Welcome to the KuppingerCole Analyst Chat. I'm your host. My name is Matthias Reinwarth, I'm senior analyst and lead advisor with KuppingerCole Analysts. My guest today is I think for the first time on camera Warwick Ashford, he is working for KuppingerCole as a senior analyst, and he's working out of London. Hi Warwick. Good to see you. Oh, hi
Matthias. Good to be here and quite strange to be actually seeing you this time.
That's true. But as EIC, our conferences coming up, we might have a chance to see each other also in person in real life. As strange as that may sound w yeah, we are, we are here today to talk or to take a step back from the cybersecurity market and to look at it as a whole. And we want to have a look as analysts do at a bigger perspective, how it's changing, what we expect to happen in the future. So really a more general view on the topic. So how will cybersecurity the market and the environment fall off for all organizations and in the end, people will change. So how this cyber security market is evolving. So to first to lay the ground, what actually is the perspective that we're taking? We have all this work from home already behind us, or we are still in it. As we are looking into cameras. We are still working from home, but we have to deal with the world after the pandemic. Maybe that is a good starting point. What do you expect for this changing world? What, what are the key, the key aspects that we have to look at when you look at cybersecurity in this new surrounding that we're working in? Well, I think
As you've mentioned, the pandemic has really changed the way we do everything. And I think that if anything, the cybersecurity market has gained even greater importance in this post COVID era, and it will continue to grow and evolve. And, you know, just looking at the way COVID is going to affect different markets. I think like most it markets, the cybersecurity market will be one of those ones that, that continues. And we can maybe look a bit later the kind of areas that will be stronger as ever the cybersecurity market is, is being grown by the fact that there's increasing reliance of business on the information technology. There is a growing number of security and data protection regulations. Obviously the shift of prime online has only gained a pace since the pandemic. And there's also an increasing incidents of state-sponsored cyber texts were industrial espionage and a disruption of critical infrastructure. So those are all kind of the general big sky things are happening, but the cyber criminals are focusing particularly on new and emerging technologies that organizations are adopting as they embrace digital transformation to cut costs and improve performance and support new business models. And, you know, we've seen that come to the fall with the pandemic people have had to adjust. And so obviously the new sort of emerging technologies is where they've gone and of course has ever the cyber-criminals have followed suit.
Right? And when we look at this, this, these two aspects that you mentioned on the one hand, there's really a growing number of threats. There's a changing our work environment. And on the other hand, we want to be as efficient as possible. We want to be as cost efficient as possible. These are two important drivers. Where are other drivers for this change? What do you expect to continue to grow? And what do you expect to change? Well, the central
Established cyber security technologies that are core to sort of modern forward-looking cybersecurity programs are expected to grow and evolve to fulfill the leading roles in cyber defense. So these are the established technologies likely includes identity related solutions, data like things like data, access governance, endpoint, protection detection, and response, EDR unified endpoint management, UEM fraud, reduction, intelligence platforms, API management, and security solutions, those kinds of things. And even DLP that that will carry on, but the emerging technologies or the ones that I think are the most interesting at the moment. And these are the ones that are a part of this adapting to this new world of working from home, remote working, and these include things like network detection and response. And then we've got the extended detection and response, but as well as things like security, orchestration, automation and response, or saw security information, sharing security for business applications and cloud delivered security and security operations centers as a service or psych as a service. And of course, dev ops security, because that's one of the big trends that we're seeing now in organizations too, in terms of efficiency and so on.
So it's all more or less connected to the, through the move to the cloud. So we are really changing our infrastructures. We are, and we need to be capable of providing cybersecurity for the cloud environments, but also for, for traditional on premises environments and everything in between and everything that you've mentioned, these technologies need to be an art designed. Most of them are designed to be capable of providing security across the full range of potential platforms where services are are deployed right now. So the cloud, as it sounds like a truism still is a driver for changing cyber security. Is that true? Yes. Well, I'd
Say the move to the cloud is perhaps the most significant sort of trend that we've we're seeing that is, is, is driving the, the cybersecurity market. The adoption of cloud-based services has, as we've been saying, been accelerated by COVID-19 a pandemic and the greased need to support employees working from home or remotely as a key element of digital transformation. The adoption of cloud computing has impacted just about every it market segments. And that's including security now due to the introduction of new challenges around protecting hybrid cloud and on-prem business it environments,
Right? But our organization's already well equipped. Are they prepared for this change also when it comes to cyber security, when it comes to consuming SOC as a service coming consuming, cloud delivered security, is the market already mature and are the customers already mature enough to deal with that? Well, definitely the market
Is gearing towards that. I think, I think most of the vendors have, have sort of really understood where the, where the market needs to go and they are providing that are providing the services. I think that also the forward looking organizations who are embracing digital transformation and who were already on that journey are doing the security alongside, which is the way it should be always. We, you know, we always advise organizations that security shouldn't be an afterthought. It should be something that is integral with what you're doing with what you're planning. And so those are the, the leading organizations are doing that, I think for much of the market. And unfortunately the security is still very much an afterthought for many organizations that, which is a question of how do we get our people productive? How do we keep the production, the means of production going?
And then security became sort of like a secondary consideration. And I guess that's where the cyber-criminals have seen the opportunity is because they, you know, they realized everyone was concentrating on, on just getting things, moving again, or getting things working under these circumstances. And they were perhaps not paying all the attention that they should be. So in terms of acquiring new technologies and also attending to, to security people, organizations need to think of these things together, but in additional to the, the, the, the technical changes, there have been simple trends that I've seen. For example, organizations are now thinking about developing cybersecurity skills within the organization, or they're also looking more at securing supply chains to ensure business continuity and blocking cyber techs through supply chain weaknesses. So, as you know, we've seen several attacks in recent months that, that have focused on, on the supply chain.
And, and I think this is an area that is gaining in importance and also gaining in attention. There is also the expanding on raising the status of the role of the chief information security officers to become sort of slightly broader and more involved with the business and not to be so technically focused. And I think there is also a greater understanding now about the benefits of restructuring operations to ensure that there's a greater alignment between the cyber security and the business continuity teams to ensure that continued continuity focused technology investments so that these things are not operating in silos. And then also in terms of organizational change, we've seen the shift to dev sec ops, which in theory is a good idea because it's, it's with security and development and operations working together rather than again, in silos. So, and the other shift in focus has been towards threat detection and response capabilities. So, you know, in, in traditionally the focus of cybersecurity has been more on keeping the bad guys out and, and being on sort of protection. Whereas now it's, it's more becoming the idea of being able to detect if you've been breached and to respond quickly and efficiently to that.
Right. I think that is a trend that I see also in my advisory business on a daily basis, because the, the more, the actual business is moving towards technology, or the more technology is involved in, in business. The more it is understood that investing in cybersecurity is not nothing that has to do with this computer stuff, but this is real business. This is making sure that business can continue and that it even can continue in case of an attack in case of a breach. And this assume being breached approach and is also reflected in what you just said, being prepared for it and being capable of reacting immediately while maintaining business going on and making sure that this does not yeah. Break down any systems so that the machines can keep running afterwards. So this is also a really a change in the mindset, protecting cybersecurity, maintaining cybersecurity is maintaining business. I think that is something that is really an important change in perspective that many organizations already have made and others will have to learn that very soon. And what else does this mean from your perspective for, for business before we come to some, some, some tangible recommendations where to look and what to do. So where do you expect other changes in business resulting from this change in cybersecurity?
Well, as you said, I think that the most important point is that cyber security and the use of it are now inextricably linked. And I've always liked the analogy of, of, of car safety, how it's developed over the years. So now you can drive cars now that are much more or safer to drive because they've got all these safety mechanisms built in. And, and so I think that's, that's kind of a way where we need to go. But the fact is that you can only go fast in a car because you've got to set a break. So in a way, cybersecurity is always those kind of break breaking mechanism is to say that you can carry on your business and use the technologies that you need to use in terms of, of, of speed to market and all this kind of stuff. But because you've got the cyber security built into it, it, it means that you can do these things safely.
So therefore I think both in organizations and end use organizations and it industry, including cybersecurity vendors need to shift their perspective to consider cybersecurity first and foremost, as a business enablers, you were saying, so business needs it, but it, without security, because without the breaks is worth this, because the risk to business is too great. The challenge is to implement the necessary controls and the safeguards in the most frictionless way possible. So that security never impedes business, project processes and initiatives. So this means that news organizations need to consider cybersecurity as a key factor in their technology, investment decisions and technology vendors need to build their products in such a way that they can be used safely by businesses and the organizations that shouldn't be extra, extra work, they should just know, okay, to use this. It's got all these safety mechanisms built in, as I was saying about the car,
True. I would fully agree. I've, I've sat in at the beginning that, that we look today at this whole topic from an analyst perspective, although we still don't have this crystal ball that gives us the perspective for the next 10 years, we still also have to cover, and we do it to cover the cybersecurity market in detail and in depth. But nevertheless, if you had five key recommendations to make to our audience, where to look at, as of now where to invest, where to focus and maybe which aspects to cover, which are not mainstream as of now, what, what would be five key recommendations that you would, that you would give to the audience?
Well, I'd say first and foremost, you know, understand what technologies and capabilities are relevant to cyber security and how they fit in and functions. I think, you know, as, as, as you know, we, we often recommend that people don't focus on the technology, rather focus on the business, need the business case, but I think it's very important for organizations to understand what technologies and capabilities are relevant and, and how they fit in. And then you've got to adopt a, a strategic approach to cyber security, to support business objectives, to meet the current and future security needs in a consistent way. So understand the business risks of cyber attacks, such as system outages, you know, something like a denial of service attack, or, you know, we've seen now a ransom wave, but that's a whole different can of worms, worms, data breaches, reputational loss, and you've got to prioritize those risks that need to be addressed.
So, you know, downtime for one organization may be super critical, whereas for another, not so super critical. So you've just got to understand your business and what, what, how that makes you vulnerable to certain kinds of cyber attack. And then obviously prioritize those. And then you've got to re evaluate your existing cyber security tools so that you can identify the gaps, which tools mitigate the real risks to your business, and which tools can be eliminated because they either don't serve any purpose or just are not relevant to your business. And then overall, as well assume that breaches will happen to your organization. I think, you know, again, this is a whole topic on its own, but more and more people are coming to this idea of a zero trust approach to cyber security, where you, you just assume breach, you seen that breaches will happen.
And then you plan in terms in terms of that, to make sure that, you know, everyone who's getting access at every step of the way is verified and, you know, authorized and authenticated at each step. It's not just the old model of, of security. We were everyone who was on the network was just implicitly trusted. Yeah. So, you know, then really it's just adopt a zero trust approach to security and implement several forms of authentication to ensure continuous identity verification, to stop things like credential abuse and lateral movement of attackers. Cause I think we've seen that happen in many, many attacks in recent months where that's just the way they get. And if we look at, you know, all that, but the really high profile ones recently, it's all just been about credential abuse. Yeah. So I don't, I don't know. I wasn't counting was that five was that five?
I didn't check that. I have one more question. Maybe then we ended up with six or seven. Nevertheless, we, as, as analysts, we often are looking at these more modern, these more emerging technologies while the, the, the, the basics are still still working are still available and still evolving as well from, from your perception, when we talk about integrating machine learning AI into these different aspects of cybersecurity, is this a trend that you also see in your research or is this over-hyped or is AI machine learning or has it already arrived in, in cybersecurity? Sure. Look, I think
To a certain extent it is, it is being introduced in various ways and to various extents and it does definitely have a role to play. I think the most important thing is just again, look at, look at the particular business use case and see whether there is an application for, for an AI assisted tool there. And then just assess sort of how useful that is in, in your situation. I don't think you can just say, well, if it's AI, it's great go for it because not all AI is created equal. So, you know, it's just, you have to look at what is your business case, and then look at new technology or draw up a list of technologies that could possibly meet those requirements. And, and then evaluate, evaluate that in context of your business requirements.
Absolutely. I would fully agree. And although we said, we were a visionary where we're looking into the future and predict, predict a bit what, what will come in the, in the near future. I, I finally realized that we came to a very back to the ground position and, and I really liked that, that you said, okay, do a risk assessment, make sure what really is threatening your company, make sure that, that your business defines what is important and that you use the solutions that actually fixes your problems. That is something that I really liked about today's discussion because I think that is, that is true for today. That is true also for, for the future and for a changing environment, reassessing risk, making sure that we consider being on that attack and being prepared for that. Any final thoughts that you want to share before we close down
Today? Yeah. So I think just, you know, looking forward, I think just prioritize investments in security intelligence platforms, because I think that's really important. You know, you need to really know what you are, what you're dealing with with identity and access management that, you know, I think that's really at the core of, of, of, of, of everything and things like user behavior analytics, know what your, what people on the network are doing, what people and things on your network are doing. Make sure that if you are doing dev ops, that you are, you are, you have security for dev ops investigate AI assisted tools and, and make sure that if you have OT, operational technology and IOT environments, to make sure that you are catering for the security for that as well. And then overall and integration of cybersecurity with continuity management. I think that that's really important that these two things work together on that they are not in silos.
Absolutely. In all, all the topics that you just mentioned briefly were actually worth at least one episode on their own, because this is really a wide range and cyber security is still growing and with our changing work and working environments, and it is expanding in areas where we've earlier did not look at. So thank you very much, mark, for, for joining me today for sharing your insights from your research in the areas of cyber security. I'm looking forward to having you soon again, meeting you in person and meeting you by a camera and talking more about cybersecurity topics and beyond thankful thank you for today.
Same here. Thanks Matthias. Bye. Bye bye-bye.
