This is the fourth (and final) article in a series detailing several industry “mega” trends that I see in EUC today. The first article was about Hyper-Convergence, the second was about Application Management (Layering), and the most recent was about Cloud.
In this article I want to discuss another trend, ‘Security’, and how it will have an impact on our industry today and tomorrow for the bulk of our use cases across the world.
Boring and Invisible – Yet Important
Security is a difficult subject. If there’s too much of it then it is annoying, but if there is too little then bad things happen. Let’s face it: traditionally our End User Computing industry has had relatively little to do with security (*ducks*). I mean, outside of the virus scanners on PCs it really was not a big part of our [EUC] life. Of course there are the brave souls who dare to run antivirus on shared hosted desktop platforms or even hypervisors, but for the most part the job of security was left for the ‘firewall guy’. Well, you and the firewall guy need to have lunch together (often) because the world is changing rapidly.
One important factor is that the Enterprise IT world is becoming more and more connected. Where the firewall used to be the boundary of the Enterprise perimeter, this is no longer strictly the case. Think about it: with the ever increasing consumption of cloud services / SaaS applications in enterprises a larger portion of the stuff that IT is tasked to protect moves out of their network.
Don’t take my word for it. The segment called CASBs (Cloud Access Security Brokers) focuses exactly on this problem and has been exploding (in a good way) recently. Next to CASBs, there’s also the segment of more ‘traditional’ security vendors, which have all been trying to grow beyond firewalls for a while now. Much of this all revolves around the fact that all malware or other malicious ‘stuff’ in your network have one thing in common: at one point or another this malicious content will attempt to communicate outside of your network – either to phone home, spread, talk to other ‘members,’ or whatever. That’s where the prime detection possibility is and that is where a lot of the new focus will be.
Another important factor is the rise of Cybercrime. Cybercrime is growing fast and getting more and more organized, both for pure monetary reasons but also for political and religious reasons. Whatever the reason, the effect was already witnessed in 2015: an unprecedented amount of high profile attacks have occurred and the year is not over yet (plus a lot of hacks are going on right now that have not been discovered yet, I am sure). Hacks ranged from those that were high profile financial services to prisoner records. Ransomware and Cryptoware are no longer just a problem for singular users. Companies are being targeted more and more, which is costing enterprises a ton of money. This survey showed that the average annual cost incurred by affected enterprises globally now stands at $7.7 million.
Cybercrime budgets are also one of the few budget categories that are increasing. For example, in 2016 the Cybercrime (CDM) budget for the US government alone is $14 billion. In a similar fashion, the UK plans to double its cybercrime budget over the next 5 years. Finally, an additional important accelerator will be that legislation, especially in EMEA, will become even stricter in terms of who is held liable when a hack occurs. The simple fact is that a lot of organizations are not well equipped (yet) to deal with this new world, and that’s why we will see security have a big impact on End User Computing in 2016.
Security at the EUC vendors
When it comes to security, I think that are a couple of types of vendors in our End User Computing market that you will see creating or expanding their offerings. For the EUC Big 3, Microsoft kind of already made the first move when they acquired Adallom for $320M in September. I say “kind of” because while you may not directly work with this technology, you probably will indirectly. Security is also part of the bigger VMware proposition–it’s actually one of the five imperatives the CEO has for the company. I have not seen a specific security product (capability) from the EUC group at VMware, but I am sure we will in the next year (NSX is an example that is very close to VMware EUC already). As for Citrix, it would be no surprise to me if Citrix jumps on the security bandwagon as well (outside of the classic security benefits that ‘centralized computing offers,’ which aren’t unique to their products). Still, I have seen no major initiatives there yet, which kind of makes sense since they are rationalizing their product portfolio.
Another category is the User Environment Management (UEM) vendors. Two that come to mind for me are AppSense and RES Software. They’ve had some security capabilities in their products for a while now, and seem to be adding to them a lot more as time goes on (a trend that I think will continue).
I also think there’s also great potential here for the more traditional End User Computing monitoring and analytics products to help their customers with these problems. That is actually quite important to realize–to be able to protect and secure the workspace you need to have detailed insights into that workspace. Since most of the workspace today is still Windows based, the current End User Computing monitoring and analytics products are in a great position to start providing these security services. Lakeside Software, for example, recently added a specific security capability in their Systrack product, and I am confident we will see some more security related developments from the End User Computing monitoring and analytics vendors in the next year.