By Lior Carmel, Associate at Blumberg Capital
The cybersecurity industry reunited at RSA Conference earlier this month, after a two year hiatus. Following a busy week immersed in new cybersecurity solutions, connecting with fellow investors and CISOs, I have a few quick takeaways on the state of cybersecurity:
Supply chain security is one of the highest priorities for security leaders
A recurring theme in my conversations with CISOs and investors was the increasing emphasis on securing the digital supply chain and monitoring the risk originating in third party software, libraries and dependencies. This reminded me of a CrowdStrike survey showing that supply chain attacks grew 50 percent from 2018 to 2021. On the heels of a traumatic year of large scale supply chain attacks like the SolarWinds incident and log4shell vulnerability, there’s a timely market need and a real opportunity for innovation in supply chain security.
Downturns in the markets may boost cloud migration
The cost-effectiveness of cloud vs. on-prem is long known: reducing waste on unused capacity and paying only for actual consumption, decreasing spend on depreciating hardware, saving on power and electricity, maintenance, and so on. On top of that, there’s another underline financial benefit of moving to the cloud – moving from capital expenditure (CapEx) to operational expenditure (OpEx). For many businesses, offloading costs from CapEx (on-prem) to OpEx (cloud) increases agility in resource allocation. As OpEx are tax deductible, businesses can improve margins by moving to the cloud, which is especially relevant in unpredictable economic environments. This builds on the migration that was expedited by COVID and the security implications of this go without saying.
The identity space has entrepreneurs’ attention – big time
I had a great time meeting with young cybersecurity companies – many who were presenting their solution for the first time. There were many entrepreneurs in town who were in the earliest stages of building their ventures in stealth. I was not surprised that many of these cybersecurity entrepreneurs chose to focus on solving growing issues in identity management. The identity and access management (IAM) domain is in need of disruption. Legacy vendors can’t keep up with the pace in which environments grow and change. Multi cloud, SaaS apps proliferation, WFH, among other factors – the challenge is substantial. Disruptors like Authomize address the importance of enabling companies to understand relations between identities and assets in highly complex environments.
Are conferences as we know them about to change?
We can’t avoid the question of in-person conferences’ ROI for startups, at least in its current format. RSAC reported 26,000 attendees this year, which is 15,000-20,000 lower than pre-pandemic days, with a growing segment of solution providers. I’d argue that valuable connections between startups and CISOs were primarily happening off the show floor and that young companies should seriously think through how to maximize their event attendance. Many startups CEOs and CMOs are already contemplating this question for RSAC 2023.
There’s a lot more to unpack, especially with the changes that we are seeing in today’s markets. Is cybersecurity indeed recession-proof? How will the downturns affect security budgets?
One thing is certain: cybersecurity startups are critical to powering and protecting our digital economy.
Visit our News & Insights for news and perspectives on the evolving cybersecurity landscape. You can also follow RSAC for more perspectives on topics keeping security leaders up at night here.