In the past year, the Internet security market has seen several high-profile mergers and acquisitions.

One company — Blue Coat — has been both the acquirer and the acquired.

At the end of 2015, Blue Coat bought Elastica for $280 million, only to find itself scooped up by Symantec 9 months later.

Another major deal was Raytheon’s acquisition of Websense, which was combined with Raytheon’s cyber products group and Stonesoft to form Forcepoint in early 2016.

On the software side, Avast recently announced its takeover of AVG Technologies in a billion-dollar deal, IBM purchased Resilient Systems in April 2016, and 2 months later Cisco acquired CloudLock, a security vendor specialising in cloud-based services.

>See also: Cloud-based technology is a threat to business

However, all those M&A do not always yield positive results. Since Raytheon acquired Websense they have progressed to the left in the Gartner Magic Quadrant. The same can be said of Scansafe who were acquired by Cisco some years ago.

All this activity raises the question: what’s driving this market consolidation?

Workplace trends are changing the security agenda

One of the primary drivers of change in the market is digital transformation.

It would be difficult to overstate the effect transformation is having on every organisation’s IT strategy.

More and more companies are moving critical business processes and applications to the cloud.

Industry heavyweights like Microsoft, Oracle, and SAP are investing massively in their own cloud offerings, and there is a growing market for cloud-only apps, led by trailblazers like Salesforce.

Meanwhile, the volume of Internet-enabled devices continues to grow.

>See also: Understanding the three variants of cloud security

Workplace mobility is enabling employees to access corporate resources on networks or cloud-based applications from anywhere in the world and on any device.

As a result, employees and data have left the network perimeter that has traditionally safeguarded organisations — and vendors of those traditional safeguards are struggling to cope in this new world of IT.

The threat landscape is evolving, too

Cyber criminals, knowing that users have left the security perimeter and taken their devices and data with them, are looking to exploit gaps in security and catch poorly protected off-network employees.

At the same time, cyber-attacks are becoming more sophisticated and more targeted. They’re also hiding behind stealth technologies and SSL encryption, or even morphing to evade discovery.

These techniques have rendered conventional signature-based detection ineffective, and the security market has been developing new techniques for dealing with more advanced, and more persistent, threats.

The need for new technologies explains why incumbent market players are trying to expand their security portfolio through acquisition.

Digital transformation says yes to cloud-based security

For years, IT departments have typically deployed a web proxy and a virus scanner to secure their Internet traffic.

They often added data loss protection and sandboxing for dealing with advanced threats. Some added SSL inspection, tools for managing bandwidth, and more.

What most organisations have ended up with is stacks of disparate appliances that don’t talk to each other and that adds cost, complexity, and latency to their networks.

Cloud-based security eliminates complexity by integrating services to provide a complete picture of network activity and threats.

>See also: Digital transformation is the new kingmaker

It reduces costs, because there is no hardware to buy or maintain and it provides a better user experience by scanning all traffic, inline, in the cloud.

Therefore, it’s not surprising that cloud-based security is growing faster than hardware-based solutions.

According to Gartner, while appliance solutions have been growing by six percent a year on average, cloud solutions have been growing by 35 per cent on average over the same period.

M&As: an attempt to change with the market

Based on changing user behaviour, the changing threat landscape, and the change from the network-centric to the cloud-enabled enterprise, the shakeup in the cybersecurity market is hardly surprising.

Digital transformation is the catalyst for market consolidation and, as a result of their slowing growth, traditional hardware and software providers have become takeover targets.

Enterprises and organisations should be squarely focused on their future strategies as they evaluate security vendors.

As more and more business is done in the cloud, it makes sense to place security in the cloud, too.

Manual patching, hardware management, and software updates are quickly becoming a thing of the past – as are the boxes themselves.

Sourced by Matt Piercy, vice president and general manager EMEA at Zscaler