The rise of enterprise-class cybersecurity vendors

Cybersecurity professionals stress that enterprise-class cybersecurity vendors must offer industry experience, support for IT initiatives and a commitment to streamlining security operations

When I’m asked to explain what’s happening with enterprise cybersecurity technology, I often use an analogy from the business software market in the 1990s. 

Back then, application vendors tended to specialize in one area—PeopleSoft owned HR, Baan offered manufacturing apps, JD Edwards played in finance, etc. Around 1995, companies began replacing these departmental applications with enterprise-class ERP solutions from Oracle and SAP. The objective? Centralize all business data into a common repository that could anchor the business and be updated and used for various departmental functions and business processes in real time. 

+ Also on Network World: Cybersecurity companies to watch +

Yes, the ERP journey was a bit painful, but the transition resulted in a steady increase in business productivity, enhanced efficiency and better decision making.

On the supply side of the equation, the ERP evolution led to industry consolidation as large software vendors acquired smaller ones. By the early 2000s, just a few enterprise-class business application software vendors remained, while other specialists became ecosystem partners for large vendors, adding niche value in specific areas.

According to ESG research, the same type of thing is now happening with enterprise cybersecurity technology. In a survey of 176 cybersecurity and IT professionals, 24 percent say their organization is actively consolidating the cybersecurity technology vendors they do business with, 38 percent are consolidating the cybersecurity technology vendors they do business with on a limited basis, and 21 percent are considering consolidating the cybersecurity vendors they do business with.

As enterprises consolidate cybersecurity vendors, they are also integrating individual products into a common architecture. This is where enterprise-class cybersecurity vendors are beginning to emerge. A few vendors will provide products, services and software architecture (i.e. middleware, cloud services, application architecture, etc.), doing for cybersecurity what Oracle and SAP did for business application software in the 1990s.

What enterprise-class cybersecurity vendors must provide

What do cybersecurity professionals look for in these enterprise-class cybersecurity vendors? The ESG research provides a few answers to this question:   

  • 35 percent of cybersecurity professionals say enterprise-class cybersecurity must offer cybersecurity expertise specific to their organization’s industry. Boy, this one really parallels the ERP transition! Rather than horizontal infosec solutions, CISOs want security technologies that align with industry business processes, regulations, global operations, etc. As IoT applications gain strength, I truly expect cybersecurity to evolve into vertical industry specialization. 
  • 32 percent of cybersecurity professionals say enterprise-class cybersecurity must offer a cybersecurity product and services portfolio that aligns with their organization’s strategic IT initiatives. Infosec pros want to work with cybersecurity vendors who support things such as cloud computing, mobile applications and digital transformation. I see a lot of M&A activities and ecosystem plays for big cybersecurity players (i.e. Cisco, IBM, McAfee, Symantec, Trend Micro, etc.) in this area.    
  • 32 percent of cybersecurity professionals say enterprise-class cybersecurity must be committed to reducing operational complexity and lowering the cost of ownership of cybersecurity. In this case, enterprise cybersecurity vendors must improve security while streamlining and lowering the cost of operations. A tall order, but consolidation, integration, enhanced intelligence, automation and a software architecture should help here. 
  • 32 percent of cybersecurity professionals say enterprise-class cybersecurity must provide products and services designed for enterprise scale, integration and business process requirements. This is the classic functionality that all enterprise-class vendors must deliver: scalability, manageability, distributed data management, high performance, 7 by 24 support, etc. Enterprise organizations generate billions of security events daily and collect TBs of security data monthly, so these are “gotta haves” for CISOs. 

This trend is in its infancy, but based upon the ESG research, it appears to be gaining momentum. Large organizations want (and need) an integrated end-to-end cybersecurity technology architecture that can help improve incident prevention/detection, automate and orchestrate response, and streamline security operations. This need is even more pronounced with mid-market and small enterprise organizations lacking appropriate levels of cybersecurity skills. 

Over the next few years, a few vendors have the opportunity to achieve market leadership in cybersecurity technology as Oracle and SAP did in ERP. The race is on, but the finish line is already in place. 

Cybersecurity market research: Top 15 statistics for 2017