1. Cloud security moves to the forefront
One of the biggest challenges for security today is the need to secure services in the cloud, particularly as enterprise applications increasingly migrate to the cloud. As a result, we have seen a raft of acquisitions in the security space in recent months, with many of our strategic security vendors making purchases to strengthen their cloud security capabilities.
- In March and October 2018, respectively, Palo Alto Networks acquired cloud services infrastructure protection provider Evident.io for $300m and cloud security analytics and advanced threat detection specialist Redlock for $173m (as well as Demisto in the security orchestration space for $560m in February 2019).
- Check Point acquired Tel Aviv-based cloud cybersecurity company Dome9 Security to bolster its cloud management and active policy enforcement capabilities in October 2018, and Tel Aviv-based web applications security solution provider ForceNock Security in January 2019
- In the same month, Sophos acquired UK-based artificial intelligence (AI) cloud infrastructure security company Avid Secure.
- Security leader Symantec has also long since recognised this trend with its Cloud Workload Protection programme, a solution aimed at securing enterprise applications in the cloud and enterprise adoption of the public cloud.
- F5 acquired NGINX for $670M to move into open-source, multi-cloud services
Cloud security is undergoing a minor revolution, with AI enabling advanced capabilities in an increasing number of solutions, as enterprises need to respond faster to the most critical threats using real-time automation. Westcon-Comstor expects this trend to continue through 2019.
2. Zero trust becomes more than just a buzzword
Zero trust is an alternative architecture for IT security, introduced as a concept by analyst house Forrester Research way back in 2010. But 2019 is likely to see the technology moving into the mainstream, with access management vendors increasingly pushing this move into the industry.
Traditional security models worked on the assumption that the perimeter needed to be secured and locked down, but anything inside an organisation’s network could be trusted. As security was designed to protect the perimeter, threats inside were left invisible and free to morph and access sensitive business data. Furthermore, given the increased sophistication of attacks and greater internal threats, more advanced security measures need to be adopted within the internal network.
The principle of zero trust is to never trust and always verify. Vendors such Palo Alto Networks, Symantec, Cisco, Okta, Centrify, Idaptive and Illumio are all readying solutions and lead the pack, according to Forrester. 2019 could be the year that zero trust fully enters the security lexicon as a reality, not just a concept.
3. Next-generation AI-based endpoint security and new iterations of legacy solutions
As threats evolve, so too must endpoint security solutions, and 2019 will continue to see next-generation endpoint vendors continue to extend the reach of their solutions. At the same time, 2019 will see legacy endpoint companies push new versions of their products in order to maintain their market position in response to these newer competitors.
A number of trends are driving this transition: increased mobility, the need for cloud-based endpoint security, IoT, and a need to consolidate solutions onto a single platform. At the same time, the growing complexity of threats means that vendors are increasingly needing to automate endpoint security by harnessing the power of AI and machine learning.
As a result, vendors such as Palo Alto Networks and Symantec are embracing AI and big data analytics to create single agent solutions that encompass all end points, from smartphones to IoT devices, and can monitor, detect and prevent not only existing threats, but also future threats.
In response, legacy vendors are creating improved versions of their existing products. For example, Symantec’s Endpoint Protection Mobile is a risk-based mobile security approach to defend against all detected threats, while respecting users’ privacy. Expect the competition to hot up in 2019.
4. GDPR compliance is bridging the security and privacy markets
Privacy will continue on a similar path as the evolution of cybersecurity in 2019, driven by the introduction of the General Data Protection Regulation (GDPR) last year. GDPR and other privacy laws will mean that a standard level of constant privacy will become the new norm, which means that, like security, privacy will need to become integrated into the fabric of all business processes and communications. At the same time, organisations will need to maintain the balance between access to personal data and protection of that data. As a result, security and privacy solutions are predicted to merge throughout 2019.
5. Mobile security concerns continue to drive innovation
The phenomenon of BYOD and the accelerating mobility of the enterprise, not to mention the growth of IoT devices, means that mobile endpoint security is going to continue to drive innovation in this sector through 2019 – see Symantec’s Mobile Thread Defense and Check Point’s Sandblast Mobile. Employees now demand flexibility on a range of devices, which makes the enterprise IT perimeter increasingly nebulous.
Mobile endpoint security demands a number of requirements, including mobile device management, mobile application management, mobile application reputation service, device antivirus protection, as well technology to provide different layers of security for sensitive data. On top of that it requires encryption enforcement, remote lock and wipe, password enforcement, and other tools that work together with device security and app management.
Add IoT to the mix, with a whole new class of devices accessing the corporate network, and it provides a huge challenge for both organisations and mobile endpoint security vendors, who will focus on innovating in this area through 2019.