“By 2020, 80% of new deals for cloud-based cloud-access security brokers (CASB) will be packaged with network firewall, secure web gateway (SWG) and web application firewall (WAF) platforms.” (Read ManagedMethods’ CEO, Charlie Sander’s take on the Gartner predictions)
You don’t have to be in the security industry to see why this prediction is a no-brainer. CIOs and CISOs don’t want to feel like they are playing whack-a-mole with gaps in their previously purchased security solutions. They expect those existing security solutions to be future-focused, so when needs arise, a simple adjustment or update is all it takes. But for those who want to address Shadow IT, their existing security solutions fall short.
Why are security vendors so far behind?
While the problem of Shadow IT is well known, the scope of the issue has grown quickly, and traditional firewall vendors have been caught off guard. Businesses transitioned from in-house solutions to cloud-based ones in a blink of an eye. This fundamental change in business process also changed the way we must think about cyber security. Perimeter-based solutions aren’t adequate in an interconnected world. Security needs to be inherent in every connection that’s made with cloud apps. As a result, CASB solutions have a completely different business model than their predecessors. Traditional cyber security is hardware based, but many CASBs are API based and often delivered through a SaaS model.
What are security vendors doing to mend the gap?
Despite a few large acquisitions, most cyber security vendors have partnered with smaller startups to provide clients with Shadow IT coverage. However for most customers, buying an additional security solution isn’t very appealing. As a result, CIOs and CISOs who think they’ve covered every security gap probably still have a Shadow IT problem.
Given the multitude of security solutions that pitch to businesses, industry consolidation makes sense and is already underway. 451 Research just published a piece about Cisco’s acquisition of CloudLock that includes this table:
|Date announced||Target||Acquirer||Employees||Deal value|
|June 28, 2016||CloudLock||Cisco Systems||150+||$293m|
|November 9, 2015||Elastica||Blue Coat Systems||188||$280m|
|September 8, 2015||Adallom||Microsoft||94||$250m*|
|July 30, 2015||Perspecsys||Blue Coat Systems||100||$44.7m|
|May 27, 2015||CirroSecure||Palo Alto Networks||10||$18m|
|March 31, 2015||Anicut Systems||CipherCloud||Fewer than 5||Not disclosed|
|February 6, 2014||Skyfence Networks||Imperva||20*||$60m|
|January 15, 2014||CloudUp Networks||CipherCloud||2||Not disclosed|
|September 26, 2013||SaaSID||Intermedia||20||Not disclosed|
The CASB space is heating up: as CASBs mature and the market size increases, the deal values are ballooning. Enterprise firewall vendors like Check Point, Fortinet, Sonicwall, Sophos and WatchGuard that are waiting to either acquire an existing CASB or roll out their own solution are watching the window of opportunity beginning to close. Acquisitions will become unaffordable and their customers will either procure their own CASB or switch to a more holistic vendor.