To mark the start of the year, we have wrapped up the top 10 analyst predictions for the cybersecurity industry in 2016. The trends encompass broad trends identified by key security analysts as well as analysts looking at security from a mobility and SMB standpoint.
While many predictions remain consistent with what we have seen from previous years, there are also substantial shifts as trends such as hybrid cloud and IoT make substantial inroads into the market, putting information security at the top of the agenda.
1. Cloud Brokerage:
With the rise of the Cloud Access Security Broker (CASB) market, the integration with web proxies and DLP inspection engines will give customers greater visibility and control over data used in SaaS applications (whether they are shadowy or sanctioned).
"Elastica (now Blue Coat), Netskope, and Skyhigh Networks are the pure plays who defined and essentially created the CASB market with solutions that have horizontal appeal given the need to both discover the use of Shadow IT applications for visibility, and to control such use to protect cloud-resident data assets. Appreciable customer, channel, and vendor activity make this space a hot one in 2016." - Doug Cahill, ESG
2. Focused Deals – Larger for some, smaller for others:
In terms of business, TBR predicts that 2016 will involve larger deals but for fewer security vendors.
"Niche security vendors such as @Ping, @CyberArk, @Imperva will be pressured as vendors with broader portfolios earn larger security deals." – Jane Wright (via Twitter)
3. Mobile Security:
As mobile security attacks are set to double from 2015, mobile security vendors will expand to include operating system, user, application, and network contextual data to improve the user experience around security controls such as mobile authentication and authorization.
4. Integrated security - important to business competitiveness:
Security is increasingly being seen as a business enablement platform and a core consideration in application deployment. Protecting critical data against network intrusion and risk associated with poorly-secured endpoint devices will become a high business priority. Additionally, broader deployment of hybrid clouds in the enterprise creates an imperative to unify policies across disparate infrastructures for seamless security as well as compliance.
"In 2016, we expect to see security viewed increasingly as a business enablement platform, rather than strictly as a technology solution." - Anurag Agrawal, Techaisle
5. Security as main differentiator:
Security will play a leading role for cloud vendors and IoT providers wanting to differentiate their offerings and stay relevant in an increasingly competitive market. With IoT expected to move from the "testing" phase to larger deployments, security will be a key focus. Additionally, the widely predicted rise of hybrid cloud solutions will mean much larger cloud deals, of which security will be central.
"Trust will be the watchword for cloud in 2016. The winners will provide security, governance, scalability, and business process in a hybrid manner… [Additionally], we expect focused startups and an emphasis by the larger vendors on IoT security." - Judith Hurwitz, Hurwitz & Associates
6. Adapting to the increased threat surface:
An understanding of the diverse threat landscape will drive certain trends within enterprises. From securing the supply chain through real time risk assessment tools to cost effective multi-factor authentication tools which leverage mobile, business are taking a more holistic approach to security.
"The complexities of digital business and the algorithmic economy combined with an emerging "hacker industry" significantly increase the threat surface for an organization. Relying on perimeter defense and rule-based security is inadequate, especially as organizations exploit more cloud-based services and open APIs for customers and partners to integrate with their systems. IT leaders must focus on detecting and responding to threats, as well as more traditional blocking and other measures to prevent attacks. Application self-protection, as well as user and entity behavior analytics, will help fulfill the adaptive security architecture."- Gartner*
7. Security Skills Shortage:
As security continues to be ever more of a focus – moving from being a technology to a business imperative, the underlying concern around skills is set to become even more urgent, To tackle this, vendors are looking at both investing in internship programs as well as extending facilities into new markets like Atlanta, Austin, Boston, and Washington D.C. as well as India, Ireland, and the Philippines.
"Depending upon whom you believe, there will be 1 million or more cybersecurity job openings that remain unfilled in 2016. This shortage is already a problem for CISOs, look for it to become a growing headache for cybersecurity product and (especially) services vendors this year as well." – Jon Oltsik, ESG
8. EU data protection regulation will drive security spend…and confusion:
By 2019, IDC predicts that 25% of security spend will be driven by EU regulation and privacy concerns. However, despite the need for investment, jurisdiction issues among trading regions will remain unresolved leading to a patchwork of compliance regimes.
"IT security investments must support a risk-based approach to making business decisions and enable organizations to identify and seize opportunities for growth." – Chris Christiansen and Duncan Brown, IDC
9. Intelligent Security:
Understanding threats will require that IT leaders focus not just on traditional blocking and prevention tactics but expand efforts to include detecting and responding to these threats through the integration of technologies such as the user and entity behaviour analytics.
"And threat intelligence feeds integrated into network and host-based security controls start to make such data more contextual, and thus actionable." - Doug Cahill, ESG
10. Endpoint Security Evolution:
Focusing on the endpoint security will continue with be a focus with addition of new prevention capabilities from vendors such as Cylance and Invincea. These developments will challenge both the existing order and the ways in which enterprises purchase and deploy endpoint security solutions.
"The battle for defending the endpoint is well underway: New prevention and detection approaches have taken the field. Legacy endpoint security vendors have read the writing on the (fire?)wall, and have their own post-antivirus products ready to compete." - Adrian Sanabria, 451 Research
*Gartner Press Release, Gartner Identifies the Top 10 Strategic Technology Trends for 2016, October 6, 2015
