Market researchers now see AWS as the leading provider in the cybersecurity market. So are cloud providers the security providers of the future? What do existing AWS partners have to say about this, and what does AWS itself have to say? What does this development mean for the security channel?
A Juniper Research study says global enterprise spending on cybersecurity will exceed $226 billion in 2027, up from $179 billion in 2022. This 26 percent growth over the next five years reflects the increasing maturity of the cybersecurity market as new threats emerge, according to market researchers.
This cybersecurity revenue forecast is less of a surprise than Juniper Research’s “Competitor Leaderboard” for the cybersecurity market. The market analysts list AWS, IBM, Cisco, Oracle, and Sophos as the top five security vendors.
In response, study co-author Damla Sat said, “Cloud computing has been transformative for businesses, so it’s not surprising that two of the largest cloud computing providers, AWS and IBM, are also leaders in cybersecurity.”
Damla Sat sees the strong position of cloud providers in the security market as a logical consequence of the need for cloud security: “For cloud providers, effective cybersecurity is a basic requirement – by offering in-house cybersecurity solutions, AWS and IBM benefit from their existing large user base.”
User Organizations Expect Better Security from The Cloud
Security in cloud computing is an issue for users in several ways: data security and data protection play a decisive role in the choice of the cloud solution, which is why trust in the security and compliance of the cloud provider is considered a must-have for 95 percent, according to the Cloud Monitor 2022 by Bitkom and KPMG.
But that’s not all: many cloud users also hope to improve their security by using cloud services. The Cloud Monitor 2022 also provides an example: almost 40 percent of the companies surveyed report that they have been exposed to attacks by ransomware in the past twelve months. But here, the cloud helps because 72 percent were able to fend off the attacks with cloud security measures.
From the user’s point of view, it is, therefore, a logical conclusion that cloud providers are increasingly also seen as security providers. But do the partners of the hyperscaler AWS see it the same way?
AWS Partners Confirm the View of The Market Researchers
Benjamin Hermann, Managing Director of IT consultancy Zoi TechCon, is not surprised by AWS’s positioning as a leading security provider: “The size and also the number of services, combined with real added customer value, are there. Of course, you have to be in the cloud to see that. But then it is not far away.
Sven Ramuschkat, Managing Director of the Tecracer Group, also sees it that way: “Due to the high investments in own know-how, own software as well as hardware, AWS stays ahead.” Sven Ramuschkat cites concrete examples: “AWS’ own hardware, for instance, Graviton 3, has features such as ‘always-on memory encryption,’ which can be found on few technology platforms.”
Hermann sees a variety of robust security features on AWS, pointing out, “The features tend to come in quite green and unimpressive, but then grow as customers need them, as is always the case with AWS.” Hermann cites AWS WAF as an example. “It was uninteresting for many cases at the beginning because you had to build many rules yourself. But now there is a growing ecosystem of managed rules.” He makes the advantages clear with an example: “With Log4J, a managed rule was right there, maintained faster and with higher quality than with many a managed security provider.”
Ramuschkat emphasizes other benefits: “The AWS Security solutions are integrated with AWS. Therefore, a container image stored in AWS can be directly and continuously scanned for vulnerabilities with AWS Inspector 2. None of the usual compatibility issues occur between different vendors.”
AWS Partnership Also Because of Security Portfolio
But is an AWS partnership worth it for the security features alone? Hermann points to the cloud focus of the security features: “AWS offers an excellent security ecosystem for secure cloud solutions. There is little or no focus on on-prem.”
But there is movement in AWS security, as Hermann explains: “Based on the shared responsibility model, AWS is only slowly moving into the customer fields. Endpoint protection or XDR, for example, is still missing, but vulnerability management is already there.
At the same time, security as a whole benefit from the cloud: “Going to the cloud forces you to clean up your act. It’s not pure lift and shift, but it forces you to document and analyze your own IT infrastructure. The cloud invites you to build things properly. This cultural added value for ‘self-cleaning’ alone pays dividends for IT security,” says Hermann.
Ramuschkat clarifies his view of an AWS partnership: “You should become an AWS partner if you want to use significant parts of the AWS platform for your customers. Customers’ applications must be protected in the best possible way, against configuration errors, and attack vectors. Except for malware scanning, AWS offers excellent supporting security services here.”
Accordingly, AWS needs additional third-party security solutions because malware scanning for uploaded content on S3 or EC2, for example, is not currently offered by AWS, Ramuschkat said.
Hyperscalers Are Changing the Security Market
There is no question that cloud providers will not become the sole security providers. But the cloud is transforming security. Just as there is a move from to hybrid cloud computing, there is a shift to hybrid security, where the cloud portion may increasingly come from the hyperscalers.
But there will not be one cloud security provider to deliver security from the cloud and for the cloud. Instead, as with the multi-cloud approach, a multi-security approach is emerging, in which the cloud providers such as AWS will have a significant share.
The security channel should, therefore, increasingly look at the security portfolios of the cloud providers. Likewise, the cloud channel should not miss out on the opportunities offered by the security market. The cloud providers offer themselves as a link between the security channel and the cloud channel, which makes more sense since both the cloud and security are part of the foundation of every digitization project.