>> From theCUBE studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE in ETR. This is Breaking Analysis with Dave Vellante. >> Despite the more than $100 billion spent each year fighting Cyber-crime. When we do an end-of-the year look back and ask "How did we do?" The answer is invariably the same, "Worse than last year." Pre pandemic, the picture was disheartening, but since March of 2020 the situation has only worsened as cyber-criminals have become increasingly sophisticated, better funded and more brazen. SecOps pros continue to fight, but unlike conventional wars, this one has no end. Now the flip side of course, is that markets continue to value cybersecurity firms at significant premiums. Because this huge market will continue to grow by double digits for the foreseeable future. Hello and welcome to this week's Wikibon theCUBE Insights powered by ETR. In this Breaking Analysis, we look at the state of cybersecurity in 2021 and beyond. We'll update you with the latest survey data from enterprise technology research and share the fundamentals that have investors piling into the security space like never before. Let's start with the customer view. Cybersecurity remains the number one priority for CIOs and CSOs. This latest ETR survey, once again asked IT buyers to rank their top priorities for the next 12 months. Now the last three polling period dating back to last March. Cybersecurity has outranked every top spending category, including cloud, data analytics, productivity software, networking, AI, and automation or RPA. Now this shouldn't surprise anybody, but it underscores the challenges that organizations face. Not only are they in the midst of a non-optional digital transformation, but they have to also fund a cyber war that has no ceasefires, no truces, and no exit path. Now there's much more going on in cybersecurity than ransomware, but certainly that has the attention of executives. And it's becoming more and more lucrative for attackers. Here's a snapshot of some of the more well-documented attacks this decade many which have occurred in very recent months. CNA Financial, they got hit earlier this year and paid a $40 million ransom. The Ireland Health Service also got hit this year and refused to pay the ransom, but it's estimated that the cost to recover and the damage to the organization exceeded half a billion dollars. The request was for a $20 million ransom. The JBS meat company hack, they paid $11 million. CWT travel paid $5 million. The disruption from the Colonial Pipeline company, was widely reported they paid more than $4 million, as the Brenntag, the chemical company. The NBA got hit. Computer makers, Quanta and Acer also. More than 2,000 random attacks were reported to the FBI in the first seven months of 2021. Up more than 60% from 2020. Now, as I've said many times, you don't have to be a genius to be a ransomware as today. Anyone can go on the dark web, tap into ransomware as a service. Attackers, they have insidious names like darkside, evil, the cobalt, crime gang, wizard spider, the Lazarus gang, and numerous others. Criminals they have negotiation services is most typically the attackers, they'll demand a specific amount of money but they're willing to compromise in an exchange of cryptocurrency for decryption keys. And as mentioned, it's not just ransomware supply chain attacks like the solar winds hack hit organizations within the U.S government and companies like Mimecast this year. Now, while these attacks often do end up in a ransom situation. The attackers sometimes find it more lucrative to live off the land and stealth fashion and ex filtrates sensitive data that can be sold or in the case of many financial institution attacks they'll steal information from say a chief investment officer that signals an upcoming trading strategy and then the attackers will front run that trade in the stock market. Now, of course phishing, remains one of the most prominent threats. Only escalated by the work from home trend as users bring their own devices and of course home networks are less secure. So it's bad, worse than ever before. But you know, if there's a problem, entrepreneurs and investors, they're going to be there to solve it. So here's a LinkedIn post from one of the top investors in the business, Mike Speiser. He was a founding investor in Snowflake. He helped get pure storage to escape velocity and many, many other successes. This hit my LinkedIn feed the other day, his company Sutter Hill Ventures is co-leading a 1.3 Series D on an $8.3 billion valuation. They're putting in over $200 million. Now Lacework is a threat detection software company that looks at security as a data problem and they monitor exposures across clouds. So very timely. So watch that company. They're going to soar. Now the right hand chart shows venture investments in cybersecurity over the past several years. You can see it exploded in 2019 to $7.6 billion. And people thought the market was peaking at that time, if you recall. But then investments rose a little bit to $7.8 billion in 2020 right in the middle of lockdown. And then the hybrid work, the cloud, the new normal thesis kicked in big time. It's in full gear this year. You can see nearly $12 billion invested in cybersecurity in the first half of 2021 alone. So the money keeps coming in as the problem gets worse and the market gets more crowded. Now we'd like to show this slide from Optiv, it's their security taxonomy. It'll make your eyes cross. It's so packed with companies in different sectors. We'll put a link in our posts, so you can stare at this. We've used this truck before. It's pretty good. It's comprehensive and it's worth spending some time to see what that landscape looks like. But now let's reduce this down a bit and bring in some of the ETR data. This is survey data from October that shows net score or spending momentum on the vertical axis and market share or pervasiveness in the dataset on the horizontal axis. That's a measure of mentioned share if you will. Now this is just isolated on the information security sector within the ETR taxonomies. No filters in terms of the number of responses. So it's every company that ETR picks up in cybersecurity from its buyer surveys. Now companies above that red line, we consider them to have a highly elevated spending momentum for their products and services. And you can see, there are a lot of companies that are in this map first of all, and several above that magic mark. So you can see the momentum of Microsoft and Palo Alto. That's most impressive because of their size, their pervasiveness in the study, Cisco and Splunk are also quite prominent. They don't have as much spending momentum, but they're pretty respectable. And you can see the companies that have been real movers in this market that we've been reporting on for a while. Okta, CrowdStrike, Zscaler, CyberArk, SailPoint, Authzero, all companies that we've extensively covered in previous breaking analysis episodes as the up and comers. And isn't it interesting that Datadog is now showing up in the vertical axis. You see that in the left-hand side up high, they're becoming more and more competitive to Splunk in this space as an alternative and lines are blurring between observability, log analytics, security, and as we previously reported even backup and recovery. But now let's simplify this picture a bit more and filter down a little bit further. This chart shows the same X, Y view. Same data construct and framework, but we required more than a hundred responses to hit the chart. So the companies, they have to have a notable market presence in the ETR survey. It's perhaps a bit less crowded, but still very packed. Isn't it? You can see firms that are less prominent in the space like Datadog fell off. The big companies we mentioned, obviously still prominent Microsoft, Palo Alto, Cisco and Splunk and then those with real momentum, they stand out a little bit. There's somewhat smaller, but they're gaining traction in the market. As we felt they would Okta and Auth zero, which Okta acquired as we reported on earlier this year, both showing strength as our CrowdStrike, Zscaler, CyberArk, which does identity and competition with Okta and SentinelOne, which went public mid this year. The company SentinelOne uses AI to do threat detection and has been doing quite well. SalePoint and Proofpoint are right on that red elevated line and then there's a big pack in the middle. Look, this is not an easy market to track. It's virtually every company plays in security. Look, AWS says some of the most advanced security in the business but they're not in the chart specifically, but you see Microsoft is. Because much of AWS security is built into services. Amazon customers heavily rely on the Amazon ecosystem which is in the Amazon marketplace for security products. And often they associate their security spend with those partners and not necessarily Amazon. And you'll see networking companies you see right there, like Juniper and the bottom there and in the ETR data set and the players like VMware in the middle of the pack. They've been really acquisitive for example, with carbon black. And the, of course, you've got a lot of legacy players like McAfee and RSA and IBM. Look, virtually every company has a security story and that will only become more common in the coming years. Now here's another look at the ETR data it's in the raw form, but it'll give you a sense of two things; One is how the data from the previous chart is plotted. And two, it gives you a time series of the data. So the data lists the top companies in the ETR data sets sorted by the October net score in the right most column. Again, that measures spending momentum. So to make the cut here, you had to have more than a hundred mentions which is shown on the left-hand side of the chart that shared N, IE that's shared accounts in the dataset. And you can track the data from last October, July of this year and the most recent October, 2021 survey. So we, drew that red line just about at the 40% net score market coincidentally, there are 10 companies that are over that figure over that bar. We sometimes call out the four star companies. We give four stars to those companies that both are in the top 10 and spending momentum and the top in prominence are shared N in the dataset. So some of these 10 would fit into that profile by that methodology, specifically, Microsoft, Okta, CrowdStrike, and Palo Alto networks. They would be the four star companies. Now a couple of other things to point out here, DDoS attacks, they're still relevant, and they're real threat. So a company like CloudFlare which is just above that red line they play in that space. Now we've also shaded the companies in the fat middle. A lot of these companies like Cisco and Splunk for example, they're major players in the security space with very strong offerings and customer affinity. We sometimes give them two stars. So this is what makes this market so interesting. It's not like the high end discourage market where literally every vendor in the Gartner magic quadrant is up in the right, okay. And there's only five or four or five, six vendors there. This market is diverse with many, many segments and sub segments, and it's such a vital space. And there's so many holes to fill with an ever changing threat landscape as we've seen in the last two years. So this is in part which makes it such a good market for investors. There's a lot of room for growth and not just from stealing market share. That's certainly an opportunity there, but things like cloud, multi-cloud, shifting end points, the edge ,and so forth make this space really ripe for investments. And to underscore this, we put together this little chart of some of the pure play security firms to see how their stock performance has done recently. So you can see that here, you know, it's a little hard to read, but it's not hard to see that Okta, CrowdStrike, Zscaler on the left have been big movers. These charts where possible all show a cross here, starting at the lockdown last year. The only exception is SentinelOne which IPO mid this year. So that's the point March, 2020 when the whole world changed and security priorities really started to shift to accommodate the work from home. But it's quite obvious that since the pandemic, these six companies have been on a tear for the fundamental reason that hybrid work has created a shift in spending priorities for CSOs. No longer are organizations just spending on hardening a perimeter, that perimeter has been blown away. The network is flattening. Work is what you do, it's no longer a place. As such threats are on the rise and cloud, endpoint security, identity access tools there become increasingly vital and the vendors who provide them are on the rise. So it's no surprise that the players that we've listed here which play quite prominently in those markets are all on fire. So now in summary, I want to stress that while the picture is sometimes discouraging. The entire world is becoming more and more tuned in to the cyber threat. And that's a good thing. Money is pouring in. Look, technology got us into this problem and technology is a defensive weapon that will help us continue this fight. But it's going to take more than technology. And I want to share something. We get dozens and dozens of in bounds this time of the year because we do an annual predictions posts. So folks and they want to help us out. So now most of the in bounds and the predictions that we get, they're just kind of observations or frankly, non predictions that can't really be measured as like where you right, or where you're wrong. So for the most part I like predictions that are binary. For example, last December we predicted their IT spending in 2021 would rebound and grow at 4% relative to 2020. Well, it did rebound but that prediction really wasn't as accurate as I'd like. It was frankly wrong. We think it's actually the market's going to actually grow. Spending's going to grow more like 7% this year. Not to worry plenty of our predictions came true, but we'll leave that for another day. Anyway, I got an email from Dean Fisk of Fisk partners. It's a PR firm representing an individual named Lyndon Brown chief of strategy officer of Pondurance. Pondurance is a security consultancy. And the email had the standard, Hey, in case you're working on a predictions post this year end, blah, blah, blah. But instead of sharing with me, a bunch of non predictions, the notes said here's some trends in cybersecurity that might be worth thinking about. And there were a few predictions sprinkled in there, but I wanted to call it a couple of the comments from Linden Brown, whom I don't know, I never met the guy, but I really thought his trends were spot on. The first was a stat I'll share that the United Nations report cyber crime is up 600% due to the pandemic. If as if I couldn't feel worse already. His first point though was that the hybrid workplace will be the new frontier for cyber. Yes, we totally agree. There are permanent shifts taking place. And we actually predicted that last year, but he further cited that many companies went from zero to full digital transformation overnight and many are still on that journey. And his point is that hybrid work is going to require a complete overhaul of how we think about security. We think this is very true. Now the other point that stood out is that governments are going to crack down on this behavior. And we've seen this where criminals have had their critical infrastructure dismantled by governments. No doubt the U.S government has the capabilities to do so. And it is very much focused on this issue. But it's tricky as Robert Gates, who was the former defense secretary, told me a few years back in theCUBE. He said, well, we have the best offense. We also have the most to lose. So we have to be very careful, but Linden's key point was you are going to see a much more forward and aggressive public policy and new laws that give crime fighters more latitude . Again, it's tricky kind of like the Patriot act was tricky but it's coming. Now, another call-out from Linden shares his assertion that natural disasters will bring increased cyber risk. And I thought this was a really astute point because natural disasters they're on the rise. And when there's chaos, there's cash opportunities for criminals. And I'll add to this that the supply chain risk is far from over. This is going to be continuing theme this coming year and beyond. And one of the things that Linden Brown said in his note to me is essentially you can't take humans out of the equation. Automation alone can't solve the problem, but some companies operate as though they can. Just as bad human behavior, can tramp good security, Good human education and behavior is going to be a key weapon in this endless war. Now the last point is we're going to see continued escalation government crackdowns are going to bring retaliation and to Gates' point. The U.S has a lot at stake. So expect insurance premiums are going to go through the roof. That's assuming you can even get cyber insurance. And so we got to hope for the best, but for sure, we have to plan for the worst because it's coming. Deploy technology aggressively but people in process will ultimately be the other ingredients that allow us to live to battle for another day. Okay. That's a wrap for today. Remember these episodes they're all available as podcasts, wherever you listen just search "breaking analysis" podcast. Check out ETR his website at ETR.plus. We also publish a full report every week on Wikibond.com and siliconangle.com. You can get in touch. Email me @david.volante@tsiliconangle.com or you can DM me @dvellante. Comment on our LinkedIn posts. This is Dave Vellante for theCUBE insights powered by ETR. Have a great week. everybody stay safe, be well. And we'll see you next time. (techno music)

>> From "theCUBE" studios in Palo Alto in Boston, bringing you data-driven insights from "theCUBE" in ETR. This is breaking analysis with Dave Vellante. >> Chief Information Security Officer's site trust, is the number one value attribute, they can deliver to their organizations. And when it comes to security, identity is the new attack surface. As such identity and access management, continue to be the top priority among technology decision makers. It also happens to be one of the most challenging and complicated areas of the cybersecurity landscape. Okta, a leader in the identity space has announced its intent to converge privileged access and Identity Governance in an effort to simplify the landscape and re-imagine identity. Our research shows that interest in this type of consolidation is very high, but organizations believe technical debt, compatibility issues, expense and lack of talent are barriers to reaching cyber nirvana, with their evolving Zero-Trust networks. Hello and welcome to this week's Wikibon CUBE insights, powered by ETR. In this breaking analysis, we'll explore the complex and evolving world of identity access and privileged account management, with an assessment of Okta's market expansion aspirations and fresh data from ETR, and input from my colleague Eric Bradley. Let's start by exploring identity and why it's fundamental to digital transformations. Look the pandemic accelerated digital and digital raises the stakes in cybersecurity. We've covered this extensively, but today we're going to drill into identity, which is one of the hardest nuts to crack in security. If hackers can steal someone's identity, they can penetrate networks. If that someone has privileged access to databases, financial information, HR systems, transaction systems, the backup corpus, well. You get the point. There are many bespoke tools to support a comprehensive identity access management and privilege access system. Single sign-on, identity aggregation, de-duplication of identities, identity creation, the governance of those identities, group management. Many of these tools are open source. So you have lots of vendors, lots of different systems, and often many dashboards. Practitioners tell us that it's the paper cuts that kill them, patches that aren't applied, open ports, orphan profiles that aren't disabled. They'd love to have a single dashboard, but it's often not practical for large organizations because of the bespoke nature of the tooling and the skills required to manage them. Now, adding to this complexity, many organizations have different identity systems for privileged accounts, the general employee population and customer identity. For example, around 50 percent of ETR respondents in a recent survey use different systems for workforce identity and consumer identity. Now this is often done because the consumer identity is a totally different journey. The consumer is out in the wild and takes an unknown, nonlinear path and then enters the known space inside a brand's domain. The employee identity journey is known throughout. You go onboarding, to increasing responsibilities and more access to off-boarding. Privileged access may even have different attributes, does usually like no email and, or no shared credentials. And we haven't even touched on the other identity consumers in the ecosystem like selling partners, suppliers, machines, etcetera. Like I said, it's complicated and meeting the needs of auditors is stressful and expensive for CSOs. Open chest wounds, such as sloppy histories of privileged access approvals, obvious role conflicts, missing data, inconsistent application of policy and the list goes on. The expense of securing digital operations goes well beyond the software and hardware acquisition costs. So there's a real need and often desire, to converge these systems. But technical debt makes it difficult. Companies have spent a lot of time, effort and money on their identity systems and they can't just rip and replace. So they often build by integrating piece parts or they add on to their Quasi-integrated monolithic systems. And then there's the whole Zero-Trust concept. It means a lot of different things to a lot of different people, but folks are asking if I have Zero-Trust, does it eliminate the need for identity? And what does that mean for my architecture, going forward. So, let's take a snapshot of some of the key players in identity and PAM, Privileged Access Management. This is an X-Y graph that we always like to show. It shows the net score or spending velocity, spending momentum on the vertical axis and market share or presence in the ETR dataset on the horizontal axis. It's not like revenue market share. It's just, it's mentioned market share if you will. So it's really presence in the dataset. Now, note the chart insert, the table, which shows the actual data for Net Score and Shared In, which informs the position of the dot. The red dotted line there, it indicates an elevated level. Anything over 40 percent that mark, we consider the strongest spending velocity. Now within this subset of vendors that we've chosen, where we've tried to identify some, most of them are pure plays, in this identity space. You can see there are six above that 40 percent mark including Zscaler, which tops the charts, Okta, which has been at or near the top for several quarters. There's an argument by the way, to be made that Okta and Zscaler are on a collision course as Okta expands it's TAM, but let's just park that thought for a moment. You can see Microsoft with a highly elevated spending score and a massive presence on the horizontal axis, CyberArk and SailPoint, which Okta is now aiming to disrupt and Auth zero, which Okta officially acquired in may of this year, more on that later now. Now, below that 40 percent mark you can see Cisco, which is largely acquired companies in order to build its security portfolio. For example, Duo which focuses on access and multi-factor authentication. Now, word of caution, Cisco and Microsoft in particular are overstated because, this includes their entire portfolio of security products, whereas the others are more closely aligned as pure plays in identity and privileged access. ThycotyicCentrify is pretty close to that 40 percent mark and came about as a result of the two companies merging in April of this year. More evidence of consolidation in this space, BeyondTrust is close to the red line as well, which is really interesting because this is a company whose roots go back to the VAX VMS days, which many of you don't even know what a VAX VMS is in the mid 1980s. It was the mini computer standard and the company has evolved to provide more modern PAM solutions. Ping Identity is also notable in that, it essentially emerged after the dot com bust in the early 2000s as an identity solution provider for single sign-on, SSO and multifactor authentication, MFA solutions. In IPO'd in the second half of 2019, just prior to the pandemic. It's got a $2 billion market cap-down from its highs of around $3 billion earlier this year and last summer. And like many of the remote work stocks, they bounced around, as the reopening trade and lofty valuations have weighed on many of these names, including Okta and SailPoint. Although CyberArk, actually acted well after its August 12th earnings call as its revenue growth about doubled year on year. So hot space and a big theme this year is around Okta's acquisition of Auth zero and its announcement at Oktane 2021, where it entered the PAM market and announced its thrust to converge its platform around PAM and Identity Governance and administration. Now I spoke earlier this week with Diya Jolly, who's the Chief Product Officer at Okta and I'll share some of her thoughts later in this segment. But first let's look at some of the ETR data from a recent drill down study that our friends over there conducted. This data is from a drill down that was conducted early this summer, asking organizations how important it is to have a single dashboard for access management, Identity Governance and privileged access. This goes directly to Okta strategy that it announced this year at it's Oktane user conference. Basically 80 percent of the respondents want this. So this is no surprise. Now let's stay on this theme of convergence. ETR asks security pros if they thought convergence between access management and Identity Governance would occur within the next three years. And as you can see, 89% believe this is going to happen. They either strongly agree, agree, or somewhat agree. I mean, it's almost as though the CSOs are willing this to occur. And this seemingly bodes well for Okta, which in April announced its intent to converge PAM and IGA. Okta's Diya jolly stressed to me that this move was in response to customer demand. And this chart confirms that, but there's a deeper analysis worth exploring. Traditional tools of identity, single sign-on SSO and multi-factor authentication MFA, they're being commoditized. And the most obvious example of this is OAuth or Open Authorization. You know, log in with Twitter, Google, LinkedIn, Amazon, Facebook. Now Okta currently has around a $35 billion market cap as of today, off from its highs, which were well over 40 billion earlier this year. Okta stated, previously stated, total addressable market was around 55 billion. So CEO, Todd McKinnon had to initiate a TAM expansion play, which is the job of any CEO, right? Now, this move does that. It increases the company's TAM by probably around $20 to $30 billion in our view. Moreover, the number one criticism of Okta is, "Your price is too high." That's a good problem to have I say. Regardless, Okta has to think about adding more value to its customers and prospects, and this move both expands its TAM and supports its longer-term vision to enable a secure user-controlled ubiquitous, digital identity, supporting federated users and data within a centralized system. Now, the other thing Jolly stressed to me is that Okta is heavily focused on the user experience, making it simple and consumer grade easy. At Oktane 21, she gave a keynote laying out the company's vision. It was a compelling presentation designed to show how complex the problem is and how Okta plans to simplify the experience for end users, service providers, brands, and the overall technical community across the ecosystem. But look, there are a lot of challenges, the company faces to pull this off. So let's dig into that a little bit. Zero-Trust has been the buzz word and it's a direction, the industry is moving towards, although there are skeptics. Zero-Trust today is aspirational. It essentially says you don't trust any user or device. And the system can ensure the right people or machines, have the proper level of access to the resources they need all the time, with a fantastic user experience. So you can see why I call this nirvana earlier. In previous breaking analysis segments, we've laid out a map for protecting your digital identity, your passwords, your crypto wallets, how to create Air Gaps. It's a bloody mess. So ETR asked security pros if they thought a hybrid of access management and Zero-Trust network could replace their PAM systems, because if you can achieve Zero-Trust in a world with no shared credentials and real-time access, a direction which Diya jolly clearly told me Okta is headed, then in theory, you can eliminate the need for Privileged Access Management. Another way of looking at this is, you do for every user what you do for PAM users. And that's how you achieve Zero-Trust. But you can see from this picture that there's more uncertainty here with nearly 50 percent of the sample, not in agreement that this is achievable. Practitioners in Eric Bradley's round tables tell us that you'll still need the PAM system to do things, like session auditing and credential checkouts and other things. But much of the PAM functionality could be handled by this Zero-Trust environment we believe. ETR then asks the security pros, how difficult it would be to replace their PAM systems. And this is where it gets interesting. You can see by this picture. The enthusiasm wanes quite a bit when the practitioners have to think about the challenges associated with replacing Privileged Access Management Systems with a new hybrid. Only 20 percent of the respondents see this as, something that is easy to do, likely because they are smaller and don't have a ton of technical debt. So the question and the obvious question is why? What are the difficulties and challenges of replacing these systems? Here's a diagram that shows the blockers. 53 percent say gaps in capabilities. 26 percent say there's no clear ROI. IE too expensive and 11 percent interestingly said, they want to stay with best of breed solutions. Presumably handling much of the integration of the bespoke capabilities on their own. Now speaking with our Eric Bradley, he shared that there's concern about "rip and replace" and the ability to justify that internally. There's also a significant buildup in technical debt, as we talked about earlier. One CSO on an Eric Bradley ETR insights panel explained that the big challenge Okta will face here, is the inertia of entrenched systems from the likes of SailPoint, Thycotic and others. Specifically, these companies have more mature stacks and have built in connectors to legacy systems over many years and processes are wired to these systems and would be very difficult to change with skill sets aligned as well. One practitioner told us that he went with SailPoint almost exclusively because of their ability to interface with SAP. Further, he said that he believed, Okta would be great at connecting to other cloud API enabled systems. There's a large market of legacy systems for which Okta would have to build custom integrations and that would be expensive and would require a lot of engineering. Another practitioner said, "We're not implementing Okta, but we strongly considered it." The reason they didn't go with was the company had a lot of on-prem legacy apps and so they went with Microsoft Identity Manager, but that didn't meet the grade because the user experience was subpar. So they're still searching for a solution that can be good at both cloud and on-prem. Now, a third CSO said, quote, " I've spent a lot of money, writing custom connectors to SailPoint", and he's stressed a lot of money, he said that several times. "So, who was going to write those custom connectors for me? Will Okta do it for free? I just don't see that happening", end quote. Further, this individual said, quote, "It's just not going to be an easy switch. And to be clear, SailPoint is not our PAM solution. That's why we're looking at CyberArk." So the complexity that, unquote. So the complexity and fragmentation continues. And personally I see this as a positive trend for Okta, if it can converge these capabilities. Now I pressed Okta's Diya Jolly on these challenges and the difficulties of replacing them over to our stacks of the competitors. She fully admitted, this was a real issue But her answer was that Okta is betting on the future of microservices and cloud disruption. Her premise is that Okta's platform is better suited for this new application environment, and they're essentially betting on organizations modernizing their application portfolios and Okta believes that it will be ultimately a tailwind for the company. Now let's look at the age old question of best of breed versus incumbent slash integrated suite. ETR and it's drilled down study ask customers, when thinking about identity and access management solutions, do you prefer best of breed and incumbent that you're already using or the most cost efficient solution? The respondents were asked to force rank one, two and three, and you can see, incumbent just edged out best in breed with a 2.2 score versus a 2.1, with the most cost-effective choice at 1.7. Now, overall, I would say, this is good news for Okta. Yes, they faced the issues that we brought up earlier but as digital transformations lead to modernizing much of the application portfolio with container and microservices, Okta will be in a position, assuming it continues to innovate, to pick up much of this business. And to the point earlier, where the CSO told us they're going to use both SailPoint and CyberArk. When ETR asked practitioners which vendors are in the best position to benefit from Zero-Trust, the Zero-Trust trend, the answers were not surprisingly all over the place. Lots of Okta came up. Zscaler came up a lot too, hmm. There's that collision course. But plenty of SailPoint, Palo Alto, Microsoft, Netskope, Dichotic, Centrify, Cisco, all over the map. So now let's look specifically at how practitioners are thinking about Okta's latest announcements. This chart shows the results of the question. Are you planning to evaluate Okta's recently announced Identity Governance and PAM offerings? 45 to nearly 50 percent of the respondents either were already using or plan to evaluate, with just around 40 percent saying they had no plans to evaluate. So again, this is positive news for Okta in our view. The huge portion of the market is going to take a look at what Okta's doing. Combined with the underlying trends that we shared earlier related to the need for convergence, this is good news for the company. Now, even if the blockers are too severe to overcome, Okta will be on the radar and is on the radar as you can see from this data. And as with the Microsoft MIM example, the company will be seen as increasingly strategic, Okta that is, and could get another bite at the apple. Moreover, Okta's acquisition of Auth zero is strategically important. One of the other things Jolly told me is they see initiative starting both from devs and then hand it over to IT to implement, and then the reverse where IT may be the starting point and then go to devs to productize the effort. The Auth zero acquisition gives Okta plays in both games, because as we've reported earlier, Okta wasn't strong with the devs, Auth zero that was their wheelhouse. Now Okta has both. Now on the one hand, when you talk to practitioners, they're excited about the joint capabilities and the gaps that Auth zero fills. On the other hand, it takes out one of Okta's main competitors and customers like competition. So I guess I look at it this way. Many enterprises will spend more money to save time. And that's where Okta has traditionally been strong. Premium pricing but there's clear value, in that it's easier, less resources required, skillsets are scarce. So boom, good fit. Other enterprises look at the price tag of an Okta and, they actually have internal development capabilities. So they prefer to spend engineering time to save money. That's where Auth zero has seen its momentum. Now Todd McKinnon and company, they can have it both ways because of that acquisition. If the price of Okta classic is too high, here's a lower cost solution with Auth zero that can save you money if you have the developer talent and the time. It's a compelling advantage, that's unique. Okay, let's wrap. The road to Zero-Trust networks is long and arduous. The goal is to understand, support and enable access for different roles, safely and securely, across an ecosystem of consumers, employees, partners, suppliers, all the consumers, (laughs softly) of your touch points to your security system. You've got to simplify the user experience. Today's kluge of password, password management, security exposures, just not going to cut it in the digital future. Supporting users in a decentralized, no-moat world, the queen has left her castle, as I often say is compulsory. But you must have federated governance. And there's always going to be room for specialists in this space. Especially for industry specific solutions for instance, within healthcare, education, government, etcetera. Hybrids are the reality for companies that have any on-prem legacy apps. Now Okta has put itself in a leadership position, but it's not alone. Complexity and fragmentation will likely remain. This is a highly competitive market with lots of barriers to entry, which is both good and bad for Okta. On the one hand, unseating incumbents will not be easy. On the other hand, Okta is both scaling and growing rapidly, revenues are growing almost 50% per annum and with it's convergence agenda and Auth zero, it can build a nice moat to its business and keep others out. Okay, that's it for now. Remember, these episodes are all available as podcasts, wherever you listen, just search braking analysis podcast, and please subscribe. Thanks to my colleague, Eric Bradley, and our friends over at ETR. Check out ETR website at "etr.plus" for all the data and all the survey action. We also publish a full report every week on "wikibon.com" and "siliconangle.com". So make sure you check that out and browse the breaking analysis collection. There are nearly a hundred of these episodes on a variety of topics, all available free of charge. Get in touch with me. You can email me at "david.vellante@siliconangle.com" or "@dvellante" on Twitter. Comment on our LinkedIn posts. This is Dave Vellante for "theCUBE" insights powered by ETR. Have a great week everybody. Stay safe, be well And we'll see you next time. (upbeat music)

>> From theCUBE studios in Palo Alto and Boston, bringing you data-driven insights from theCUBE in ETR. This is Breaking Analysis with Dave Vellante. >> Every CEO is figuring out the right balance for new hybrid business models. Now, regardless of the chosen approach, which is going to vary, technology executives, they understand they have to accelerate their digital and build resilience as well as optionality into their platforms. Now, this is driving a dramatic shift in IT investments. And at the macro level, we expect total spending to increase at as much as 8% or even more in 2021, compared to last year's contraction. Investments in cybersecurity, cloud collaboration that are enabling hybrid work as well as data, including analytics, AI, and automation are at the top of the spending priorities for CXOs. Hello everyone. And welcome to this week's Wiki Bond Cube insights, powered by ETR. In this Breaking Analysis, we're pleased to welcome back Erik Bradley, who is the chief engagement strategist at our partner, ETR. Now in this segment, we're going to share some of the latest findings from ETR's surveys and provide our commentary on what it means for the markets, for sellers, and for buyers. Erik, great to see you, my friend. Welcome back to Breaking Analysis. >> Thank you for having me, always enjoy it. We've got some fresh data to talk about on this beautiful summer Friday, so I'm ready to go. >> All right. I'm excited too. Okay, last year we saw a contraction in IT spending by at least 5%. And now we're seeing a snapback to, as I said, at least 8% growth relative to last year. You got to go back to 2007 just before the financial crisis to see this type of top line growth. The shift to hybrid work, it's exposed us to new insidious security threats. And we're going to discuss that in a lot more detail. Cloud migration of course picked up dramatically last year, and based on the recent earnings results of the big cloud players, for now we got two quarters of data, that trend continues as organizations are accelerating their digital platform build-outs, and this is bringing a lot of complexity and a greater need for so-called observability solutions, which Erik is going to talk about extensively later on in this segment. Data, we think is entering a new era of de-centralization. We see organizations not only focused on analytics and insights, but actually creating data products. Leading technology organizations like JP Morgan, they're heavily leaning into this trend toward packaging and monetizing data products. And finally, as part of the digital transformation trend, we see no slow down in spending momentum for AI and automation, generally in RPA specifically. Erik, anything you want to add to that top level narrative? >> Yeah, there's a lot to take on the macro takeaways. The first thing I want to state is that that 8, 8.5% number that started off at just 3 to 4% beginning of the year. So as the year has continued, we are just seeing this trend in budgets continue to accelerate, and we don't have any reason to believe that's going to stop. So I think we're going to just keep moving on heading into 2021. And we're going to see a banner year of spend this year and probably next as well. >> All right, now we're going to bring up a chart that shows kind of that progression here of spending momentum. So Erik, I'm going to let you comment on this chart that tracks those projections over time. >> Erik: Yeah. Great. So thank you very much for pulling this up. As you can see in the beginning part of the year, when we asked people, "What do you plan to spend throughout 2021?" They were saying it would be about a 4% increase. Which we were happy with because as you said last year, it was all negative. That continues to accelerate and is only hyper accelerating now as we head into the back half of the year. In addition, after we do this data, I always host a panel of IT end users to kind of get their feedback on what we collected, to a man, every one of them expects continued increase throughout next year. There are some concerns and uncertainty about what we're seeing right now with COVID, but even with that, they're planning their budgets now for 2022 and they're planning for even further increases going forward. >> Dave: Great, thank you. So we circled that 8%. That's really kind of where we thought it was going to land. And so we're happy with that number, but let's take a look at where the action is by technology sector. This chart that we're showing you here, it tracks spending priorities back to last September. When I believe that was the point, Erik, that cyber became the top priority in the survey, ahead of cloud collaboration, analytics, and data, and the other sectors that you see there. Now, Erik, we should explain. These areas, they're the top seven, and they outrank all the other sectors. ETR tracks many, many other sectors, but please weigh in here and share your thoughts on this data. >> Erik: Yeah. Security, security, security. It hasn't changed. It had really hasn't. The hybrid work. The fact that you're behind the firewall one day and then you're outside working from home the next, switching in and out of networks. This is just a field day for bad actors. And we have no choice right now, but to continue to spend, because as you're going to talk about in a minute, hybrid's here to stay. So we have to figure out a way to secure behind the firewall on-prem. We also have to secure our employees and our assets that are not in the office. So it is a main priority. One of the things that point out on this chart, I had a couple of ITN users talk to me about customer experience and automation really need to move from the right part of that chart to the left. So they're seeing more in what you were talking about in RPA and automation, starting to creep up heading into next year. As cloud migration matures, as you know, cybersecurity spending has been ramping up. People are going to see a little bit more on the analytics and a little bit more on the automation side going forward. >> Dave: Great. Now, this next data view- well, first of all, one of the great things about the ETR dataset is that you can ask key questions and get a time series. And I will tell you again, I go back to last March, ETR hit it. They were the first on the work from home trend. And so if you were on that trend, you were able to anticipate it. And a lot of investors I think took advantage of that. Now, but we've shown this before, but there's new data points that we want to introduce. So the data tracks how CIOs and IT buyers have responded to the pandemic since last March. Still 70% of the organizations have employees working remotely, but 39% now have employees fully returning to the office and Erik, the rest of the metrics all point toward positives for IT spending, although accelerating IT deployments there at the right peaked last year, as people realized they had to invest in the future. Your thoughts? >> Erik: Yeah, this is the slide for optimism, without a doubt. Of the entire macro survey we did, this is the most optimistic slide. It's great for overall business. It's great for business travel. This is well beyond just IT. Hiring is up. I've had some people tell me that they possibly can't hire enough people right now. They had to furlough employees, they had to stop projects, and they want to re accelerate those now. But talent is very hard to find. Another point to you about your automation and RPA, another underlying trend for there. The one thing I did want to talk about here is the hybrid workplace, but I believe there's another slide on it. So just to recap on this extremely optimistic, we're seeing a lot of hiring. We're seeing increased spending, and I do believe that that's going to continue. >> Yeah I'm glad you brought that up because a session that you and I did a while ago, we pointed out, it was earlier this year, that the skill shortage is one potential risk to our positive scenario. We'll keep an eye on that, but so I want to show another set of data that we've showed previously, but ETR again, has added some new questions in here. So note here that 60% of employees still work remotely with 33% in a hybrid model currently, and the CIO's expect that to land on about 42% hybrid workforce with around 30% working remotely, which is around, it's been consistent by the way on your surveys, but that's about double the historic norm, Eric. >> Erik: Yeah, and even further to your point Dave, recently I did a panel asking people to give me some feedback on this. And three of those four experts basically said to me, if we had greed run this survey right now, that even more people would be saying remote. That they believe that that number, that's saying they're expecting that number of people to be back in office, is actually too optimistic. They're actually saying that maybe if we had- cause as a survey launched about six, seven weeks ago before this little blip on the radar, before the little COVID hiccup we're seeing now, and they're telling me that they believe if we reran this now that it would be even more remote work, even more hybrid and less returned to the office. So that's just an update I wanted to offer on this slide. >> Dave: Yeah. Thank you for that. I mean, we're still in this kind of day to day, week to week, month to month mode, but I want to do a little double click on this. We're not going to share this data, but there was so much ETR data. We got to be selective. But if you double click on the hybrid models, you'll see that 50% of organizations plan to have time roughly equally split between onsite and remote with again around 30 or 31% mostly remote, with onsite space available if they need it. And Erik, very few don't plan to have some type of hybrid model, at least. >> Yeah, I think it was less than 10% that said it was going to be exclusively onsite. And again, that was a more optimistic scenario six, seven weeks ago than we're seeing right now throughout the country. So I agree with you, hybrid is here to stay. There really is no doubt about it. from everyone I speak to when, you know, I basically make a living talking to IT end users. Hybrid is here to stay. They're planning for it. And that's really the drive behind the spending because you have to support both. You have to give people the option. You have to, from an IT perspective, you also have to support both, right? So if somebody is in office, I need the support staff to be in office. Plus I need them to be able to remote in and fix something from home. So they're spending on both fronts right now. >> Okay. Let's get into some of the vendor performance data. And I want to start with the cloud hyperscalers. It's something that we followed pretty closely. I got some Wiki bond data, that we just had earnings released. So here's data that shows the Q2 revenue shares on the left-hand side in the pie and the growth rates for the big four cloud players on the right hand side. It goes back to Q1 2019. Now the first thing I want to say is these players generated just under $39 billion in the quarter with AWS capturing 50% of that number. I said 39, it was 29 billion, sorry, with AWS capturing 50% of that in the quarter. As you're still tracking around a third in Alibaba and GCP in the, you know, eight or 9% range. But what's most interesting to me, Erik, is that AWS, which generated almost 15 billion in the quarter, was the only player to grow its revenue, both sequentially and year over year. And Erik, I think the street is missing the real story here on Amazon. Amazon announced earnings on Thursday night. The company had a 2% miss on the top line revenues and a meaningful 22% beat on earnings per share. So the retail side of the business missed its revenue targets, so that's why everybody's freaked out. But AWS, the cloud side, saw a 4% revenue beat. So the stock was off more than 70% after hours and into Friday. Now to me, a mix shift toward AWS, that's great news for investors. Now, tepid guidance is a negative, but the shift to a more profitable cloud business is a huge positive. >> Yeah, there's a lot that goes into stock price, right? I remember I was a director of research back in the day. One of my analysts said to me, "Am I crazy for putting a $1,000 target on Amazon?" And I laughed and I said, "No, you're crazy if you don't make it $2,000." (both chuckling) So, you know, at that time it was basically the mix shift towards AWS. You're a thousand percent right. I think the tough year over year comps had something to do with that reaction. That, you know, it's just getting really hard. What's that? The law of large numbers, right? It's really hard to grow at that percentage rate when you're getting this big. But from our data perspective, we're seeing no slowdown in AWS, in cloud, none whatsoever. The only slowdown we're seeing in cloud is GCP. But to, you know, to focus on AWS, extremely strong across the board and not only just in cloud, but in all their data products as well, data and analytics. >> Yeah and I think that the AWS, don't forget folks, that funds Amazon's TAM expansion into so many different places. Okay. As we said at the top, the world of digital and hybrid work, and multi-cloud, it's more complicated than it used to be. And that means if you need to resolve issues, which everybody does, like poor application performance, et cetera, what's happening at the user level, you have to have a better way to sort of see what's going on. And that's what the emergence of the observability space is all about. So Erik, let me set this up and you have a lot of comments here because you've recently had some, and you always have had a lot of round table discussions with CXOs on this topic. So this chart plots net score or spending momentum on the vertical axis, and market share or pervasiveness in the dataset on the horizontal axis. And we inserted a table that shows the data points in detail. Now that red dotted line is just sort of Dave Vellante's subjective mark in the sand for elevated spending levels. And there are three other points here. One is Splunk as well off is two-year peak, as highlighted in the red, but Signal FX, which Splunk acquired, has made a big move northward this last quarter. As has Datadog. So Erik, what can you share with us on this hot, but increasingly crowded space? >> Yeah. I could talk about the space for a long time. As you know, I've gotten some flack over the last year and a half about, you know, kind of pointing out this trend, this negative trend in Splunk. So I do want to be the first one to say that this data set is rebounding. Splunk has been horrific in our data for going back almost two years now, straight downward trend. This is the first time we're seeing any increase, any positivity there. So I do want to be fair and state that because I've been accused of being a little too negative on Splunk in the past. But I would basically say for observability right now, it's a rising tide lifts all boats, if I can use a New England phrase. The data across the board in analytics for these observability players is up, is accelerating. None more so than Datadog. And it's exactly your point, David. The complexity, the increased cloud migration is a perfect setup for Datadog, which is a cloud native. It focuses on microservices. It focuses on cloud observability. Old Splunk was just application monitoring. Don't get me wrong, they're changing, but they were on-prem application monitoring, first and foremost. Datadog came out as cloud native. They, you know, do microservices. This is just a perfect setup for them. And not only is Datadog leading the observability, it's leading the entire analytics sector, all of it. Not just the observability niche. So without a doubt, that is the strongest that we're seeing. It's leading Dynatrace new Relic. The only one that really isn't rebounding is Cisco App Dynamics. That's getting the dreaded legacy word really attached to it. But this space is really on fire, elastic as well, really doing well in this space. New Relic has shown a little bit of improvement as well. And what I heard when I asked my panelists about this, is that because of the maturity of cloud migration, that this observability has to grow. Spending on this has to happen. So they all say the chart looks right. And it's really just about the digital transformation maturity. So that's largely what they think is happening here. And they don't really see it getting, you know, changing anytime soon. >> Yeah, and I would add, and you see that it's getting crowded. You saw a service now acquired LightStep, and they want to get into the game. You mentioned, you know, last deck of the elk stack is, you know, the open source alternative, but then we see a company who's raised a fair amount of money, startup, chaos search, coming in, going after kind of the complexity of the elk stack. You've got honeycomb, which has got a really innovative approach, Jeremy Burton's company observes. So you have venture capital coming in. So we'll see if those guys could be disruptive enough or are they, you know, candidates to get acquired? We'll see how that all- you know that well. The M and A space. You think this space is ripe for M and A? >> I think it's ripe for consolidation, M and A. Something has to shake out. There's no doubt. I do believe that all of these can be standalone. So we shall see what's happened to, you mentioned the Splunk acquisition of Signal FX, just a house cleaning point. That was really nice acceleration by Signal FX, but it was only 20 citations. We'd looked into this a little bit deeper. Our data scientists did. It appears as if the majority of people are just signaling spunk and not FX separately. So moving forward for our data set, we're going to combine those two, so we don't have those anomalies going forward. But that type of acquisition does show what we should expect to see more of in this group going forward. >> Well that's I want to mention. That's one of the challenges that any data company has, and you guys do a great job of it. You're constantly having to reevaluate. There's so much M and A going on in the industry. You've got to pick the right spots in terms of when to consolidate. There's some big, you know, Dell and EMC, for example. You know, you've beautifully worked through that transition. You're seeing, you know, open shift and red hat with IBM. You just got to be flexible. And that's where it's valuable to be able to have a pipeline to guys like Erik, to sort of squint through that. So thank you for that clarification. >> Thank you too, because having a resource like you with industry knowledge really helps us navigate some of those as well for everyone out there. So that's a lot to do with you do Dave, >> Thank you. It's going to be interesting to watch Splunk. Doug Merritt's made some, you know, management changes, not the least of which is bringing in Teresa Carlson to run go to market. So if you know, I'd be interested if they are hitting, bouncing off the bottom and rising up again. They have a great customer base. Okay. Let's look at some of the same dimensions. Go ahead. You got a comment? >> A few of ETR's clients looked at our data and then put a billion dollar investment into it too. So obviously I agree. (Dave laughing) Splunk is looking like it's set for a rebound, and it's definitely something to watch, I agree. >> Not to rat hole in this, but I got to say. When I look back, cause theCUBE gives us kind of early visibility. So companies with momentum and you talk to the customers that all these shows that we go to. I will tell you that three companies stood out last decade. It was Splunk. It was Service Now and Tableau. And you could tell just from just discussions with their customers, the enthusiasm in that customer base. And so that's a real asset, and that helps them build them a moat. So we'll see. All right, let's take a look at the same dimensions now for cyber. This is cybersecurity net score in the vertical, and market share in the horizontal. And I filtered by in greater than a hundred shared in because just gets so crowded. Erik, the only things I would point out here is CrowdStrike and Zscaler continue to shine, CyberArk also showing momentum over that 40% line. Very impressively, Palo Alto networks, which has a big presence in the market. They've bounced back. We predicted that a while back. Your round table suggested people like working with Palo Alto. They're a gold standard. You know, we had reported earlier on that divergence with four to net in terms of valuation and some of the challenges they had in cloud, clearly, you know, back with the momentum. And of course, Microsoft in the upper, right. It's just, they're literally off the charts and obviously a major player here, but your thoughts on cyber? >> Erik: Yeah. Going back to the backdrop. Security, security, security. It has been the number one priority going back to last September. No one sees it changing. It has to happen. The threat vectors are actually expanding and we have no choice but to spend here. So it is not surprising to see. You did name our three favorite names. So as you know, we look at the dataset, we see which ones have the most positive inflections, and we put outlooks on those. And you did mention Zscaler, Okta and CrowdStrike, by far the three standouts that we're seeing. I just recently did a huge panel on Okta talking about their acquisition of Auth Zero. They're pushed into Sale Point space, trying to move just from single sign on and MFA to going to really privileged account management. There is some hurdles there. Really Okta's ability to do this on-prem is something that a little bit of the IT end users are concerned about. But what we're seeing right now, both Okta and Auth Zero are two of the main adopted names in security. They look incredibly well set up. Zscaler as well. With the ZTNA push more towards zero trust, Zscaler came out so hot in their IPO. And everyone was wondering if it was going to trail off just like Snowflake. It's not trailing off. This thing just keeps going up into the right, up into the right. The data supports a lot of tremendous growth for the three names that you just mentioned. >> Yeah. Yeah. I'm glad you brought up Auth Zero. We had reported on that earlier. I just feel like that was a great acquisition. You had Okta doing the belly to belly enterprise, you know, selling. And the one thing that they really lacked was that developer momentum. And that's what Auth Zero brings. Just a smart move by Todd McKinnon and company. And I mean, so this, you know, I want to, I want to pull up another chart show a quick snapshot of some of the players in the survey who show momentum and have you comment on this. We haven't mentioned Snowflake so far, but they remain again with like this gold standard of net score, they've consistently had those high marks with regard to spending velocity. But here's some other data. Erik, how should we interpret this? >> Erik: Yeah, just to harp on Snowflake for a second. Right, I mean the rich get richer. They came out- IPO was so hyped, so it was hard for us as a research company to say, "Oh, you know, well, you know, we agree." But we did. The data is incredible. You can't beat the management team. You can't beat what they're doing. They've got so much cash. I can't wait to see what they do with it. And meanwhile, you would expect something that debuted with that high of a net score, that high of spending velocity to trail off. It would be natural. It's not Dave, it's still accelerating. It's gone even higher. It's at all time highs. And we just don't see it stopping anytime soon. It's a really interesting space right now. Maybe another name to look at on here that I think is pretty interesting, kind of a play on return to business is Kupa. It's a great project expense management tool that got hit really hard. Listen, traveling stopped, business expense stopped, and I did a panel on it. And a lot of our guys basically said, "Yeah, it was the first thing I cut." But we're seeing a huge rebound in spending there in that space. So that's a name that I think might be worth being called out on a positive side. Negative, If you look down to the bottom right of that chart, unfortunately we're seeing some issues in RingCentral and Zoom. Anything that's sort of playing in this next, you know, video conferencing, IP telephony space, they seem to be having really decelerating spending. Also now with Zoom's acquisition of five nine. I'm not really sure how RingCentral's going to compete on that. But yeah, that's one where we debuted for the first time with a negative outlook on that name. And looking and asking to some of the people in our community, a lot of them say externally, you still need IP telepany, but internally you don't. Because the You Cast communication systems are getting so sophisticated, that if I have Teams, if I have Slack, I don't need phones anymore. (chuckling) That you and I can just do a Slack call. We can do a Teams call. And many of them are saying I'm truly ripping out my IP Telepany internally as soon as possible because we just don't need it. So this whole collaboration, productivity space is here to stay. And it's got wide ranging implications to some of these more legacy type of tools. >> You know, one of the other things I'd call out on this chart is Accenture. You and I had a session earlier this year, and we had predicted that that skill shortage was going to lead to an uptick in traditional services. We've certainly seen that. I mean, IBM beat its quarter on the strength of services largely. And seeing Accenture on that is I think confirmation. >> Yeah that was our New Year prediction show, right Dave? When we made top 10 predictions? >> That's right. That was part of our predictions show. Exactly, good memory. >> The data is really showing that continue. People want the projects, they need to do the projects, but hiring is very difficult. So obviously the number one beneficiary there are going to be the Accentures of the world. >> All right. So let's do a quick wrap. I'm going to make a few comments and then have you bring us home, Erik. So we laid out our scenario for the tech spending rebound. We definitely believe last year tracked downward, along with GDP contraction. It was interesting. Gardner doesn't believe, at least factions of Gardner don't believe there's a correlation between GDP and tech spending. But, you know, I personally think there generally is some kind of relatively proportional pattern there. And I think we saw contraction last year. People are concerned about inflation. Of course, that adds some uncertainty. And as well, as you mentioned around the Delta variant. But I feel as though that the boards of directors and CEOs, they've mandated that tech execs have to build out digital platforms for the future. They're data centric. They're highly automated, to your earlier points. They're intelligent with AI infused, and that's going to take investment. I feel like the tech community has said, "Look, we know what to do here. We're dealing with hybrid work. We can't just stop doing what we're doing. Let's move forward." You know, and as you say, we're flying again and so forth. You know, getting hybrid right is a major priority that directly impacts strategies. Technology strategies, particularly around security, cloud, the productivity of remote workers with collaboration. And as we've said many times, we are entering a new era of data that's going to focus on decentralized data, building data products, and Erik let's keep an eye on this observability space. Lot of interest there, and buyers have a number of choices. You know, do they go with a specialist, as we saw recently, we've seen in the past, or did they go with the generalist like Service Now with the acquisition of LightStep? You know, it's going to be interesting. A lot of people are going to get into this space, start bundling into larger platforms. And so as you said, there's probably not enough room for all the players. We're going to see some consolidation there. But anyway, let me give you the final word here. >> Yeah, no, I completely agree with all of it. And I think your earlier points are spot on, that analytics and automation are certainly going to be moving more and more to that left of that chart we had of priorities. I think as we continue that survey heading into 2022, we'll have some fresh data for you again in a few months, that's going to start looking at 2022 priorities and overall spend. And the one other area that I keep hearing about over and over and over again is customer experience. There's a transition from good old CRM to CXM. Right now, everything is digital. It is not going away. So you need an omni-channel support to not only track your customer experience, but improve it. Make sure there's a two way communication. And it's a really interesting space. Salesforce is going to migrate into it. We've got Qualtrics out there. You've got Medallia. You've got FreshWorks, you've got Sprinkler. You got some names out there. And everyone I keep talking to on the IT end user side keeps bringing up customer experience. So let's keep an eye on that as well. >> That's a great point. And again, it brings me back to Service Now. We wrote a piece last week that's sort of, Service Now and Salesforce are on a collision course. We've said that for many, many years. And you've got this platform of platforms. They're just kind of sucking in different functions saying, "Hey, we're friends with everybody." But as you know Erik, software companies, they want to own it all. (both chuckling) All right. Hey Erik, thank you so much. I want to thank you for coming back on. It's always a pleasure to have you on Breaking Analysis. Great to see you. >> Love the partnership. Love the collaboration. Let's go enjoy this summer Friday. >> All right. Let's do. Okay, remember everybody, these episodes, they're all available as podcasts, wherever you listen. All you got to do is search Breaking Analysis Podcast, click subscribe to the series. Check out ETR's website at etr.plus. They've just launched a new website. They've got a whole new pricing model. It's great to see that innovation going on. Now remember we also publish a full report every week on WikiBond.com and SiliconAngle.com. You can always email me, appreciate the back channel comments, the metadata insights. David.Vellante@SiliconAngle.com. DM me on Twitter @DVellante or comment on the LinkedIn posts. This is Dave Vellante for Erik Bradley and theCUBE insights powered by ETR. Have a great week, a good rest of summer, be well. And we'll see you next time. (inspiring music)

from the cube studios in palo alto in boston bringing you data-driven insights from the cube and etr this is breaking analysis with dave vellante the pandemic not only accelerated the shift to digital but also highlighted a rush of cyber criminal sophistication collaboration and chaotic responses by virtually every major company in the planet the solar winds hack exposed supply chain weaknesses and so-called island hopping techniques that are exceedingly difficult to detect moreover the will and aggressiveness of well-organized cyber criminals has elevated to the point where incident responses are now met with counterattacks designed to both punish and extract money from victims via ransomware and other criminal activities the only upshot is the cyber security market remains one of the most enduring and attractive investment sectors for those that can figure out where the market is headed and which firms are best positioned to capitalize hello everyone and welcome to this week's wikibon cube insights powered by etr in this breaking analysis we'll provide our quarterly update of the security industry and share new survey data from etr and thecube community that will help you navigate through the maze of corporate cyber warfare we'll also share our thoughts on the game of 3d chest that octa ceo todd mckinnon is playing against the market now we all know this market is complicated fragmented and fast moving and this next chart says it all it's an interactive graphic from optiv a denver colorado based si that's focused on cyber security they've done some really excellent research and put together this awesome taxonomy and mapped vendor names therein and this helps users navigate the complex security landscape and there are over a dozen major sectors high-level sectors within the security taxonomy in nearly 60 sub-sectors from monitoring vulnerability assessment identity asset management firewalls automation cloud data center sim threat detection and intelligent endpoint network and so on and so on and so on but this is a terrific resource and can help you understand where players fit and help you connect the dots in the space now let's talk about what's going on in the market the dynamics in this crazy mess of a landscape are really confusing sometimes now since the beginning of cyber time we've talked about the increasing sophistication of the adversary and the back and forth escalation between good and evil and unfortunately this trend is unlikely to stop here's some data from carbon black's annual modern bank heist report this is the fourth and of course now vmware's brand highlights the carbon black study since the acquisition and it catalyzed the creation of vmware's cloud security division destructive malware attacks according to the recent study are up 118 percent from last year now one major takeaway from the report is that hackers aren't just conducting wire fraud they are 57 of the bank surveyed saw an increase in wire fraud but the cyber criminals are also targeting non-public information such as future trading strategies this allows the bad guys to front run large block trades and profit it's become very lucrative practice now the prevalence of so-called island hopping is up 38 from already elevated levels this is where a virus enters a company's supply chain via a partner and then often connects with other stealthy malware downstream these techniques are more common where the malware will actually self-form with other infected parts of the supply chain and create actions with different signatures designed to identify and exfiltrate valuable information it's a really complex problem of major concern is that 63 of banking respondents in the study reported that responses to incidents were then met with retaliation designed to intimidate or initiate ransomware attacks to extract a final pound of flesh from the victim notably the study found that 75 percent of csos reported to the cio which many feel is not the right regime the study called for a rethinking of the right cyber regime where the cso has increased responsibility in a direct reporting line to the ceo or perhaps the co with greater exposure to boards of directors so many thanks to vmware and tom kellerman specifically for sharing this information with us this past week great work by your team now some of the themes that we've been talking about for several quarters are shown in the lower half of the chart cloud of course is the big driver thanks to work from home and the pandemic to pandemic and the interesting corollary of course is we see a rapid rethinking of endpoint and identity access management and the concept of zero trust in a recent esg survey two-thirds of respondents said that their use of cloud computing necessitated a change in how they approach identity access management now as shown in the chart from optiv the market remains highly fragmented and m a is of course way up now based on our research it looks like transaction volume has increased more than 40 percent just in the last five months so let's dig into the m a the merger and acquisition trends for just a moment we took a five month snapshot and we were able to count about 80 deals that were completed in that time frame those transactions represented more than 20 billion dollars in value some of the larger ones are highlighted here the biggest of course being the toma bravo taking proof point private for a 12 plus billion dollar price tag the stock went from the low 130s and is trading in the low 170s based on 176 dollar per share offer so there's your arbitrage folks go for it perhaps the more interesting acquisition was auth 0 by octa for 6.5 billion which we're going to talk about more in a moment there's more private equity action we saw as insight bought armis and iot security play and cisco shelled out 730 million dollars for imi mobile which is more of an adjacency to cyber but it's going to go under cisco's security and applications business run by g2 patel but these are just the tip of the iceberg some of the themes that we see connecting the dots of these acquisitions are first sis like accenture atos and wipro are making moves in cyber to go local they're buying secops expertise as i say locally in places like france germany netherlands canada and australia that last mile that belly-to-belly intimate service israel israeli-based startups chalked up five acquired companies in the space over the last five months also financial services firms are getting into the act with goldman and mastercard making moves to own its own part of the stack themselves to combat things like fraud and identity theft and then finally numerous moves to expand markets octa with zero crowdstrike buying a log management company palo alto picking up devops expertise rapid seven shoring up its kubernetes chops tenable expanding beyond insights and going after identity interesting fortinet filling gaps in a multi-cloud offering sale point extending to governance risk and compliance grc zscaler picked up an israeli firm to fill gaps in access control and then vmware buying mesh 7 to secure modern app development and distribution services so tons and tons of activity here okay so let's look at some of the etr data to put the cyber market in context etr uses the concept of market share it's one of the key metrics which is a measure of pervasiveness in the data set so for each sector it calculates the number of respondents for that sector divided by the total to get a sense for how prominent the sector is within the cio and i.t buyer communities okay this chart shows the full etr sector taxonomy with security highlighted across three survey periods april last year january this year in april this year now you wouldn't expect big moves in market share over time so it's relatively stable by sector but the big takeaway comes from observing which sectors are most prominent so you see that red line that dotted line imposed at the sixty percent level you can see there are only six sectors above that line and cyber security is one of them okay so we know that security is important in a large market but this puts it in the context of the other sectors however we know from previous breaking analysis episodes that despite the importance of cyber and the urgency catalyzed by the pandemic budgets unfortunately are not unlimited and spending is bounded it's not an open checkbook for csos as shown in this chart this is a two-dimensional graphic showing market share in the horizontal axis or pervasiveness and net score in the vertical axis net score is etr's measurement of spending velocity and we've superimposed a red line at 40 percent because anything over 40 percent we consider extremely elevated we've filtered and limited the number of sectors to simplify the graphic and you can see in the sectors that we've highlighted only the big four four are above that forty percent line ai containers rpa and cloud they exceed that sort of forty percent magic water line information security you can see that is highlighted and it's respectable but it competes for budget with other important sectors so this of course creates challenges for organization because not only are they strapped for talent as we've reported they like everyone else in it face ongoing budget pressures research firm cybersecurity ventures estimates that in 2021 6 trillion dollars worldwide will be lost on cyber crime conversely research firm canalis pegs security spending somewhere around 60 billion dollars annually idc has it higher around 100 billion so either way we're talking about spending between one to one point six percent annually of how much the bad guys are taking out that's peanuts really when you consider the consequences so let's double click into the cyber landscape a bit and further look at some of the companies here's that same x y graphic with the company's etr captures from respondents in the cyber security sector that's what's shown on the chart here now the usefulness of the red lines is 20 percent on the horizontal indicates the largest presence in the survey and the magic 40 percent line that we talked about earlier shows those firms with the most elevated momentum only microsoft and palo alto exceed both high water marks of course splunk and cisco are prominent horizontally and there are numerous companies to the left of the 20 percent line and many above that 40 percent high water mark on the vertical axis now in the bottom left quadrant that includes many of the legacy names that have been around for a long time and there are dozens of companies that show spending momentum on their platforms i.e above single digits so that picture is like the first one we showed you very very crowded space but so let's filter it a bit and only include companies in the etr survey that had at least a hundred responses so an n of a hundred or greater so it's a little easy to read but still it's kind of crowded when you think about it okay so same graphic and we've superimposed the data that determined the plot position over in the bottom right there so it's net score and shared n including only companies with more than 100 n so what does this data tell us about the market well microsoft is dominant as always it seems in all dimensions but let's focus on that red line for a moment some of the names that we've highlighted over the past two years show very well here first i want to talk about palo alto networks pre-covet as you might recall we highlighted the valuation divergence between palo alto and fortinet and we said fortinet was executing better on its cloud strategy and palo alto was at the time struggling with the transition especially with its go to market and its sales force compensation and really refreshing its portfolio but we told you that we were bullish on palo alto networks at the time because of its track record and the fact that cios consistently told us that they saw palo alto as a thought leader in the space that they wanted to work with they said that palo alto was the gold standard the best especially larger company cisos so that gave us confidence that palo alto a very well-run company was going to get its act together and perform better and palo alto has just done just that as we expected they've done very well and they've been rapidly moving customers to the next generation of platforms and we're very impressed by the company's execution and the stock has generally reflected that now some other names that hit our radar and the etr data a couple of years ago continue to perform well crowdstrike z-scaler sales sail point and cloudflare a cloudflare just reported and beat earnings but was off the stock fell on headwinds for tech overall the big rotation but the company is doing very well and they're growing rapidly and they have momentum as you can see from the etr data and we put that double star around proof point to highlight that it was worthy of fetching 12 and a half billion dollars from private equity firm so nice exit there supporting the continued control consolidation trend that we've predicted in cyber security now let's turn our attention to octa and auth zero this is where it gets interesting and is a clever play for octa we think and we want to drill into it a bit octa is acquiring auth zero for big money why well we think todd mckinnon octa ceo wants to run the table on identity and then continue to expand his tam he has to do that to justify his lofty valuation so octa's ascendancy around identity and single sign sign-on is notable the fragmented pictures that we've shown you they scream out for simplification and trust and that's what octa brings but it competes with some major players most notably microsoft with active directory so look of course microsoft is going to dominate in its massive customer base but the rest of the market that's like jump ball it's wide open and we think mckinnon saw the opportunity to go dominate that sector now octa comes at this from an enterprise perspective bringing top-down trust to the equation and throwing a big blanket over all the discrete sas platforms and unifying employee access octa's timing was perfect it was founded in 2009 just as the massive sasification trend was happening around crm and hr and service management and cloud etc but the one thing that octa didn't have that auth 0 does is serious developer chops while octa was crushing it with its enterprise sales strategy auth 0 was laser focused on developers and building a bottoms up approach to identity by acquiring auth0 octa can dominate both sides of the barbell and then capture the fat middle so yes it's a pricey acquisition but in our view it's a great move by mckinnon now i don't know mckinnon personally but last week i spoke to arun shrestha who's the ceo of security specialist beyond id they're a platinum services partner of octa and there a zero trust expert he worked for octa for a number of years and shared with me a bit about mckinnon's style and think big approach arun said something that caught my attention he said firewalls used to be the perimeter now people are and while that's self-serving to octa and probably beyond id it's true people apps and data are the new perimeter and they're not in one location and that's the point now unfortunately i had lined up an interview with dia jolly who was the chief product officer at octa in a cube alum for this past week knowing that we were running this segment in this episode but she unfortunately fell ill the day of our interview and had to cancel but i want to follow up with her and understand how she's thinking about connecting the dots with auth 0 with devs and enterprises and really test our thesis there this is a really interesting chess match that's going on let's look a little deeper into that identity space this chart here shows some of the major identity players it has some of the leaders in the identity market and there's a breakdown of etr's net score now net score comprises five elements the lime green is we're adding the platform new the forest green is we're spending six percent or more relative to last year the gray is flat send plus or minus flat spend plus or minus five percent the pinkish is spending less and the bright red is where exiting the platform retiring now you subtract the red from the green and that gets you the result for net score which you can see superimposed on the right hand chart at the bottom that first column there the far column is shared in which informs and indicates the number of responses and is a proxy for presence in the market oh look at the top two players in terms of spending momentum now sales sale point is right there but auth 0 combined with octa's distribution channel will extend octa's lead significantly in our view and then there's microsoft now just a caveat this includes all of microsoft's security offerings not just identity but it's there for context and cyber arc as well includes its acquisition of adaptive but also other parts of cyberarks portfolio so you can see some of the other names that are there many of which you'll find in the gartner magic quadrant for identity and as we said we really like this move by octa it combines positive market forces with lead offerings from very well-run companies that have winning dna and passionate people now to further emphasize emphasize what what's happening here take a look at this this chart shows etr data for octa within sale point and cyber arc accounts out of the 230 cyber and sale point customers in the data set there are 81 octa accounts that's a 35 overlap and the good news for octa is that within that base of sale point in cyber arc accounts octa is shown by the net score line that green line has a very elevated spending and momentum and the kicker is if you read the fine print in the right hand column etr correctly points out that while sailpoint and cyberarc have long been partners with octa at the recent octane 21 event octa's big customer event the company announced that it was expanding into privileged access management pam and identity governance hello and welcome to coopetition in the 2020s now our current thinking is that this bodes very well for octa and cyberark and sailpoint well they're going to have to make some counter moves to fend off the onslaught that is coming now let's wrap up with what has become a tradition in our quarterly security updates looking at those two dimensions of net score and market share we're going to see which companies crack the top 10 for both measures within the etr data set we do this every quarter so here on the left we have the top 20 sorted by net score or spending momentum and on the right we sort by shared n so again top 20 which informs shared end and forms the market share metric or presence in the data set that red horizontal lines those two lines on each separate the top 10 from the remaining 10 within those top 20. in our method what we do is we assign four stars to those companies that crack the top ten for both metrics so again you see microsoft palo alto networks octa crowdstrike and fortinet fortinet by the way didn't make it last quarter they've kind of been in and out and on the bubble but you know this company is very strong and doing quite well only the other four did last quarter there was same four last quarter and we give two stars to those companies that make it in both categories within the top 20 but didn't make the top 10. so cisco splunk which has been steadily decelerating from a spending momentum standpoint and z-scaler which is just on the cusp you know we really like z-scaler and the company has great momentum but that's the methodology it is what it is now you can see we kept carbon black on the rightmost chart it's like kind of cut off it's number 21 only because they're just outside looking in on netscore you see them there they're just below on on netscore number 11. and vmware's presence in the market we think that carbon black is really worth paying attention to okay so we're going to close with some summary and final thoughts last quarter we did a deeper dive on the solar winds hack and we think the ramifications are significant it has set the stage for a new era of escalation and adversary sophistication now major change we see is a heightened awareness that when you find intruders you'd better think very carefully about your next moves when someone breaks into your house if the dog barks or if you come down with a baseball bat or other weapon you might think the intruder is going to flee but if the criminal badly wants what you have in your house and it's valuable enough you might find yourself in a bloody knife fight or worse what's happening is intruders come to your company via island hopping or inside or subterfuge or whatever method and they'll live off the land stealthily using your own tools against you so they can you can't find them so easily so instead of injecting new tools in that send off an alert they just use what you already have there that's what's called living off the land they'll steal sensitive data for example positive covid test results when that was really really sensitive obviously still is or other medical data and when you retaliate they will double extort you they'll encrypt your data and hold it for ransom and at the same time threaten to release the sensitive information to crushing your brand in the process so your response must be as stealthy as their intrusion as you marshal your resources and devise an attack plan you face serious headwinds not only is this a complicated situation there's your ongoing and acute talent shortage that you tell us about all the time many companies are mired in technical debt that's an additional challenge and then you've got to balance the running of the business while actually affecting a digital transformation that's very very difficult and it's risky because the more digital you become the more exposed you are so this idea of zero trust people used to call it a buzzword it's now a mandate along with automation because you just can't throw labor at the problem this is all good news for investors as cyber remains a market that's ripe for valuation increases and m a activity especially if you know where to look hopefully we've helped you squint through the maze a little bit okay that's it for now thanks to the community for your comments and insights remember i publish each week on wikibon.com and siliconangle.com these episodes they're all available as podcasts all you do is search breaking analysis podcast put in the headphones listen when you're in your car out for your walk or run and you can always connect on twitter at divalante or email me at david.valante at siliconangle.com i appreciate the comments on linkedin and in clubhouse please follow me so you're notified when we start a room and riff on these topics and others and don't forget to check out etr.plus for all the survey data this is dave vellante for the cube insights powered by etr be well and we'll see you next time [Music] you