If you are able to read this, then most likely you have a direct connection to both a computer and some type of network service. You and the data associated with your network are now at risk... maybe. If you are part of many corporate organizations, there is a good chance that the network or device you are using does not have some sort of access management or advanced cyber security software implemented.
Even if it does have a software to prevent external hacks, there is a better chance that there is little restrictive access from a member of the customer service team being able to find a way into the accounting department’s database.
As virtualization becomes more universal, users can obtain greater access to system resources. What does this boil down to? Easier ways for insiders and even hackers to obtain data that should otherwise only be used internally and secured. Intel Corporation's (NASDAQ:INTC) recent announcement of its spinout of its cyber security division formerly known as McAfee has begun turning investors’ heads toward tech stocks in the space. A big reason for this is that the McAfee division, rebranded as Intel Security Group in 2014, has now been given a valuation of $4.2 billion. Intel will retain 49% of the new entity and the buyer, TPG, will obtain 51%.
Outside of the transaction with Intel, TPG also led a $120 million investment round for security startup Tanium in 2015 and was the lead investor in a $100 million funding round in internet security firm Zscaler as well.
But this is not the first, nor the last we will see of big money being put into cyber security companies. Research supports that because of pent-up demand, the global identity and access management market size (which was estimated at $8.92 billion in 2014) will increase immensely with a projected compound annual growth rate of nearly 13% by 2020. Increasing demand for cloud-based engineering and better network proficiency are expected to drive demand across organizations.
GrandView Research:
Cloud communications company, Twilio Inc. (TWLO), announced Thursday that the company will be rolling out its own version of a more “agile” security software that addresses security, access management and administrative issues.
"Enterprises have to balance the desire to be more agile and innovative with the need for more stringent security and controls," said Twilio CEO Jeff Lawson in a statement. "With the Twilio Enterprise Plan, enterprises are free to innovate at the speed of startups while ensuring compliance with their more rigorous policies."
Identity and access management is a central technology for today’s enterprise landscape to help strengthen regulatory compliance and secure operations. Industry participants are investing in R&D to invent new technologies for enhancing the network-based security. Strategic acquisitions and partnerships are being adopted for business expansion as well. In fact, this past June, one of the original anti-virus companies, Symantec Corporation (NASDAQ:SYMC) purchased private online security firm Blue Coat Systems Inc.
This has been something that Symantec had been searching for especially in light of recent concerns on a corporate level about cyber threats. They have struggled to capitalize on this growing demand and turn it into real revenue. In fact, sales of the company’s corporate-security products were down 2%, totaling $2.1 billion as of its 2015 fiscal report. Prior to the $4.6 billion deal, shares of Symantec have declined 27% over the past year. However, since making the announcement that they will be bringing in Blue Coat, shares have increased by over 40% in less than 3 months.
According to reports, the combined company could have nearly $4.4 billion in fiscal-2016 revenue, with roughly two-thirds coming from corporate security.
“IAM is a fusion of technology and process that, if designed and implemented well, can positively affect the productivity and bottom line of an organization, as well as its compliance ability,” said Jaen Snyman, national business manager, cloud design and integration at Empired, a network solutions provider.
Based on this exact point, Symantec is expecting $150 million of cost savings from the deal, on top of a $400 million expense-reduction the company had announced previously.
Who Else Has Grabbed Hold of the New Generation of Cloud Security?
It should come as no surprise that one of the pioneers in computing technology as a whole is also competing within the space. International Business Machines Corporation (NYSE:IBM), through IBM Security, recently sponsored a study that discovered the average cost of a data breach for companies has grown to $4 million – a 29% increase since 2013. In fact, Jonathan Dale, product marketing manager for MaaS360, IBM Security, said, “Awareness and education are the most important ways to stay vigilant. It’s not hard to make the right decision if you understand the risks. Most users we speak with want more information about how to better protect themselves and their company.”
Earlier this year, IBM announced Watson for Cyber Security. This is a cloud-based form of the company's analytical technology that is trained on “the language of security.” Case and point, not only do companies lose millions on security breaches but they also spend millions on analyzing data that may not have been a breach at all. IAM software curbs this and through implementation of Watson for Security, IBM is able to quickly analyze all of the compiled, unstructured data and bring context to what database managers are seeing.
But access management is not just based on desk-top/lap-top access points either. Currently, because of certain organizations that use a "Bring Your Own Device" policy, it has resulted in yet another major challenge for organizations to protect against. This includes installing apps from unauthorized third-party app stores—instead of only downloading and installing apps from authorized app stores like Apple, Google, or Microsoft.
Also for mobile/lap-top/tablet users, not using a VPN to protect sensitive information and connecting to unknown public Wi-Fi networks add an additional level of risk to address. In fact, according to an investigative study done by HP, 97% of employee’s devices contained privacy concerns, and 75% lacked sufficient data encryption.
Even companies that have already had previous success during the earlier phases of the industry continue to pursue further advancement. A group of programmers in 2011 engineered the sale of BHOLD and its flagship IAM software program to Microsoft for a “substantial, all-cash sum.” That same team is now the leadership behind a smaller competitor in the space, IDdriven Inc. (IDDR). With Microsoft still utilizing the “non-cloud based” BHOLD system today and with Microsoft as well as several others onboard as channel partners, IDdriven has come into the space with similar experience as many others in the space. Their flagship Iddriven software is designed to manage large quantities of user data and access rights across applications. This is not only accessible on site but also offers identity services for users working remotely or for breach attempts made outside of the network location(s).
The insider threat to enterprises is no laughing matter, especially with the trend being set for enterprises going digital. A 2015 Government study on Information Security Breaches found there was staff involvement in 81% of the data breaches suffered by the large organizations polled. On top of this, there was premeditated misuse of systems by employees and contractors equated for nearly 20% of the worst security breaches for all sizes. Whether malicious activity or as a result of employee errors, both scenarios obviously present real risk to organizations of any size.
Now that more of these breaches are coming to the attention of mass media, there has definitely been much more interest from investors. Symantec, Intel, Twilio, IBM and even smaller organizations like IdDriven have all targeted this space. With growth projected into the multi-billions through 2020, there’s no question that this industry will be a hot button item for tech investors.
Disclosure: The Author owns no stock in any of the companies mentioned within this article & has received no compensation of any kind to write / publish this article, but he is affiliated with MIDAM Ventures LLC a company which has an existing awareness agreement with IDdriven Inc.