IT teams. With SASE being a new architectural approach and causing a significant shift in networking and security operations, most enterprises are taking a methodical approach to SASE. Sure, there are a minority of enterprises capable and willing to give their entire WAN networking and security budget to a single pure-play SASE vendor to do full-blown SASE in one fell swoop. Still, the emerging reality is that in 2022 most enterprises will do things piece-meal by focusing on either the networking or security aspect of SASE first or using multiple vendors in their SASE deployment.

However, this doesn’t let vendors off the hook from SASE since most enterprises want their vendors to prove they know SASE and will help them in the journey. No enterprise wants to undertake either network or security transformation only to find out that their vendors can’t take them all the way.

Our 2022 SASE prediction is based on tracking the SASE market in two ways. The first is by what we call the SASE-related technology market, which is the total sum of all networking and security technologies that conceivably could be deployed in a SASE configuration. The second is by what we call the SASE technology market, which is the subset of the SASE-related market deployed in a SASE configuration. For full-year 2021, we expect the SASE-related technology market to nearly reach $4 B with year-over-year (Y/Y) growth topping 30%, while the SASE market may hit $500 M, representing highly robust growth of over 100% Y/Y.

 

2 – The physical Firewall market rebound will modulate, while cloud-centric security will continue to grow faster

Although we predicted a rebound in the physical Firewall market a year ago, its strength has surprised us. However, we expect the growth in the firewall market to level off. We believe the future of network security isn’t with the physical Firewall market, as it once was, but with those cloud-centric network security solutions that favor SaaS and virtual appliances as preferred embodiments.

 

3 – Firewall-as-a-Service will begin to cannibalize carrier-class Firewall physical appliances

In the last couple of years, Firewall-as-a-Service (FWaaS), or Cloud Firewalls, have started to pop up as an upsell feature of SaaS-based security solutions, notably in SaaS-based SWG and SASE solutions. The FWaaS in those solutions was primarily aimed at per-user or per-application type firewalling in remote user deployments. It wasn’t meant to replace the super-heavy iron of carrier-class physical firewalls that are still good hygiene in any large enterprise or carrier network. However, we have started to see both pre-IPO and public companies making motions and looking to use the power of the cloud to dethrone one of the last bastions where physical security appliances rule.

We predict that in 2022 at least several of the Fortune 100 will ditch their classic carrier-class Firewall hardware and go all-in on cloud-powered Firewalls.

A year from now, we’ll circle back and see what came true. We hope to repeat our good performance.

 

[wp_tech_share]

Cloud-Delivered Security to Grow 21 Percent CAGR and Hit $10 Billion by 2025

We just issued the latest edition of our 5-year forecast (2021-2025) for the Network and Security and Data Center Appliance (NSDCA) Market that spans Firewalls, Secure Web Gateways (SWGs), Email Security, Application Delivery Controllers (ADCs), and Web Application Firewalls (WAFs). Nearly 18 months since the COVID-19 pandemic began, the worst of the market turbulence appears behind us. Increased vaccination rates–albeit not fast enough for some countries and regions–have led to an unwinding of lockdown mandates and boosted economic activity. In addition, economic stimuli from central governments have provided additional market tailwinds.

After an anemic 2020, where revenue growth was just 3% year-over-year (Y/Y), we forecast a return to low double-digit growth in 2021 and 2022, and then high single-digit after that through the end of our forecast window (2025).  This revenue growth slightly exceeds the historical revenue growth rate, averaging 8% Y/Y, due to the pent-up demand created during 2020, the recent economic stimuli, and the continued high priority placed on security, creating favorable market conditions.

On a form factor basis, we believe that products sold in a cloud-delivered SaaS (Software-as-a-Service) form factor will grow at a 21% compound annual growth rate (CAGR), reaching nearly $10 B in 2025.  In contrast, the roughly $12 B physical appliance market is anticipated to grow nearly 3% CAGR by 2025.

We attribute the expected strong performance in the SaaS form factor due to the following factors:

  • Elasticity: The elasticity of SaaS solutions–namely, the ease, swiftness, and scaling of deployments–is impossible to match with physical appliances.
  • Cloud-indigenous: As enterprises pivot to embrace cloud architectures and the Internet becomes an extension of the corporate network, SaaS-based solutions are better suited.
  • Nexus of Innovation: The elasticity and cloud-indigenousness of SaaS-based solutions have afforded vendors the ability to innovate and offer new services to their customers rapidly. Examples include zero-trust network architectures and, more recently, the marriage of security and networking services as SASE solutions. (We have published an Advanced Research Report on SASE in which we analyzed the intersections of SWGs, Firewalls, and SD-WAN. Please contact us, if interested in procuring a copy).
  • Economic: Many enterprises are choosing to move away from the traditional capital expenditure (CAPEX) and depreciation model associated with physical appliances toward the operational expenditure (OPEX) subscription model strongly related to SaaS-based solutions.

Our report describes market dynamics by individual segment–including Firewalls, SWG, Email Security, ADC, and WAFs–and shows how each is expected to contribute to the overall SaaS-based revenue picture.  There will be clear winners and others that lag.

About the Report

The Dell’Oro Group Network Security & Data Center Appliance market 5-Year Forecast Report offers a complete overview of the industry with tables covering manufacturers’ revenue, units shipped and average selling prices for Application Delivery Controller, WAN Optimization Appliances, and Network Security Appliances. Each of these markets is further segmented by Physical and Virtual technologies. The Network Security Appliance market is also segmented by: Content Security, Firewall, IDS and IPS, and VPN and SSL. To purchase this report, please contact us by email at dgsales@delloro.com.
[wp_tech_share]

We recently completed our 1Q 2021 Network Security and Data Center Appliance report that spans the Network Security and Application Security & Delivery Markets.  A year since the arrival of the Covid-19 pandemic and the ensuing weakness in both markets, the worst of the recent market weakness appears behind.  Our data suggests enterprises are fueling growth in both markets due to five reasons:

  • Improved confidence in the macro-economic outlook: A year since the arrival of the Covid-19 pandemic, the worst appears behind us, and the light of the end of the dark tunnel is growing brighter. Vaccination rates are increasing–albeit for some countries and regions not fast enough–and the lifting of lockdowns is leading to increased economic activity. This, in turn, is being accelerated by economic stimuli by central governments.
  • Increased spending on technologies to support hybrid work: Although governments are scaling back shelter-at-home mandates, we see a growing number of enterprises embracing hybrid work as a long-term strategy. Hybrid work–time split between the corporate office and the home–is expected to be part of the new post-pandemic normal.
  • Increased spending on technologies that enabled the Internet-based application infrastructure: The pandemic forced business to be conducted online instead of in person. While some enterprises had completed the multi-year journey toward full digitalization by the time the pandemic arrived, many had not. Even with pandemic subsiding, we anticipate continued investment in digitalization efforts by the many enterprises still mid-journey.
  • Need for greater capacity: As the size of Ethernet pipes–now 400GbE readily available –and global data in transit continues to grow, it drives upgrades of network security and application infrastructure.
  • Seeking state-of-the-art security to thwart latest threats: Security breaches and attacks continue unabated, as evident in the recent spate of high-profile ransomware attacks at Colonial Pipeline, the largest pipeline system for refined oil products in the U.S., and JBS Foods, the world’s largest meat producer.

The Network Security market, which includes the Firewall, Secure Web Gateway (SWG), and Email Security technology segments, continued its rebound by growing 8% year-over-year (Y/Y) in 1Q 2021. Meanwhile, the Application Security & Delivery market, which includes Web Application Firewall (WAF), and Application Delivery Controller (ADC) technology segments, rose 17% Y/Y.

 

 

Additional key takeaways from the 1Q 2021 report period include:

  • Revenue growth in both the Network Security and Application Security & Delivery markets could have been more robust if not for the ongoing global semiconductor crunch. Our analysis showed a low, single-digit impact in the physical appliance portion of these markets in 1Q 2021.
  • Firewalls had a good quarter by historical standards with double-digit Y/Y growth. Growth was broad-based, with both virtual and all physical appliance sub-segments (Low End, Midrange, and High End) gaining ground.
  • SWGs were up double-digit Y/Y as enterprises prioritized moving away from legacy VPNs and embracing cloud-based security solutions that promise better flexibility, control, and threat visibility.
  • Email security rose by single-digit Y/Y based on the continued spread of malware primarily via email.
  • WAF revenue grew by double-digit Y/Y driven by the continued priority placed on securing Internet-facing applications.
  • ADCs rose by high single-digits Y/Y after spending most of 2020 in low, single-digit growth.
  • Overall, we adjusted our forecast for 2021 and now project that the sum of the Network Security and Application Delivery & Security markets will hit double-digit Y/Y growth instead of single-digit Y/Y growth.

To learn more about the Dell’Oro Group Network Security and Data Center Appliances market report, please click here or email us at dgsales@delloro.com for report subscription information.