The perimeter is dead.
For those enterprises that by then hadn’t gotten the memo, the stampede to work-from-home caused by the coronavirus pandemic was a wake-up call. Hybrid cloud, remote access, and edge computing are just some of the trends breaking down the old bunker mentality. There’s no longer a clear line of demarcation between internal and external threats.
"There's no perimeter anymore, because we're all outside of it," Chase Cunningham, VP and principal analyst at Forrester Research, said.
In a perimeter-less environment, the new approach is zero trust, which also happens to add the benefit of a new level of independence from vendors, Marcus Chung, CEO of the cybersecurity consultancy BoldCloud, told us.
"No single vendor or authority is solely authoritative,” he said. “This represents a significant vendor and industry shift."
And many startups are capitalizing on the trend.
One of the more interesting ones, Cunningham pointed out, is Nullafi, a next-gen data loss protection vendor that acts as a data security middleware layer. Even if the environment is compromised, the system ensures that data is protected where it is. That’s a radically different approach from the one taken by traditional data loss prevention technologies, which sit at the perimeter.
Another interesting startup, he said, is HyperCube. It creates a virtual model of your entire infrastructure for penetration testing and for testing zero-trust architectures and applications. "You can blow it up and attack it, and it doesn't matter, because it's not the production environment," Cunningham said.
One of the areas where zero trust is particularly important in a distributed environment is authentication, cybersecurity marketing consultant Ken Rutsky told us. He highlighted three startups that are doing interesting work in this area: Jumio, Banyan Security, and Byos.
Startups are also continuing to innovate with AI, he said, highlighting Hunters, Kognos, and Blue Hexagon in this area. All three use AI to help find threats.
One AI-powered cybersecurity startup that stands out for Asher de Metz, security consulting senior manager at Sungard Availability Services, is Obsidian Security. "Obsidian Security has an intelligent identity protection offering that analyzes user activity, permissions, and configuration data with advanced machine learning," he told DCK.
The goal is to improve security and identity management. "This is a key area that companies tend to struggle in and need extra assistance with," he said. Obsidian fits into the no-perimeter trend as well, since it's designed to work with SaaS applications.
Another startup de Metz is paying attention to is Breach View, which helps companies discover if any of their data has been breached and put up for sale on the black market.
"This is done with the largest data sets and the largest amount of data sources ever collected in one place," he said. "Most companies have no idea whether or not their data is sitting on the dark web."
A Lackluster Crop
There’s been a lot less investment in cybersecurity startups this year compared to previous years, which some attribute to a dearth of innovation in the space.
"Based on our recent data, 2020 is trending down with 43 deals in the first two months of the year compared to 103 and 91 in 2018 and 2019, respectively, for early stage investments," Tony Surak, partner at the Washington, DC-based venture capital firm DataTribe, told us.
And that's before the pandemic shifted into high gear in Europe and the US. "Looking ahead, we can anticipate that the coronavirus outbreak will add additional downward pressure," he said.
Instead, some of the largest, most established vendors have been rolling out significant improvements to their cybersecurity platforms, said Michael Perrault, senior security architect for cloud and data center transformation at Insight, a Tempe-based technology consulting and system integration firm.
"When established companies are out-innovating startups, it feels like something is lacking," he said.
Looking ahead, he suggested that startups look at the problems being exposed by the work-from-home transformation.
"Startups should focus on the changing nature of the workforce and remove barriers to flexible access methods, while increasing data security," Perrault said.
Startups should pay a lot of attention to ease of use, added T.J. Rylander, general partner at Next47, a global venture capital firm backed by Siemens. "Security and IT teams are stretched thin by newly distributed teams," he told us. "So, any efficiency gains are prized."
For example, Rylander said, startups should shift offerings toward hosted models whenever possible. That includes finding ways to avoid on-premises proof-of-concepts and allowing data centers to deploy new technology in a hands-off manner.
"Nothing will be more important for the rest of 2020 than a product's ease of deployment and management," he said.