Andreessen Horowitz (a16z) has pumped $90 million of funding into Tanium, an enterprise security and systems management company.It was the second largest single investment by the venture capitalist firm and the latest indication that now, more than ever, is a good time to be in the Internet security industry.
The first half of 2014 has been laden with news regarding Internet security breaches. Approximately 5 million credit cards and 500 million online accounts have been compromised as a result of Internet security breaches since the start of 2014, according to data collected by PCWorld.
Heartbleed, a security bug within the OpenSSL framework that is used by two-thirds of all websites, struck in April of this year, affecting massive services like GMail, Netflix, Instagram, and Tumblr. The potential damage has so far largely been contained (although Robert Graham of Errata Security believes over 300,000 servers are still vulnerable), but sophisticated hackers could have conceivably gained access to the secret keys that protect millions of usernames and passwords, emails, and business critical documents.
Meanwhile, a massive security breach at Target, in which hackers gained control of 40 million debit and credit cards and other personal data from 70 million customers, contributed directly to the resignation of the company’s CEO in early May. These incidents, which came in the wake of Edward Snowden’s revelations about certain NSA practices, have underscored the growing importance of IT security as more and more individual and enterprise data migrates online.
Alongside this uptick in high-profile security breaches, two trends have introduced new variables for security firms to deal with; corporate Bring Your Own Device (BYOD) policies and the rapid development of the Internet of Things (IoT). Forrester Research claims that 53 percent of employees who engage in some capacity with IT either use their own personal devices, install unsupported software, or visit unsupported Internet-based services such as Dropbox, Skype, and Twitter to do their jobs. The research firm Gartner reports that the trend will only continue, with 70 percent of mobile professionals conducting their work on personal smart phones, tablets, and other devices by 2018.
But as former NSA director Chris Inglis explained in yesterday’s Wall Street Journal, the stakes involved in protecting proprietary information are higher than ever before. “Any number of companies have suffered the loss of their intellectual property and think they can weather even that, because they’ll out-innovate whatever adversaries they have,” he said in an in interview, “I think that’s increasingly less true than it was 20, 30, 50 years ago.”
Gartner predicts there will be 26 billion IoT units installed by 2020. At the same time, a greater proportion of the industry’s $300 billion in incremental revenue for smart appliances will come from associated oversight and maintenance services, as opposed to the products themselves. Adding connectivity to devices that were previously standalone increases complexity, as IT administrators are forced to manage not only more disparate systems, but a larger number of them. To accommodate the scope of the emergent Internet of Things, and the influence it will exert on the business community, there is a movement to rebrand the term IT Security to something more all-encompassing, like Digital Security.
The security industry is recognizing that change is needed if it is to keep pace with the growing demand for its services. Yesterday Symantec, a Fortune 500 software security company, announced at the Clinton Global Initiative Conference that it was launching the Symantec Cyber Career Connection (SC3). The goal of the program is to attack the industry’s estimated 300,000 job shortfall, specifically the 60,000 or so jobs that could be filled without a four-year degree.
There are also startups that are experimenting with radically alternative ways of thinking about security. One of them is Clef, an Oakland, CA-based digital cryptography company. “Passwords are going to stop working for us,” says CPO Jesse Pollak. “In the next five years they are going to be completely unsustainable.” Clef works by using a smartphone’s digital key to generate a different, 300-character password, or signature, each time users are confronted with a login page. Instead of entering a password, which can be compromised or forgotten, Clef enables users to access their personal online accounts by simply aligning their phone with the screen of a Clef-powered website’s login page.
The digital future will not only generate new companies within the security industry, but new jobs across all sectors. According to Gartner analyst Paul Proctor, by 2017, one-third of all large enterprises will have a digital risk officer, charged with ensuring that all of a firm’s digital data is secure from subversive interference. No matter how competent these digital risk officers might be, however, they and the companies that employ them must be satisfied with a degree of uncertainty. In this day and age, “there is no such thing as perfect protection,” says Proctor. Digital security companies face a daunting task in stemming the tide of attacks, but it remains a vastly profitable one, which is why the likes of Andreessen Horowitz are happy to keep injecting money into the sector.
Five of the biggest digital security investments in 2014 so far
February: Shape Security raised $40m in Series C funding.
February: Cloud security provider Apprity clinched $8m in funding.
March: Wickr, a communications app focusing on security, raised $9m in a Series A round.
March: Endpoint security and data protection specialist Verdasys grabs $12m in fresh funding.
June: Tanium, which specializes in BYOD security, handed $90m by Andreessen Horowitz.