The shift towards the cloud has been a major secular trend and driving force for enterprises worldwide over the last few years. Public, private, and hybrid clouds have been driving CIOs and organizations as a more mobile workforce, ubiquitous data, lower costs, and changing IT architecture are defining a new enterprise landscape. This theme has been seen front and center from the “eye popping cloud strength” over the past few weeks of earnings with Microsoft (Azure) and Amazon (AWS) driving this two horse race and Google vying for the third spot in this transformational growth opportunity that is set to play out and have a major positive ripple effect across the enterprise IT spending landscape for years to come in our opinion. We believe cloud adoption rates are steadily increasing with a higher rate of comfort among CIOs moving to hybrid cloud environments with our analysis suggesting 35% of application workloads will migrate to the public and hybrid cloud by the end of 2018 and 55% by 2022. However, we have spoken to many CIOs and other IT decision makers that have pointed to security, privacy issues, lack of one control points, compliance, and other corporate controls for reasons still hindering broader cloud deployments and moving critical workloads to a public/hybrid cloud environment. To this point, we believe enterprises and government agencies across the board are starting to reach an inflection point as more budget dollars are shifting to cloud deployments as well as pockets of the cyber security cloud ecosystem over the next 12 to 18 months and will disproportionably benefit those vendors with the right product footprint to attack this golden market opportunity.
The shift to cloud creates an opportunity for security vendors. With AWS and Azure having unprecedented customer success on their enterprise cloud initiatives, we believe the next potential beneficiary could be cloud security players. We believe it is still early days in the move to cloud architectures across the enterprise world, with more CIOs and IT decision makers looking at this massive secular shift over the next 3 to 5 years. As such, with more sensitive data and critical information needing to be protected in these cloud deployments, we believe security vendors stand to benefit during the course of 2019 as more spending shifts towards broader cloud deployments. While still early days there is a major growth opportunity in cloud security that we estimate could be roughly $10 billion over the next three years for those security vendors that have the solution sets to protect critical cloud deployments and seamlessly work with on premise and public/hybrid workloads through a unified and deep solution set. While Amazon and Microsoft will continue to improve both organically and potentially through acquisitions their existing security infrastructure/services, we believe cloud security could be an emerging facet of spending for the sector over the coming years based on our recent checks in the field. While there are a number of public vendors such as Cisco, Qualys, Palo Alto Networks, Zscaler, Tenable, FireEye, Check Point, and ForeScout among others that could benefit from this incremental area of security spending in 2H18/2019 and beyond, we believe emerging private vendors with a specialization in cloud security and innovative, proprietary product footprints could significantly participate in this “land grab multi-billion-dollar secular opportunity” over the coming years.
Identity and Access Management Vendors Front and Center Heading into 2H18/2019
Identity and access management (IAM) is a major area within the security landscape that will be gaining increased attention among CIOs and enterprise decision makers as we head into 2019. In our opinion, the combination of two major secular trends – the shift to public, private, and hybrid clouds and an elevated threat environment for both governments and enterprises will make IAM a front and center technology over the coming years. In a nutshell, IAM is a technology that enables enterprises to securely control access to its network and resources by using access control engines to provide single sign on, centralized authentication systems, and mobility management. Leaders in this space include SailPoint, Centrify, Ping, ForgeRock, OneLogin, SecureAuth, and Okta based on our recent survey work and feedback from the field. We also believe the emerging area of privileged account management is becoming a major focus of spending with vendors such as CyberArk front and center along with Thycotic also mentioned positively in a number of customer conversations. There are also many cloud players using Amazon/AWS on the IAM front with its authentication service although we believe this is focused on SMB’s and not a major threat to pure plays in the space. By enabling the “right individuals to the right resources” this should help control this growing threat facing enterprises and governments today and be a driving technology for the coming years in the cyber security world and could potentially spark heated M&A as larger enterprise players look to grab a bigger piece of this emerging secular growth opportunity.
M&A could heat up in the IAM space. With IAM becoming a bigger piece of the cyber security spending trajectory and more critical technology, we believe this could translate into an uptick in M&A around this sub-sector. With many of these pure plays vendors being on the private side, we would see traditional software/technology vendors such as Microsoft, Symantec, Oracle, IBM, and possibly Dell looking to make acquisitions in this space to significantly bolster their existing offerings to customers. Given our forecast that this area of cyber security is set to approach $16 billion of spending by 2020 (up from roughly $9 billion today), we believe 2H18/2019 could be an inflection point year for this technology and thus translate into a more active M&A landscape as well as an impressive growth trajectory over the coming year.