Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More
At its core, cybersecurity is a data problem. First, it is data that is being secured, and second, whoever has the security data has the ability to find patterns, identify anomalies and generate useful insights. All this makes it surprising that not everyone in the industry has heard and understands the role of the data gravity effect.
The concept of data gravity was originally introduced by Dave McCrory, a software developer who realized that as more and more data is collected in one place, data starts to build mass, attracting services and applications that rely on it. The larger the amount of data, the stronger its gravitational pull becomes, and the more services and applications will be attracted.
Over the past several years, we have witnessed security data moving to Google BigQuery, Microsoft Azure Data Warehouse, Amazon Redshift, Snowflake and the like. The more data these destinations collect, the harder and the more costly it becomes for customers to switch away to other vendors, the more security products and services cloud providers are able to offer, and the more power cloud providers can exert.
Cloud providers are turning into security distributors
Cloud providers understand the full potential of data gravity really well. An obvious way in which they leverage data gravity is the rise of marketplaces — places where users of the cloud platform can browse integrations it offers and quickly access a broad range of value-add products and services. Cybersecurity-related add-ons are a rich category on each of the marketplaces.
Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.
The ability to buy products and services via self-service on the marketplaces, however, is not the only and most certainly not the main way cloud providers are changing the landscape of channel sales.
More and more cybersecurity companies are starting to rely on cloud providers for distribution, and some design their go-to-market strategy to rely almost entirely on the field sales representatives of data lakes and cloud providers.
These arrangements are win-win for all parties: Startups can generate revenue without having to invest in expanding their own salesforces, sales reps of the cloud firms can hit their quotas for upselling their existing customers, and the customers can gain access to tools they need cost-effectively and without having to go through complex integrations.
The “shared responsibility” approach is evolving into “shared fate”
With great power comes great responsibility. Historically, securing the cloud relied on the so-called shared responsibility model: The cloud provider was responsible for securing the cloud (physical data centers, cables, and other infrastructure), while the end customer took responsibility for what is in the cloud.
Although the shared responsibility approach has worked well for cloud providers, it hasn’t always done the same for the customers. Palo Alto’s research conducted in 2020 showed that 65% of cloud network security issues resulted from user errors and misconfigurations, while Gartner estimated that by 2025, 99% of cloud security failures would be the customers’ fault.
These numbers bring attention to the fact that the shared responsibility model relies on the customer’s ability to properly configure and adjust their cloud infrastructure, and many organizations do not have the right resources to do that effectively.
In 2021, Google announced a move to what it calls the “shared fate” model. The idea is that instead of leaving customers to their own devices, Google Cloud will provide guidance, tools and security blueprints to optimize security starting at the initial deployment and manage ongoing security and compliance. Chris Hughes provides a great analysis of the evolution of the “shared responsibility” approach into “shared fate.”
Cloud providers are evolving into providers of security
The marketing value of Google’s announcement aside, the approach the company proposed has merit. Given that the cybersecurity talent shortage is a known problem, it is unrealistic to expect that we can get enough security practitioners with a deep understanding of cloud configuration to secure data in a few years. Most importantly, as the cloud infrastructure is getting more and more complex, it becomes reasonable to hope that cloud providers will be more proactive in helping customers secure what’s in the cloud.
A solid push for this evolution is the recently adopted National Cybersecurity Strategy which seeks to “rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals, small businesses, and local governments, and onto the organizations that are most capable and best-positioned to reduce risks for all of us.”
How leading cloud providers take this varies.
Microsoft has been investing in security for a long time, and in 2022 it made several big moves. It announced an identity and access offering (Microsoft Entra), released Microsoft Defender for individuals, announced the general availability of Microsoft Defender Experts for Hunting, and brought together the former Azure Purview and the former Microsoft 365 Compliance portfolio under Microsoft Purview.
Amazon AWS, the largest cloud provider, has been mostly quiet about its security play, with the exception of Amazon Security Lake, announced at the 2022 AWS re:Invent.
Google, the smallest of the three in market share in the cloud space, appears to be putting a lot of effort into making security its competitive advantage, with the acquisitions of Mandiant and Siemplify and the continued investment into Chronicle. Despite all apparent differences, it is clear that cloud providers as a whole are going to play a more and more important role in cybersecurity.
I think the effect of data gravity will become one of the most critical factors impacting the shape of innovation in the industry. Cloud providers have the potential to play a more active role in cybersecurity, absorbing a lot of what we think of today as niche, data-driven security use cases. Similar to how we saw Gmail substantially reducing, if not totally eliminating, the problem of email spam, I would expect cloud providers to solve a lot of the fundamental security problems.
Ross Haleliuk is a cybersecurity product leader, head of product at LimaCharlie, and author of Venture in Security.