Microsoft, Amazon, and Alphabet are stomping into the security market, ready to shake things up and address the weaknesses they see in today's tools. Analysts predict the three tech giants will disrupt security the same way they disrupted industries like computing, advertising, and retail by bringing protections to where people are moving their work: into the cloud.
Forrester analysts Jeff Pollard and Joseph Blankenship illustrate the threat in a new report intended to help security pros prepare to work with the companies as they focus on security in the cloud, a space the three effectively control. Legacy security vendors should be intimidated, says Pollard, Forrester's principal analyst serving security and risk professionals.
"As more and more technologies are cloud-ready and more services are cloud-enabled, what winds up happening is, in the same way Amazon can control a retailer on Amazon Prime, that's the kind of power Microsoft, Amazon, and Google will have on their own cloud marketplaces," he continues, referring to Google Cloud, which operates under parent company Alphabet.
Cybersecurity is a hot market for venture funding; Forrester reports VCs poured $3.1 billion into nearly 300 startups in 2016. The investment has driven innovation but failed to address basics like full-featured APIs and integrated management consoles bridging on-prem with cloud.
With their strong influence over the tech market, Microsoft, Amazon, and Alphabet would have had some degree of impact on security no matter what. Now, their effect will be bigger. "They control the marketplace, and that means you have to pay attention to them," Pollard notes.
Each firm bundles technologies and simplifies deployments for security teams, which can use preconfigured security policies for new servers and containers. Scalability isn't an issue; as infrastructure and applications grow, so do cloud platforms. Teams don't need to worry about whether hardware can handle bandwidth upgrades, or whether management servers can handle new endpoints.
As an example of bundling tech, Pollard points to Microsoft's Advanced Threat Protection on Office 365. This puts pressure on email vendors offering spam filtering and automated analysis. If companies already use the Microsoft 365 platform, they don't need additional tools.
Pollard explains how each company approaches security from a different angle. If you want to monitor endpoints you go to Microsoft, which sees how attackers target the Windows OS. If you want to interact with developers, you turn to Amazon Web Services (AWS). If you want to use VirusTotal, you work with Alphabet, which bought the malware and virus scanner in 2012.
He breaks down each company's strategy and explains its perspective:
"Microsoft should probably scare most people as the biggest existential threat," says Pollard.
The company has shown its ability to move into adjacent markets and succeed. Windows is the world's most common OS, giving Microsoft a market advantage and the easiest path to market if they want to push out other vendors. Even if an antivirus tool is on 30% of Windows machines, the AV company has a small fraction of the data Microsoft does.
The shift has changed CISOs' strategies, Pollard explains. Gone are the days when security leaders opted for separate antivirus tools in lieu of Windows Defender. Now, many question the business' choice to buy an endpoint suite when Microsoft's services have security built in.
Microsoft's strategy relies on integrated capabilities; its plan is to build security into each part of Azure, Office 365, and Windows. Acquisitions of smaller firms like Adallom and Aorato have added cloud security capabilities and malware detection, respectively.
Looking ahead, he anticipates Microsoft will continue to target its core enterprise market by making security easy to buy and use. He cautions security teams against investing all their resources in one vendor, however. Microsoft may have succeeded with Windows, Office, and Azure, but has failed in the past with Bing, Windows Phone, and Zune.
Amazon's primary audience is developers, who benefit from the scalability and orchestration of AWS but put security teams in a tough spot with poor visibility and fragmented data. The Amazon strategy is to boost visibility in AWS so dev and security have the same set of threat intel, infrastructure logs, user activity, and CloudTrail API in one dashboard.
"Teams continue to use AWS and security teams aren't prepared for that," says Pollard. Amazon is now trying to empower both dev and security teams so they're on the same page.
Look to Amazon if you're focused on secure development, as developers will continue to be its primary audience, Forrester points out in the report. The company, analysts predict, will continue to add security features but will likely take time to broaden its target market.
Alphabet dabbled in the security space for a while, investing in VirusTotal and launching Project Zero for internal employees but it began its big push after Amazon and Microsoft did. Now it's trying to bundle security and grow the Google compute platform, says Pollard.
It seems Google Cloud's strategy is to go after the AWS market, he speculates. "They don't have the enterprise relationship that Microsoft has, so it makes sense to go after AWS." Its two focus areas include visibility and data analytics, and privacy on personal and professional levels.
Forrester recommends using Alphabet for data but approaching long-term investment with caution. "Alphabet has a history of announcing products and services, then letting them languish when they don’t take the world by storm," Pollard and Blankenship report.
Cybersecurity is a focus for Alphabet now, but the issue is whether the company will continue to prioritize its security services or abandon them. If your business uses Google Cloud Platform then it's worth investing in Alphabet's strategy, but if feature developments start to slow, it's recommended you reconsider.
Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here. Register with Promo Code DR200 and save $200.Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio