Zero Trust, AI, Capital Markets Drive Consolidation in Cloud Security

We Keep you Connected

Zero Trust, AI, Capital Markets Drive Consolidation in Cloud Security

News, news analysis, and commentary on the latest trends in cybersecurity technology.
Companies that quickly shifted to cloud-native operations are looking for greater visibility and protection — and AI benefits — while an uncertain economic future has venture capitalists looking toward safety.
January 15, 2024
Consolidation in the cloud security market is off to a strong start in 2024.
On Jan. 9, privileged access management firm Delinea announced that it had acquired Authomize, a maker of tools that detect and respond to identity-based threats in the cloud. The previous week, on Jan. 3, integrated enterprise security firm SentinelOne disclosed it had acquired PingSafe and that company's cloud-native application protection platform (CNAPP) to augment its cloud offerings.
Also on Jan. 3, SonicWall announced its acquisition of Banyan Security, a maker of zero-trust cloud solutions, as the company aims to keep up with the threats in the cloud space, president and CEO of SonicWall Bob VanKirk said in a statement announcing the acquisition.
"Cybersecurity's focus is shifting to more dynamic solutions that can adapt to the ever-evolving landscape of threats in the cloud age," VanKirk said. "For years, firewalls have been the cornerstone of cybersecurity defenses. However, with the rise of cloud computing and secure access service edge (SASE), the industry is shifting its focus to more comprehensive and flexible approaches."
As companies continue to move more operational infrastructure to cloud services and platforms, they hope to gain better visibility into both the security of that infrastructure and the threats targeting their cloud-native operations, says Charles Winckless, senior director analyst at business intelligence firm Gartner.
"We're seeing organizations that were moved to the cloud and didn't really realize it from a security perspective because the business did it, and now they're trying to get a handle on it," he says. "So this tooling is again becoming more and more critical."
With demand for better cloud security growing, security players are looking to consolidation to bolster their offerings, especially in two key areas: products and services that support zero-trust security architectures and offerings that make strong use of machine learning (ML) and artificial intelligence (AI).
SentinelOne's acquisition of PingSafe is not its first deal focusing on zero trust. In 2022, the company bought Attivo Networks to add identity threat detection and response technology, which helps mitigate a significant threat in cloud infrastructure: attackers with legitimate credentials.
Other companies have also focused on boosting their zero-trust credentials. Cisco acquired Isovalent in December to heighten its visibility into, and protection of, cloud workloads, and it bought Lightspin in March to bolster its cloud security offerings.
Companies are shifting to zero-trust features throughout their cloud security and are looking to their strategic partners to provide those solutions, says Jim Reavis, CEO and co-founder of Cloud Security Alliance.
"As enterprise consumers made the leap into a cloud-first strategy, they typically selected a strategic technology partner," he says. "As their needs grew, they pushed their strategic partners to broaden their offerings, which often necessitated M&A."
With a crowded cloud-security market and concerns over the economy, many startups have grown more worried that their runway to financial breakeven has shortened, leading a growth mindset to give way to consolidation, says Gartner's Winckless.
"There's an awful lot of vendors out there, and in a time where perhaps the economy isn't as great for buying products," he says. "With venture capital investment definitely trending a little lower, some of these companies are going to need acquisition to continue to be funded."
Businesses are looking to vendors to provide AI features that improve their visibility into operational assets, identification of threats, and the efficiency of incident response. Unsurprisingly, vendors are looking for ways to deliver those benefits.
While zero-trust features are in most demand, companies also don't want to fall behind in the race to adopt AI for any cloud-security benefits, says CSA's Reavis. Over the past year, companies have been keeping an eye out for effective ways to apply AI to cloud security, he says.
"The biggest single area of inquiry we receive is around generative AI and what we see as the 'copilotization' of cybersecurity solutions," he says.
In December, the CSA launched its AI Safety Initiative to make sure the process does not undermine the security of the cloud.
The trend will continue in 2024, as companies go beyond just promises and find practical ways to apply AI to cloud security, says Victor Oribamise, CEO of Kquika, a data analysis startup focused on the airline and travel sector.
"Expect increased adoption of AI and ML) for threat detection, incident response, and anomaly identification," he says. "These tools will help sift through the noise and pinpoint real threats, freeing up human analysts for more strategic tasks."
The decision to adopt a "best of breed" technology versus tightly integrated "good enough" solutions is always on companies' minds, says CSA's Reavis. Yet the simplification of cloud-security stacks is a secondary factor in the consolidation we are seeing in the markets today, he says.
"We saw a large influx of capital into cloud-native security solutions in the lead-up to and during much of the pandemic," Reavis says. "Investors essentially placed their bets on cloud security, and as capital markets began to tighten in mid-2022, it has driven a natural consolidation cycle."
The consolidation is not about creating a single cloud security provider for a business's needs, but more about simplifying operations to provide better visibility and detection capabilities, says Gartner's Winckless.
"It's not really that [businesses] want to deal with a single vendor — if it was, there are some obvious candidates who would be doing extremely well in this space," he says. "I think it is that organizations are looking for sets of consolidated platforms that reach across multiple domains to get better visibility and more consistent security."
Whether the most recent buys will lead to more comprehensive and integrated security will depend on how well cloud security providers such as SentinelOne, SonicWall, and Delinea do in handling their latest acquisitions, he added.
Robert Lemos, Contributing Writer

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.
You May Also Like
Tips for Managing Cloud Security in a Hybrid Environment
Top Cloud Security Threats Targeting Enterprises
DevSecOps: The Smart Way to Shift Left
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Cyber Resiliency 2023: How to Keep IT Operations Running, No Matter What
First Step in Securing AI/ML Tools Is Locating Them
InfoSec 101: Why Data Loss Prevention Is Important to Enterprise Defense
Snyk Acquires Helios for Runtime Visibility
Zero Trust, AI, Capital Markets Drive Consolidation in Cloud Security
Copyright © 2024 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.