Cloud service providers (CSP) are emerging as security vendors, spelling trouble for pure-play companies in the space, according to Nat Smith, senior director analyst at Gartner, speaking Monday at the Gartner Security and Risk Management Summit at National Harbor, Maryland. This includes infrastructure as a service providers such as Microsoft Azure, Amazon Web Services and Google Cloud.
Already, 90% of cloud security offerings have CSP security offerings, from chaos engineering to data loss prevention products, according to Gartner. The enterprise technology market is competitive, and cloud providers are doing anything they can to differentiate their products, Smith said.
CSPs are also at an advantage: If their customer's environment is in the cloud, providers are in a more strategic position to offer security than traditional security vendors, Smith said. And if CSPs make cloud security easier, they can use it as a competitive advantage to court more customers
Three-quarters of companies have a cloud-first mandate, Gartner reports, shifting the technology buying strategy across the technology stack.
IaaS providers can weave in security offerings, appeasing privacy-centric executives fearful of breaches.
There's also solution logic behind it — Microsoft is in a better position to protect its cloud than an outside firm that wants to bolt on a security fix.
Certain security offerings face more trouble than others, according to Smith:
Information and event management
Monitoring and configuration management
Firewalls and unified threat management
Encryption and key management
Identity and access management
CSP disruption spells trouble for many, but not all, security vendors. The key for keeping an edge in the market is having multicloud offerings and on-prem integrations, Smith said. Ease of use is the cherry on top.
Already the security market has seen disruption play out.
Cybersecurity software company Symantec has taken steady hits on the stock market amid substantial changes, from new leadership to an internal audit. It has struggled to carve out a niche in the endpoint space.
Symantec is a "massive underperformer," according to Gregg Moskowitz, a Mizuho Securities analyst, Barron's reports.
The analyst recently upgraded the company stock because of the potential for Symantec to sell parts of its business and lay off staff.
Other vendors are taking a victory lap in the security market. Crowdstrike, which specializes in endpoint protection and threat intelligence, went public last week and soared in its market debut. Its stock nearly doubled after its debut and it now has a market cap of $15.8 billion.