As people in the U.S. get ready to over-eat their Thanksgiving Day feasts, cheer on their favorite football team and hopefully look back in gratitude on all the good things 2018 has brought them, it’s my habit to also consider what the year ahead may bring. In addition to my favorite team winning the Super Bowl, I also think the security industry is in for a few changes.
Here are my top three predictions on how we will see the industry change in 2019. I will also post more in the coming weeks on how I think the threat landscape will continue to evolve as cyber criminals ramp up their game.
Consolidation will be everywhere! Not only are the VC/PE funds applying more scrutiny to kitschy startups, but their would-be customers are sitting this one out. Looking for problems around the margin and then developing technology-enabled solutions for those problems will prevent a lot of early stage companies from taking off. Then, even those with extraordinary value will get lost by being folded into a general perception that these solutions aren’t worth the bet.
So…forget the IPO. Your investors from 3-5 years ago are growing impatient and their lending partners are demanding payouts. An IPO would take time, has shaky confidence, and no guarantee that you’ll satisfy early investors or get the cash injection you need. Not to mention overcrowding in a number of security markets.
What do you do? You sell to Symantec, Microsoft, McAfee, or Splunk. If you don’t believe me, just look at the recent acquisitions of Javelin Networks, Appthority and Cylance. If that isn’t your brand of whiskey, then you join forces with another of similar size and ‘merge.’ Financial markets, not the objective merit of the tech will drive consolidation and security will become even more of a melting pot.
Data privacy concerns have reached a boiling point. Within western nations, we will continue to see a heightened focus on this issue, and are likely to see regulations spill out of Washington. This accelerated path to law (historically an impossible expectation) will come from an inert tech lobby. Tech leaders are encouraging a unified privacy standard and regulations to enforce it, which is a much better alternative than dealing with 50+ different state laws. The EU will continue to stomp its feet to get the U.S. to cooperate and will assert its authority, especially because of tensions between Europe and the current administration. The U.S. will likely adopt a data privacy rule that looks like a modified HIPAA and a framework of controls that everyone can do (NIST is a probable candidate).
About 10 years ago, there was a shift in the IT mindset from treating employees as nuisances-to-avoid, into customers-to-serve. This perspective will carry over into other arenas - including security. Security teams will be retooling their efforts with users in mind, not just to prevent them from doing something foolish, but also to protect them from dangers and harm. Security will take a back seat to the employee’s privacy and overall experience with the security trappings of their company.
If HIPAA and HITECH compliance is a concern for your organization, download this complimentary guide, Achieving HIPAA Compliance: Your Guide to Avoiding HIPAA and HITECH Penalties.