On the heels of the ZScaler IPO, the Phantom Cyber, and Evident.IO acquisitions, and the DUO unicorn round, I thought I would share some of my personal thoughts around market transitions in security. And, in particular how it pertains to cloud.
Note: This is not a piece about why security startups fail. And, although missing a market transition is one reason for failure, there are a lot of other factors, some of which I will write in follow up blogs at another time.
What drives the market transitions?
The security market is somewhat unique in that it is driven by three factors: Technology trends, the attack surface, and the attackers. In order to understand a shift in the market, you really need to have a combination of all three of these in your favor.
These three need to be combined with a factor that is in every market transition, and that is timing. Let’s break these down.
Throughout my career, I have been asked hundreds of times, “How do you possibly keep up with all these sophisticated attackers?” The reality is that in comparison, the attackers are relatively easy to keep up with versus the technology trends. The attackers simply are following the technology trends and are typically behind the innovation curve in every way because that is where the majority of the users, infrastructure, and data is. A big mistake you can make is by overly focussing on attacker trends vs technology trends as they are rarely a forward-looking indicator and have a limited shelf life.
I spend a LOT more time understanding technology trends vs attacker trends as a means to find market transitions for security.
Learning: Don’t follow the attackers, follow the builders.
The Attack Surface
While technology trends are critical to understanding, the second piece of this puzzle is the associated attack surface for the trending technology. In particular, you need to understand the core underlying technology foundations and, most importantly, the application and developer ecosystem. Is the trending technology a closed system or open? What is the predicted adoption? Consumer or enterprise? And, most importantly, are there key changes in the delivery model and underpinnings that can lead to a wider or narrower attack surface? A good example here would be Apple iOS. Remember “The year of the mobile malware!” Well, it never really happened anywhere close to the scale that was predicated.
The iPhone is arguably the fastest-growing adopted technology in history, yet it was designed in a way that fundamentally shrunk the attack surface.
Learning: Understanding the potential attack surface is a leading way to predict the attacks.
The Attacks & Attackers
As mentioned above, the attackers are, by and large, hunting for holes in largely adopted systems. There are a plethora of motives around this and, generally, they will innovate in areas that are behind the technology curve, sometimes referred to as “low hanging fruit.” Exploits are commonly being run against old pieces of software and operating systems. Yes, Willie Sutton robbed banks because that was where the money was. Just because attackers are not necessarily attacking the latest and greatest trends, however, does not mean they aren’t innovative. They are opportunistic AND innovative, and when the adoption curve hits an inflection point, you better believe they will innovate against it. Additionally, they can do this at a pace that most technologies cannot because they play by a different set of rules and operating principals.
Like the attack surface, if you over-rotate on attackers you can miss a market transition and it’s likely you are creating a feature, not a product or a company. There are a many of these at the RSA Conference every year.
Learning: Don’t over-rotate your marketing timing based on attackers.
Timing the Market Transition: Second Mover Advantage
No surprise that timing is a constant in security market transitions. That said, it is a little different based on the aforementioned three factors to time security market transitions.
My favorite Bill Gates quote implies that we consistently overestimate the short-term impact of a technology trend and underestimate the long-term impact and because of this we often get lulled into inaction.
As Bill said, the challenge here is inaction. If you believe a market will change at a pace you cannot keep up with short-term, then you defer your action. Then longer term then catches up with you and can be a major transition you missed. However, if you are too early then you can spend precious funding, resources, and time developing something for a market that did not come to fruition or is a smaller piece of a larger puzzle.
Capturing a market transition in security is complex, it’s a trifecta of understanding the technology trends, the attack surface, and the attackers.
If you can, however, the time it right then you truly have a chance to build a large sustainable business. That is until the next market transition happens.