With an unprecedented number of employees working from home, the coronavirus pandemic is forcing companies to think differently about network security, potentially ushering in a new wave of innovation in the space.
While most companies had already begun the process of digitizing their workflows and communications, the new normal of a widely distributed remote workforce is creating problems for companies big and small.
"Most organizations have not prepared for remote access at the scale we're seeing right now," 451 Research information security analyst Scott Crawford said in an interview.
Companies that had moved their data off premises to the cloud and begun relying on third-party cloud-hosted applications are now moving their entire workforce off premises as well. The going technologies for connecting and securing remote employees may not be sufficient for an entire workforce, Crawford said.
In particular, he pointed to VPNs, or virtual private networks, which provide an encrypted connection that allows users to securely connect to networks over the public internet. Many companies and organizations rely on these secure connections to ensure that only designated users are able to access their networks remotely.
"VPNs are straining under the load," Crawford said.
He noted that this is not simply a temporary problem. Of the 75% of companies that implemented expanded or universal work-from-home policies during the pandemic quarantine periods, 38% intend to keep those policies in place after coronavirus subsides, according to 451 Research's "Voice of the Enterprise: Digital Pulse, Coronavirus Flash Survey March 2020."
With companies needing a long-term solution to address the expected increase in remote employees, the future of network security may not be to shore up existing VPN capacity, but rather to shift the focus of security to different points of connection between the endpoint worker and the organization, dissolving the need for VPNs altogether.
There are several touchpoints in a communication chain between an endpoint worker and the organization, and security can manifest at any one of those touchpoints. For example, a security firm can provide services that secure each endpoint, which could revitalize business for companies that historically provided personal computer security. Cybersecurity technology could also target the geographically distributed network of proxy servers that companies use to bring their platforms closer to the end user, called content delivery networks. It could also happen at the enterprise level, providing robust services for cloud security customized to a company's needs, or on the internet service provider's network itself, Crawford said.
Solutions to secure this next generation of distributed workforces are already being developed and deployed, and the market will decide the most appropriate solutions, Crawford said. The industry could see a new wave of partnerships forged to meet these rapidly evolving needs, eventually leading to potential M&A.
"The crisis is leading to more relationships," Crawford said. "If there are bright lights in this economy, information security is one of them."
Prior to the pandemic, cybersecurity business and deal activity were already humming. Price-to-sales valuations for information security companies were 7.6x and 5.6x in 2018 and 2019, respectively, compared to the tech industry average of 2.6x and 2.8x. The ratio measures the value placed on sales by the market, with a higher ratio signaling the market is willing to pay more for each dollar of annual sales.
From 2016 to 2019 the number of cybersecurity M&A deals jumped from 111 to 143, and the aggregate value of those deals jumped from $15.4 billion to $23.3 billion, according to data from 451 Research.
"No year in history have we seen more deals or more spending in the [information security] M&A market than last year," 451 Research M&A analyst Brenon Daly said on an April 20 webinar with Crawford regarding the coronavirus's impact on the cybersecurity sector. Companies like Palo Alto Networks Inc., which has been very acquisitive in recent years, have been paying multiples up to 25x sales, he said.
While Daly and Crawford each said M&A in the space will likely stall due to the impact of the pandemic, they believe business and partnerships in the cybersecurity sector will likely proceed at a steady, if not accelerated, clip.
The pandemic is a "forcing function" for companies, Crawford said, and will only increase the focus on cybersecurity innovation.
451 Research is an offering of S&P Global Market Intelligence