2016 is looking like the year that the enterprise moves to the cloud. Of course, the number one issue holding back enterprise cloud adoption is security. So the move to the cloud should be a good thing for security vendors overall.
But it turns out that different classes of security solutions will fare differently in this transition. In fact, when we dig into the guts of a traditional data center, we can look more broadly at which classes of infrastructure – and the vendors behind them – will be winners and which will be losers as the enterprise moves to the cloud.
Anti-Malware Vendors – WIN
Anti-malware vendors will continue to do what they do best – inspect data traffic and patterns to separate good from evil. As the enterprise moves to the cloud in 2016, anti-malware solutions will move with them.
This trend means there will be significant demand for anti-malware solutions that are relevant on the cloud as well as within on-premise data centers. Some challenges remain that are related to the insertion of anti-malware in the cloud, but the opportunity is so big that I have little doubt they will be solved.
While the major cloud providers such as Amazon will continue to enhance security, I don’t think they will produce their own anti-malware capabilities. They will instead make accommodations for the established security vendors to provide these capabilities.
So in the year ahead, look for the major anti-malware providers to expand their footprint as they develop cloud computing solutions that offer the same levels of protection as on-premise solutions.
Traditional Firewall Vendors – LOSE
Why? Access control (a core firewall feature) is being commoditised as it is built into the cloud provider’s hypervisors and becomes tied to provisioning of individual compute instances. Amazon’s Security Groups are a great example of how traditional firewalls are being overrun by cloud technologies.
Firewalls have traditionally been used for access control- determining who can talk to what over which protocol – and have been very IP-centric. Most firewall solutions have evolved to add application awareness as well as protocol and packet inspection.
These advanced functions will still be relevant; however, it can be challenging to insert these services into the cloud – particularly if the core access control is embedded in the cloud provider’s offering.
Furthermore, if traditional firewall vendors rely on special forms of hardware acceleration such as regular expression matching or crypto cards, they will not be available in the cloud and will be yet another barrier to migration for traditional vendors. The net takeaway is that traditional firewall vendors will likely not benefit from the transition to the cloud.
Load Balancer/Application Delivery Controller Appliance Vendors – LOSE
Load balancers distribute network or application traffic across servers to handle high volumes of users or visitors. But in the cloud, auto-scaling of compute power is baked into the cloud provider’s infrastructure, and customers now expect it to just work.
In 2016 we can expect legacy apps that are hardwired to traditional load balancers will either stay put on-premise or be rewritten to take advantage of new cloud architectures.
As with firewalls, when load balancer functionality increasingly gets built into or becomes part of the cloud computing infrastructure, the need will disappear for separate, dedicated products that IT has to purchase.
Encryption Vendors – BIG WIN
Encryption used to be an arcane tool that companies deployed only in scenarios that absolutely required it. Now the expectation is that everything needs to be encrypted – always. But to provide encryption across hyperscale environments, incumbent vendors need to offer solutions that are truly transparent and massively scalable.
I have no doubt we’ll make big strides in that direction in 2016. As an executive at a major financial institution recently told me, 'In the post-Snowden world, everything has to be encrypted all the time.'
It should also be noted that this is not your father’s encryption. Traditional agent-based encryption has been around for decades, but it’s always been hard to operationalise because it’s difficult to use and breaks some infrastructure functions such as data management. As a result, its use has been relatively limited.
But that’s going to change as more advanced encryption solutions are developed. It is important to note that cloud providers will continue to offer built-in encryption capabilities, similar to firewalling and load balancing, but they will be countered by the next point – the evolving role of encryption.
Encryption will eventually take on a larger role – beyond simply protecting data – to include access control and protecting other parts of the network. A great opportunity exists here for both established and new encryption providers.
In a cloud-based world, encryption becomes the new 'perimeter' and is the logical insertion point to enforce security policies. The net effect is that 2016 should be a great year for encryption vendors.
Switch Vendors – LOSE
Many of the complex features of established switch vendors (such as VLANS) are manifestations of physical constructs. But in the cloud, switching is much simpler. Fancy routing protocols and network encapsulations evolved from physical constructs; in other words, 'I have this IP range in this rack that I have to connect to that IP range in that rack.'
A lot of physical stuff is involved that can get very complex to manage as you work to ensure that Rack A doesn’t talk to Rack B but does talk to Rack C in the giant jumble that is network management.
But all these problems go away in the cloud. For example, instead of having to set up network access control policies, Amazon has networking controls called Security Groups that are defined up front and then automatically deployed. So the value proposition of sophisticated software switches gets reduced.
The need is not completely eliminated, because there will still be customers who want to project one network onto different infrastructures, but the trend line and revenues for switch vendors will continue to decline in 2016.
Another factor affecting switch vendors is that the virtual switch in the cloud needs to solve the problem of insertion. This problem is very challenging and beyond what traditional switch vendors provide today. A switch needs to be tightly integrated with a hypervisor.
Since cloud providers are unlikely to give special access to third-party switch vendors, these vendors will struggle to insert their products into a cloud-based data center. The net result is that the transition to the cloud is unlikely to be positive for switch vendors.
Software Storage Solutions – WIN
Today enterprise data is growing exponentially, and the cloud only accelerates this growth because infrastructure is accessible to store that data. So the cloud will drive primary demand for software-based storage systems.
In addition, enterprises will need data management to span private and public clouds, creating a ripe environment for software storage vendors to succeed.
I firmly believe that software storage solutions that are not tightly integrated with security, such as encryption, will become unworkable. This belief is based on the simple fact that if data is encrypted separately from the storage system, the process of replicating, backing up, and moving this data is very difficult.
Encryption and data management have to be integrated as one thing; you can’t think of security and storage as two separate things. The vendors that realise this fact will be the software storage solution winners in 2016.
The year ahead
The transition of the enterprise from private to public clouds is likely to be the most impactful transition in the IT data center sector in the past three decades. Most Wall Street analysts already realise that this transition is going to happen; the big question is when and how fast.
In 2015 only a small percentage of enterprise workloads moved to the public cloud. In 2016 I expect we will see a much larger percentage, although still not the mass migration that is to come. As this transition unfolds, an entirely new vendor landscape will emerge.