from the cube studios in Palo Alto in Boston connecting with thought leaders all around the world this is a cube conversation vibrator this is Dave Volante and welcome to this special cube conversation as you know I've been running a CXO series now for several weeks really trying to understand how leaders are dealing and coping with the Cova 19 crisis today we want to switch gears a little bit and talk not only about how leadership has sort of navigated through this crisis but also start to imagine what it's going to look like coming out of it I'm going to introduce you to a company that have been talking about now for the last well six to nine months company called octave as you know from my previous breaking analysis this is a company that not only is in the security business they really kind of made their mark with identification management but also really there's a data angle normally when you think about security you thinking about auto security it means that less user flexibility it means less value from the user standpoint what what octa has done really successfully is bring together both endpoint security as well as that data angle and so the company is about six hundred million dollars in revenue they've got an eighteen billion dollar valuation which you know may sound kind of rich at 30 X a revenue multiple but as I've reported the company is growing very rapidly I've talked about the you know the rule of 40 octa is really a rule of 50 type of company you know by that definition they're with me here to talk about the product side of things as dia jolly who's the chief product officer yeah thanks so much for coming on the cube I hope you're doing okay how are things out in California things are going well good to meet you as well Dave I hope you're doing well as well yeah we're hanging in there you know the studios are rocking the cube you know continues our daily reporting I want to start with your role you're relatively new to octa you've got a really interesting background particularly understanding endpoints you're at Google Google home of Google Nest you spent some time you know worrying about looking after Xbox do you a good understanding of what's going on in the marketplace but talk about your your role and how specifically you're bringing that to enterprise sure so I drove about this I I say that I've done every kind of known product management imaginable the man at this point I'm done both Hardware Don software so dealt a lot with endpoints as you talked about that a lot with sass dealt with consumer dealt with enterprise and all over the place completely different sizes so after really my role as a chief product officer is to be able to understand and what our customers need right and what are the challenges they're facing and not just the challenges they're facing today but also what are the challenges that they'll face tomorrow that they don't even know about and then help build products to be able to overcome that both with our engineering teams as well as with our sales engineering team so that we can take it to market now my background is unique because I've seen so many identity being used in so many different ways across so many different use cases whether it's enterprise or its consumer and that given that we covered both sides spectrum I can bring that to bear yes so what I've reported previously is that that you guys kind of made your mark with with identification management but in terms of both workforce but also customer identification management which has been I think allowed you to be very very successful I want to bring up a chart and share something that I've I've shared a lot of data with our audience previously some guys if you bring that up so this is data from enterprise Technology Research our data partner and for those who follow this program you know we we generally talk in in two metrics a net score which is a measure of spending momentum and and also market share which really isn't real market share but it's it's pervasiveness in the survey and what you can see here is the latest April survey from over 1200 CIOs and IT practitioners and we're isolating on an octa and and we brought it back to July 15 survey you see a couple of points here I want to make one is it something to the right this is pervasiveness or market share so octa in the market is doing very very well it's why the valuation is so high what's driving the growth and then you can see in the green a 55% net net score very very strong it's one of the leaders in security but as I said it's more than than that so dia from a product standpoint what is powering this momentum sure so as you well know the world is working from home what after does is it provides Identity Management that allows you to connect to any technology and by any technology it primarily means technology technology that's not just on premise like your applications on-premise old-school applications or into software that's on premise but it also means technology that's in the clouds of SAS applications application infrastructure that's in the cloud etc and on the other hand it also allows companies to deploy applications where they can connect to their customers online so as more and more of the world moves to work from home you need to be able to securely and seamlessly allow your employees your partners to be able to connect from their home and to be able to do their work and that's the foundation that we provide now if you look at if you we've heard a lot in the press about companies like zoom slack people that provide online collaboration and their usage has gone up we're seeing similar trends across both octa as well as the entire security industry in general right and if you look at information recently since over to started phishing attacks have increased by six hundred and sixty seven percent and what we've seen in response is one of our products which is multi-factor authentication we've experienced in eighty percent growth in usage so really as Corvette has pushed forward there was a trend for people to be able to work remotely for people to be able to access cloud apps and but as ubered has suddenly poured gas on the fire for that we're seeing our customers reaching out to us a lot more needing more support and just the level of awareness and the level of interest raising let's talk about some of the trends that you guys see in the marketplace and like to better understand how that informs your product or you know roadmap and decisions you know obviously this cloud you guys have made a really good mark in the cloud space you know with both your your operating model your pricing model the modern stack the other is a reference that upfront which data talked a lot about digital transformation digital us data course the third is purity related to trust we've talked a lot on the cube about how the perimeter is there is no particular anymore the Queen is left her castle and so what are the big trends that you see the big waves that that you're riding and how does that inform your product directly sure so a few different things I think number one if you think about the way I've phrase this is or the way I think about it is the following any big technological trend you see today right whether it's the move the cloud whether it's mobile whether it's artificial intelligence intelligence you think about the neural nets etc or it's a personalized consumer experience all of that fundamentally depends on identity so the most important the so from a from being an identity provider the most important thing for us is to be able to build something that is flexible enough that is broad enough that it is able to span multiple uses right so we've taken from a product perspective that means we can follow two philosophies we can either the try and go solve each of these pain points one by one or we can actually try to build a platform that is more open that's more extensible and that's more flexible so that we can solve many of these use cases right and not only can we solve it because there's it extensible our customers can customize it they can build on top of it our partners can build on top of it so that's one thing that's one product philosophy that we hold dear and so we have the Octagon cloud which is a platform which provides both workforce identity as well as customer identity using the same underlying components the same multi-factor authentication we use for workforce we package up as an SDK so that our customer identity customers that's number one the second thing is you rightfully mention is data you can't really secure identity without data so we have very we have a lot of data across our customers we know when the users logging in we know what device they're logging in front we know the security posture on the device we know where they're logging in from we know their different behaviors were apps they go into or during wartime of the day etc so being able to harness all this data to say hey and apply ml model squared to say hey is the user secure or not is a very very core foundation of our product so for example we have what we call risk-based authentication you can not only do things like hey this user seems to be logging on from a location they've never logged on from but you could even do things like well you may not want to stop the user they may be traveling so instead of just asking them for a for a password you ask them for a multi-factor right so that's the other piece of it and in many ways data and security and usability are three legs of a triangle the more data you have the more you can allow a user you more security you can provide a user without creating more friction so it's sometimes helpful for the audience to understand a company in a edit Avant act in the landscape so the obvious platform out there is Active Directory now Microsoft with Azure Active Directory you know really you know trying to and and that's really been on their platforms but with api's you know Microsoft has got a thumbs in every pie how does octave differentiate from some of the other traditional platforms that are out there and and what gives you confidence that it and you can continue to do so going forward post kovat that's it that's a fantastic question Dave um so I think we divide if you think about our competitors on the workforce side we've got Microsoft and a couple of other competitors and on the customer Identity side really it's a bill versus buy story right most companies customer identity internally so let's take workforce first Microsoft is the dominant player there they've got Active Directory they've now got Azure Active Directory and from a Microsoft perspective I think Microsoft is always been great at building products or building technology that interconnected run the world is going to more there's more and more technology proliferation in the world and the way we differentiate is by becoming a neutral and independent platform so whether you're on a Microsoft stack whether you're on a Google stack whether you're on an amazon stack we are able to connect with you deeply we connect just as well with all 365 as they connect with Salesforce as we connect with AWS right and that has been our core philosophy and not only is that a philosophy for other when other vendors it's a philosophy for ourselves as well we have multi-factor authentication so do many other providers like duo if you want to use ours great if you don't want to use ours with our platform who use the one that's best for your technology and I think what we've always believed in from a product perspective is this independence this neutrality this ability to plug-and-play any technology you want into a platform to be able to do what you want and the technology that's best for your business's need so what's interesting what you said about the sort of make versus buy that's particularly relevant for the customer identification management because let's say you know I'm buying from Amazon I've got Amazon they know who I am but if I understand it correctly customers now are able to look across brands maybe cohort selling maybe make specific offers analyze the data that's an advantage that you bring that maybe do it yourself doesn't Frank maybe talk about that a little bit sure so really if you think about if you think about a bill versus buying even ten years ago life used to be relatively simple maybe 15 years ago you had a website you as your username your the password you weren't really using you don't have multiple channels you didn't have multiple devices as prevalent you didn't have multiple apps in a lot of cases connected to each other right and in that in that day and age password was fairly secure you weren't doing a lot of personalization with the user data or had a lot of sensitive user data so building a custom identity solution having your customer managing your customers identity yourself was fairly easy now it's becoming more and more hard number one I just talked about the phishing attacks they're an equal number of attacks on the customer identity side right so how do you actually secure this identity how do you actually use things like multi-factor authentication how do you keep up with all the latest in multi-factor authentication touch ID face ID etcetera and that's one the second thing we provide is scale for a number of companies we also provide the ability to scale dramatically which scaling identity and being being able to authenticate someone and keep someone authenticated in real time is actually a very big channel challenge as you get to more and more scale and then the last thing that you mentioned is this ability we provide a single view of the user which is super super powerful because now if you think about one of our customers Albertsons they have multiple different apps there are multiple different digital experiences and he don't have a siloed view of their customer across all these experiences here one identity for your customer that customer uses that one identity to log on to all your digital experiences across all channels and we're able to bring that data back together so if Albertsons wants to say hey somebody shot a in or bought something in one particular app but I know people that buy this particular object like something else that's available in another app they can give a promotion for it or they can give a discomfort that's so that makes a lot of sense I went into the PR platform get our data partner and I looked at which industries are really showing moment so remember this survey focus was run right in the heart of the the Cova 19 pandemic from from mid-march the mid April so it's a good of good current data point and there were four that stood out large companies healthcare and pharma telco which is courses this work-from-home thing and then consumer the example that you just gave from Albertsons is really you know sort of around that consumer there are a lot of industries that obviously been hit airlines restaurants hospitality but but these four really stood out as growth areas despite the kovat 19 pandemic I want to ask you about octane you just got it had your big user conference anything product specific that came out of that that our audience should know about I mean I'm an interested in access gateway I know that wasn't necessarily a new announcement but Cloud Gateway what were the highlights of some of those things from a product stamp yeah of course so we did we did made a very difficult decision to pivot octane virtually and we did this because a number of our customers are given what they're facing with the Kovach pandemic wanted to hear more around news around what our product launches are how they could use this with cetera and really I'd say there are three key product launches that I want to highlight here we had a number of different announcements and it was a very successful conference but the three that are the most relevant here one is we've always talked about being a platform and we've set this for the past four or five years I think and but over the last your and going into the next couple of years we're investing very very heavily in making our platform even more powerful even more extensible even more customizable and so that it can go across the scenarios you described right which is whether you're on Prem with Auto access gateway or you're in the cloud or in some kind of hybrid environment or you using some mix-and-match or work from home people in the office etc so really what we did this year over the last year was deepen our platform footprint and we started releasing the four components available in a platform which we call platform services so we have six components and we were directories that is customizable and and flexible so you can build your own emails except for N equals four users adds information related to them we have an integration platform that we've made available at a deep level where where our customers can use SDKs tools etc to be able to integrate with octa in a platform which we've talked a lot about and then we released three new platform services and one was what we call arc identity engine we had released we talked about this last year and this year we talked about it last year from a customer identity perspective this year we brought her into our workforce identity but also what that does is it allows you a lot more flexibility for situations like we're in right it allows you flexibility to define security policies at the parabola it so you could decide hey for my email I don't want my customers to have to use a multi-factor authentication for but for Salesforce I would definitely want them to use a multi-factor authentication if they're not in the office and it also allows you to have a lot more flexible factor recovery so for example if you forgot your password one of the biggest pain points of co-ed has been the number of helpdesk costs have been rising through the roof the phone calls are ringing nonstop right and one of the biggest reasons for helpdesk are says oh I can't login I got locked out either lost a factor or L forgot my password it helps with that um so that's one set of announcements the second set of announcements was we launched a brand new devices platform and personally this is my personal favorite but really what the devices platform allows you to do is the feature in it that we launched is called Fast Pass and what phosphorous allows you to do is it actually takes phosphorous to the next level it allows you to basically use logging into your device and us understanding the posture of the device and all the user context around you to be able to log you directly dr. then I imagine if you're on a Mac or a iOS device or an Android or a Windows device just being able to face match into your iOS or being able to touch ID into your Windows hello and you're automatically logged into lockdown right that is that and and the way we do that is we have this client on across all these operating systems that can really understand the security posture of the device it can understand of the device is managed if it's safe if it's jailbroken if it's unmanaged it can also connect with multiple signals on the device so if you have an EDR and MDM vendor we can ingest those signals and what they think of the risk we can also ingest signals directly from apps if apps things like um G suite and Salesforce actually track user behavior to determine risk they can pass those signals to us and then we can make a decision on hey we should allow the user to authenticate directly into octa because they've authenticated their device which we can make a decision that says no let's provider let's ask them to step up with a multi-factor authentication or we can say no this is too risky let's deny access and all of this is configurable by the IT admin they can decide the risk levels they're comfortable with they can decide the different risk levels by different apps so that was another major announcement and then and as a product person you rarely ever get the chance to actually increase security and usability at one time which is why it's my favorite you increase both security and usability together now the last one was action was a workflows engine we call it workflows lifecycle management and we it's really we launched a graphical no cord user interface identity is so important so many business processes for our customers there's so many business processes built an identity for example if someone joins her company you usually either have a script that allows them access to the applications they need to or you actually have an IT admin sitting in there trying to manually provide access or when they leave right what workflow lifecycle management or lifecycle management workflows allows you to do is it actually allows you to provide it actually provides you the no core graphical user interface where you can build all these flows so now you don't need someone that knows coding you can even have a business unit so for example I for me in the product for the product org I can have someone say hey building a business process similar it's something you would build in sort of like an iPad and allow everyone that comes in to be able to have access to fig mom because we use pigma a lot right those are the kinds of things you can do and it's super powerful and it takes the ability of our already existing lifecycle management product to the next level well thank you for that that's that summary dear so I want to kind of close with I mean those of you have been following the cube for a while there I think there's some similarities between octa and and and service now that obviously obvious differences but we started following you know ServiceNow pre-ipo is less than a hundred million dollar company and we've seen that company build out as a platform company and that's really what octa is doing here we're talking about a total available market that's yeah probably north of 50 billion so the the question I have he is you know what Frederic and pod started 11 years ago playing on the dynamics coming out of the financial crisis that got us to where we are today now you've got the challenge of you've achieved reached escape velocity now you've got this you know massive growth opportunity in front of you how do you see the product portfolio evolving expanding and I'm also interested in postcode with 19 you know no whiteboards no face-to-face contact not at least not for a while and how you're kind of managing through that but but how can we expect the product portfolio to expand over time what can you share with us so one of the given how pervasive identity has become and given how not just broad but at the same time deep it is there are multiple different places or product portfolio >> and a number of different places were thinking about right so one is you mentioned today we play in workforce identity and customer identity but we haven't even begun to talk about how we might play in consumer right one of the one of the biggest perk matter is consumers and consumers protecting their own identity so often an employee is not using their identity to lock the seals ports and you have an attack on a company and offered an employee actually logging into their Gmail their personal Gmail or their personal or some personal website that bank and they get and their credential get compromised in their fluency impossible so the more protective the more directly consumers the more we indirectly protect both enterprises from work from an employer as well as a customer perspective howdy we're an enterprise company so it doesn't mean that we are going to go direct to consumer there are ways to make employees more secure by what the director calls were so that's one the second thing is managing identities I think we've as the number of applications as the number of technologies are proliferate managing and an employee's life cycle who that governing that the life cycle is not administering etc is also fully stock also becoming very very challenging it was all well and good we'll never can ask and you were on that that's not true anymore an average company uses I think close to 200 applications and then if you broaden back to other resources like infrastructure there's a lot lock more so how do you actually build automated systems that based on the employee status based on their rule based on the project they're on provides them the right access for the right amount of time the third thing you mentioned is and you should pass on this initially but this is the there's this concept of zero security right and the perimeters disappeared how do you provide security so if you look at the industry at large today there are tons of different security vendors trying to provide security at each point if you talk to any see-saw out there it's really really hard to cobble all of this together and one of the things we were trying to do is we're trying to figure out how with our partners we can build a silly end-to-end solution for n - n zero trust for our customers so that's that's another area that the of the product portfolio we're pushing and then finally with the whole digital transformation and customer identity yes more and more companies want their customers to go back online yes more and more customers convenience of being able to interact online with Billy if you think about it the world has changed dramatically over the last three years with privacy laws with things like gdpr CCP etc how do you actually manage your customers obviously you actually manage their content how do you ensure that while you're using all this data from across these apps that we talked about here you and you're using for the first benefit how do you make sure that the minister private is secure and and how do you ensure your customers that's another major area that I think our customers are asking us for helping and so those are areas or so that you should be a big signature the next two to three years some of it will be through partnership that's generally that high-level directions we're headed in wealthy you so much for coming on the key on the key and sharing the product roadmap and some other details about the great company really interested in watching its continued ascendancy good luck in the marketplace and thank you for watching everybody this is Dave Villante you conversations we'll see you next time [Music]

>> From "theCUBE" studios in Palo Alto in Boston, bringing you data-driven insights from "theCUBE" in ETR. This is breaking analysis with Dave Vellante. >> Chief Information Security Officer's site trust, is the number one value attribute, they can deliver to their organizations. And when it comes to security, identity is the new attack surface. As such identity and access management, continue to be the top priority among technology decision makers. It also happens to be one of the most challenging and complicated areas of the cybersecurity landscape. Okta, a leader in the identity space has announced its intent to converge privileged access and Identity Governance in an effort to simplify the landscape and re-imagine identity. Our research shows that interest in this type of consolidation is very high, but organizations believe technical debt, compatibility issues, expense and lack of talent are barriers to reaching cyber nirvana, with their evolving Zero-Trust networks. Hello and welcome to this week's Wikibon CUBE insights, powered by ETR. In this breaking analysis, we'll explore the complex and evolving world of identity access and privileged account management, with an assessment of Okta's market expansion aspirations and fresh data from ETR, and input from my colleague Eric Bradley. Let's start by exploring identity and why it's fundamental to digital transformations. Look the pandemic accelerated digital and digital raises the stakes in cybersecurity. We've covered this extensively, but today we're going to drill into identity, which is one of the hardest nuts to crack in security. If hackers can steal someone's identity, they can penetrate networks. If that someone has privileged access to databases, financial information, HR systems, transaction systems, the backup corpus, well. You get the point. There are many bespoke tools to support a comprehensive identity access management and privilege access system. Single sign-on, identity aggregation, de-duplication of identities, identity creation, the governance of those identities, group management. Many of these tools are open source. So you have lots of vendors, lots of different systems, and often many dashboards. Practitioners tell us that it's the paper cuts that kill them, patches that aren't applied, open ports, orphan profiles that aren't disabled. They'd love to have a single dashboard, but it's often not practical for large organizations because of the bespoke nature of the tooling and the skills required to manage them. Now, adding to this complexity, many organizations have different identity systems for privileged accounts, the general employee population and customer identity. For example, around 50 percent of ETR respondents in a recent survey use different systems for workforce identity and consumer identity. Now this is often done because the consumer identity is a totally different journey. The consumer is out in the wild and takes an unknown, nonlinear path and then enters the known space inside a brand's domain. The employee identity journey is known throughout. You go onboarding, to increasing responsibilities and more access to off-boarding. Privileged access may even have different attributes, does usually like no email and, or no shared credentials. And we haven't even touched on the other identity consumers in the ecosystem like selling partners, suppliers, machines, etcetera. Like I said, it's complicated and meeting the needs of auditors is stressful and expensive for CSOs. Open chest wounds, such as sloppy histories of privileged access approvals, obvious role conflicts, missing data, inconsistent application of policy and the list goes on. The expense of securing digital operations goes well beyond the software and hardware acquisition costs. So there's a real need and often desire, to converge these systems. But technical debt makes it difficult. Companies have spent a lot of time, effort and money on their identity systems and they can't just rip and replace. So they often build by integrating piece parts or they add on to their Quasi-integrated monolithic systems. And then there's the whole Zero-Trust concept. It means a lot of different things to a lot of different people, but folks are asking if I have Zero-Trust, does it eliminate the need for identity? And what does that mean for my architecture, going forward. So, let's take a snapshot of some of the key players in identity and PAM, Privileged Access Management. This is an X-Y graph that we always like to show. It shows the net score or spending velocity, spending momentum on the vertical axis and market share or presence in the ETR dataset on the horizontal axis. It's not like revenue market share. It's just, it's mentioned market share if you will. So it's really presence in the dataset. Now, note the chart insert, the table, which shows the actual data for Net Score and Shared In, which informs the position of the dot. The red dotted line there, it indicates an elevated level. Anything over 40 percent that mark, we consider the strongest spending velocity. Now within this subset of vendors that we've chosen, where we've tried to identify some, most of them are pure plays, in this identity space. You can see there are six above that 40 percent mark including Zscaler, which tops the charts, Okta, which has been at or near the top for several quarters. There's an argument by the way, to be made that Okta and Zscaler are on a collision course as Okta expands it's TAM, but let's just park that thought for a moment. You can see Microsoft with a highly elevated spending score and a massive presence on the horizontal axis, CyberArk and SailPoint, which Okta is now aiming to disrupt and Auth zero, which Okta officially acquired in may of this year, more on that later now. Now, below that 40 percent mark you can see Cisco, which is largely acquired companies in order to build its security portfolio. For example, Duo which focuses on access and multi-factor authentication. Now, word of caution, Cisco and Microsoft in particular are overstated because, this includes their entire portfolio of security products, whereas the others are more closely aligned as pure plays in identity and privileged access. ThycotyicCentrify is pretty close to that 40 percent mark and came about as a result of the two companies merging in April of this year. More evidence of consolidation in this space, BeyondTrust is close to the red line as well, which is really interesting because this is a company whose roots go back to the VAX VMS days, which many of you don't even know what a VAX VMS is in the mid 1980s. It was the mini computer standard and the company has evolved to provide more modern PAM solutions. Ping Identity is also notable in that, it essentially emerged after the dot com bust in the early 2000s as an identity solution provider for single sign-on, SSO and multifactor authentication, MFA solutions. In IPO'd in the second half of 2019, just prior to the pandemic. It's got a $2 billion market cap-down from its highs of around $3 billion earlier this year and last summer. And like many of the remote work stocks, they bounced around, as the reopening trade and lofty valuations have weighed on many of these names, including Okta and SailPoint. Although CyberArk, actually acted well after its August 12th earnings call as its revenue growth about doubled year on year. So hot space and a big theme this year is around Okta's acquisition of Auth zero and its announcement at Oktane 2021, where it entered the PAM market and announced its thrust to converge its platform around PAM and Identity Governance and administration. Now I spoke earlier this week with Diya Jolly, who's the Chief Product Officer at Okta and I'll share some of her thoughts later in this segment. But first let's look at some of the ETR data from a recent drill down study that our friends over there conducted. This data is from a drill down that was conducted early this summer, asking organizations how important it is to have a single dashboard for access management, Identity Governance and privileged access. This goes directly to Okta strategy that it announced this year at it's Oktane user conference. Basically 80 percent of the respondents want this. So this is no surprise. Now let's stay on this theme of convergence. ETR asks security pros if they thought convergence between access management and Identity Governance would occur within the next three years. And as you can see, 89% believe this is going to happen. They either strongly agree, agree, or somewhat agree. I mean, it's almost as though the CSOs are willing this to occur. And this seemingly bodes well for Okta, which in April announced its intent to converge PAM and IGA. Okta's Diya jolly stressed to me that this move was in response to customer demand. And this chart confirms that, but there's a deeper analysis worth exploring. Traditional tools of identity, single sign-on SSO and multi-factor authentication MFA, they're being commoditized. And the most obvious example of this is OAuth or Open Authorization. You know, log in with Twitter, Google, LinkedIn, Amazon, Facebook. Now Okta currently has around a $35 billion market cap as of today, off from its highs, which were well over 40 billion earlier this year. Okta stated, previously stated, total addressable market was around 55 billion. So CEO, Todd McKinnon had to initiate a TAM expansion play, which is the job of any CEO, right? Now, this move does that. It increases the company's TAM by probably around $20 to $30 billion in our view. Moreover, the number one criticism of Okta is, "Your price is too high." That's a good problem to have I say. Regardless, Okta has to think about adding more value to its customers and prospects, and this move both expands its TAM and supports its longer-term vision to enable a secure user-controlled ubiquitous, digital identity, supporting federated users and data within a centralized system. Now, the other thing Jolly stressed to me is that Okta is heavily focused on the user experience, making it simple and consumer grade easy. At Oktane 21, she gave a keynote laying out the company's vision. It was a compelling presentation designed to show how complex the problem is and how Okta plans to simplify the experience for end users, service providers, brands, and the overall technical community across the ecosystem. But look, there are a lot of challenges, the company faces to pull this off. So let's dig into that a little bit. Zero-Trust has been the buzz word and it's a direction, the industry is moving towards, although there are skeptics. Zero-Trust today is aspirational. It essentially says you don't trust any user or device. And the system can ensure the right people or machines, have the proper level of access to the resources they need all the time, with a fantastic user experience. So you can see why I call this nirvana earlier. In previous breaking analysis segments, we've laid out a map for protecting your digital identity, your passwords, your crypto wallets, how to create Air Gaps. It's a bloody mess. So ETR asked security pros if they thought a hybrid of access management and Zero-Trust network could replace their PAM systems, because if you can achieve Zero-Trust in a world with no shared credentials and real-time access, a direction which Diya jolly clearly told me Okta is headed, then in theory, you can eliminate the need for Privileged Access Management. Another way of looking at this is, you do for every user what you do for PAM users. And that's how you achieve Zero-Trust. But you can see from this picture that there's more uncertainty here with nearly 50 percent of the sample, not in agreement that this is achievable. Practitioners in Eric Bradley's round tables tell us that you'll still need the PAM system to do things, like session auditing and credential checkouts and other things. But much of the PAM functionality could be handled by this Zero-Trust environment we believe. ETR then asks the security pros, how difficult it would be to replace their PAM systems. And this is where it gets interesting. You can see by this picture. The enthusiasm wanes quite a bit when the practitioners have to think about the challenges associated with replacing Privileged Access Management Systems with a new hybrid. Only 20 percent of the respondents see this as, something that is easy to do, likely because they are smaller and don't have a ton of technical debt. So the question and the obvious question is why? What are the difficulties and challenges of replacing these systems? Here's a diagram that shows the blockers. 53 percent say gaps in capabilities. 26 percent say there's no clear ROI. IE too expensive and 11 percent interestingly said, they want to stay with best of breed solutions. Presumably handling much of the integration of the bespoke capabilities on their own. Now speaking with our Eric Bradley, he shared that there's concern about "rip and replace" and the ability to justify that internally. There's also a significant buildup in technical debt, as we talked about earlier. One CSO on an Eric Bradley ETR insights panel explained that the big challenge Okta will face here, is the inertia of entrenched systems from the likes of SailPoint, Thycotic and others. Specifically, these companies have more mature stacks and have built in connectors to legacy systems over many years and processes are wired to these systems and would be very difficult to change with skill sets aligned as well. One practitioner told us that he went with SailPoint almost exclusively because of their ability to interface with SAP. Further, he said that he believed, Okta would be great at connecting to other cloud API enabled systems. There's a large market of legacy systems for which Okta would have to build custom integrations and that would be expensive and would require a lot of engineering. Another practitioner said, "We're not implementing Okta, but we strongly considered it." The reason they didn't go with was the company had a lot of on-prem legacy apps and so they went with Microsoft Identity Manager, but that didn't meet the grade because the user experience was subpar. So they're still searching for a solution that can be good at both cloud and on-prem. Now, a third CSO said, quote, " I've spent a lot of money, writing custom connectors to SailPoint", and he's stressed a lot of money, he said that several times. "So, who was going to write those custom connectors for me? Will Okta do it for free? I just don't see that happening", end quote. Further, this individual said, quote, "It's just not going to be an easy switch. And to be clear, SailPoint is not our PAM solution. That's why we're looking at CyberArk." So the complexity that, unquote. So the complexity and fragmentation continues. And personally I see this as a positive trend for Okta, if it can converge these capabilities. Now I pressed Okta's Diya Jolly on these challenges and the difficulties of replacing them over to our stacks of the competitors. She fully admitted, this was a real issue But her answer was that Okta is betting on the future of microservices and cloud disruption. Her premise is that Okta's platform is better suited for this new application environment, and they're essentially betting on organizations modernizing their application portfolios and Okta believes that it will be ultimately a tailwind for the company. Now let's look at the age old question of best of breed versus incumbent slash integrated suite. ETR and it's drilled down study ask customers, when thinking about identity and access management solutions, do you prefer best of breed and incumbent that you're already using or the most cost efficient solution? The respondents were asked to force rank one, two and three, and you can see, incumbent just edged out best in breed with a 2.2 score versus a 2.1, with the most cost-effective choice at 1.7. Now, overall, I would say, this is good news for Okta. Yes, they faced the issues that we brought up earlier but as digital transformations lead to modernizing much of the application portfolio with container and microservices, Okta will be in a position, assuming it continues to innovate, to pick up much of this business. And to the point earlier, where the CSO told us they're going to use both SailPoint and CyberArk. When ETR asked practitioners which vendors are in the best position to benefit from Zero-Trust, the Zero-Trust trend, the answers were not surprisingly all over the place. Lots of Okta came up. Zscaler came up a lot too, hmm. There's that collision course. But plenty of SailPoint, Palo Alto, Microsoft, Netskope, Dichotic, Centrify, Cisco, all over the map. So now let's look specifically at how practitioners are thinking about Okta's latest announcements. This chart shows the results of the question. Are you planning to evaluate Okta's recently announced Identity Governance and PAM offerings? 45 to nearly 50 percent of the respondents either were already using or plan to evaluate, with just around 40 percent saying they had no plans to evaluate. So again, this is positive news for Okta in our view. The huge portion of the market is going to take a look at what Okta's doing. Combined with the underlying trends that we shared earlier related to the need for convergence, this is good news for the company. Now, even if the blockers are too severe to overcome, Okta will be on the radar and is on the radar as you can see from this data. And as with the Microsoft MIM example, the company will be seen as increasingly strategic, Okta that is, and could get another bite at the apple. Moreover, Okta's acquisition of Auth zero is strategically important. One of the other things Jolly told me is they see initiative starting both from devs and then hand it over to IT to implement, and then the reverse where IT may be the starting point and then go to devs to productize the effort. The Auth zero acquisition gives Okta plays in both games, because as we've reported earlier, Okta wasn't strong with the devs, Auth zero that was their wheelhouse. Now Okta has both. Now on the one hand, when you talk to practitioners, they're excited about the joint capabilities and the gaps that Auth zero fills. On the other hand, it takes out one of Okta's main competitors and customers like competition. So I guess I look at it this way. Many enterprises will spend more money to save time. And that's where Okta has traditionally been strong. Premium pricing but there's clear value, in that it's easier, less resources required, skillsets are scarce. So boom, good fit. Other enterprises look at the price tag of an Okta and, they actually have internal development capabilities. So they prefer to spend engineering time to save money. That's where Auth zero has seen its momentum. Now Todd McKinnon and company, they can have it both ways because of that acquisition. If the price of Okta classic is too high, here's a lower cost solution with Auth zero that can save you money if you have the developer talent and the time. It's a compelling advantage, that's unique. Okay, let's wrap. The road to Zero-Trust networks is long and arduous. The goal is to understand, support and enable access for different roles, safely and securely, across an ecosystem of consumers, employees, partners, suppliers, all the consumers, (laughs softly) of your touch points to your security system. You've got to simplify the user experience. Today's kluge of password, password management, security exposures, just not going to cut it in the digital future. Supporting users in a decentralized, no-moat world, the queen has left her castle, as I often say is compulsory. But you must have federated governance. And there's always going to be room for specialists in this space. Especially for industry specific solutions for instance, within healthcare, education, government, etcetera. Hybrids are the reality for companies that have any on-prem legacy apps. Now Okta has put itself in a leadership position, but it's not alone. Complexity and fragmentation will likely remain. This is a highly competitive market with lots of barriers to entry, which is both good and bad for Okta. On the one hand, unseating incumbents will not be easy. On the other hand, Okta is both scaling and growing rapidly, revenues are growing almost 50% per annum and with it's convergence agenda and Auth zero, it can build a nice moat to its business and keep others out. Okay, that's it for now. Remember, these episodes are all available as podcasts, wherever you listen, just search braking analysis podcast, and please subscribe. Thanks to my colleague, Eric Bradley, and our friends over at ETR. Check out ETR website at "etr.plus" for all the data and all the survey action. We also publish a full report every week on "wikibon.com" and "siliconangle.com". So make sure you check that out and browse the breaking analysis collection. There are nearly a hundred of these episodes on a variety of topics, all available free of charge. Get in touch with me. You can email me at "david.vellante@siliconangle.com" or "@dvellante" on Twitter. Comment on our LinkedIn posts. This is Dave Vellante for "theCUBE" insights powered by ETR. Have a great week everybody. Stay safe, be well And we'll see you next time. (upbeat music)

from the cube studios in palo alto in boston bringing you data-driven insights from the cube and etr this is breaking analysis with dave vellante the pandemic not only accelerated the shift to digital but also highlighted a rush of cyber criminal sophistication collaboration and chaotic responses by virtually every major company in the planet the solar winds hack exposed supply chain weaknesses and so-called island hopping techniques that are exceedingly difficult to detect moreover the will and aggressiveness of well-organized cyber criminals has elevated to the point where incident responses are now met with counterattacks designed to both punish and extract money from victims via ransomware and other criminal activities the only upshot is the cyber security market remains one of the most enduring and attractive investment sectors for those that can figure out where the market is headed and which firms are best positioned to capitalize hello everyone and welcome to this week's wikibon cube insights powered by etr in this breaking analysis we'll provide our quarterly update of the security industry and share new survey data from etr and thecube community that will help you navigate through the maze of corporate cyber warfare we'll also share our thoughts on the game of 3d chest that octa ceo todd mckinnon is playing against the market now we all know this market is complicated fragmented and fast moving and this next chart says it all it's an interactive graphic from optiv a denver colorado based si that's focused on cyber security they've done some really excellent research and put together this awesome taxonomy and mapped vendor names therein and this helps users navigate the complex security landscape and there are over a dozen major sectors high-level sectors within the security taxonomy in nearly 60 sub-sectors from monitoring vulnerability assessment identity asset management firewalls automation cloud data center sim threat detection and intelligent endpoint network and so on and so on and so on but this is a terrific resource and can help you understand where players fit and help you connect the dots in the space now let's talk about what's going on in the market the dynamics in this crazy mess of a landscape are really confusing sometimes now since the beginning of cyber time we've talked about the increasing sophistication of the adversary and the back and forth escalation between good and evil and unfortunately this trend is unlikely to stop here's some data from carbon black's annual modern bank heist report this is the fourth and of course now vmware's brand highlights the carbon black study since the acquisition and it catalyzed the creation of vmware's cloud security division destructive malware attacks according to the recent study are up 118 percent from last year now one major takeaway from the report is that hackers aren't just conducting wire fraud they are 57 of the bank surveyed saw an increase in wire fraud but the cyber criminals are also targeting non-public information such as future trading strategies this allows the bad guys to front run large block trades and profit it's become very lucrative practice now the prevalence of so-called island hopping is up 38 from already elevated levels this is where a virus enters a company's supply chain via a partner and then often connects with other stealthy malware downstream these techniques are more common where the malware will actually self-form with other infected parts of the supply chain and create actions with different signatures designed to identify and exfiltrate valuable information it's a really complex problem of major concern is that 63 of banking respondents in the study reported that responses to incidents were then met with retaliation designed to intimidate or initiate ransomware attacks to extract a final pound of flesh from the victim notably the study found that 75 percent of csos reported to the cio which many feel is not the right regime the study called for a rethinking of the right cyber regime where the cso has increased responsibility in a direct reporting line to the ceo or perhaps the co with greater exposure to boards of directors so many thanks to vmware and tom kellerman specifically for sharing this information with us this past week great work by your team now some of the themes that we've been talking about for several quarters are shown in the lower half of the chart cloud of course is the big driver thanks to work from home and the pandemic to pandemic and the interesting corollary of course is we see a rapid rethinking of endpoint and identity access management and the concept of zero trust in a recent esg survey two-thirds of respondents said that their use of cloud computing necessitated a change in how they approach identity access management now as shown in the chart from optiv the market remains highly fragmented and m a is of course way up now based on our research it looks like transaction volume has increased more than 40 percent just in the last five months so let's dig into the m a the merger and acquisition trends for just a moment we took a five month snapshot and we were able to count about 80 deals that were completed in that time frame those transactions represented more than 20 billion dollars in value some of the larger ones are highlighted here the biggest of course being the toma bravo taking proof point private for a 12 plus billion dollar price tag the stock went from the low 130s and is trading in the low 170s based on 176 dollar per share offer so there's your arbitrage folks go for it perhaps the more interesting acquisition was auth 0 by octa for 6.5 billion which we're going to talk about more in a moment there's more private equity action we saw as insight bought armis and iot security play and cisco shelled out 730 million dollars for imi mobile which is more of an adjacency to cyber but it's going to go under cisco's security and applications business run by g2 patel but these are just the tip of the iceberg some of the themes that we see connecting the dots of these acquisitions are first sis like accenture atos and wipro are making moves in cyber to go local they're buying secops expertise as i say locally in places like france germany netherlands canada and australia that last mile that belly-to-belly intimate service israel israeli-based startups chalked up five acquired companies in the space over the last five months also financial services firms are getting into the act with goldman and mastercard making moves to own its own part of the stack themselves to combat things like fraud and identity theft and then finally numerous moves to expand markets octa with zero crowdstrike buying a log management company palo alto picking up devops expertise rapid seven shoring up its kubernetes chops tenable expanding beyond insights and going after identity interesting fortinet filling gaps in a multi-cloud offering sale point extending to governance risk and compliance grc zscaler picked up an israeli firm to fill gaps in access control and then vmware buying mesh 7 to secure modern app development and distribution services so tons and tons of activity here okay so let's look at some of the etr data to put the cyber market in context etr uses the concept of market share it's one of the key metrics which is a measure of pervasiveness in the data set so for each sector it calculates the number of respondents for that sector divided by the total to get a sense for how prominent the sector is within the cio and i.t buyer communities okay this chart shows the full etr sector taxonomy with security highlighted across three survey periods april last year january this year in april this year now you wouldn't expect big moves in market share over time so it's relatively stable by sector but the big takeaway comes from observing which sectors are most prominent so you see that red line that dotted line imposed at the sixty percent level you can see there are only six sectors above that line and cyber security is one of them okay so we know that security is important in a large market but this puts it in the context of the other sectors however we know from previous breaking analysis episodes that despite the importance of cyber and the urgency catalyzed by the pandemic budgets unfortunately are not unlimited and spending is bounded it's not an open checkbook for csos as shown in this chart this is a two-dimensional graphic showing market share in the horizontal axis or pervasiveness and net score in the vertical axis net score is etr's measurement of spending velocity and we've superimposed a red line at 40 percent because anything over 40 percent we consider extremely elevated we've filtered and limited the number of sectors to simplify the graphic and you can see in the sectors that we've highlighted only the big four four are above that forty percent line ai containers rpa and cloud they exceed that sort of forty percent magic water line information security you can see that is highlighted and it's respectable but it competes for budget with other important sectors so this of course creates challenges for organization because not only are they strapped for talent as we've reported they like everyone else in it face ongoing budget pressures research firm cybersecurity ventures estimates that in 2021 6 trillion dollars worldwide will be lost on cyber crime conversely research firm canalis pegs security spending somewhere around 60 billion dollars annually idc has it higher around 100 billion so either way we're talking about spending between one to one point six percent annually of how much the bad guys are taking out that's peanuts really when you consider the consequences so let's double click into the cyber landscape a bit and further look at some of the companies here's that same x y graphic with the company's etr captures from respondents in the cyber security sector that's what's shown on the chart here now the usefulness of the red lines is 20 percent on the horizontal indicates the largest presence in the survey and the magic 40 percent line that we talked about earlier shows those firms with the most elevated momentum only microsoft and palo alto exceed both high water marks of course splunk and cisco are prominent horizontally and there are numerous companies to the left of the 20 percent line and many above that 40 percent high water mark on the vertical axis now in the bottom left quadrant that includes many of the legacy names that have been around for a long time and there are dozens of companies that show spending momentum on their platforms i.e above single digits so that picture is like the first one we showed you very very crowded space but so let's filter it a bit and only include companies in the etr survey that had at least a hundred responses so an n of a hundred or greater so it's a little easy to read but still it's kind of crowded when you think about it okay so same graphic and we've superimposed the data that determined the plot position over in the bottom right there so it's net score and shared n including only companies with more than 100 n so what does this data tell us about the market well microsoft is dominant as always it seems in all dimensions but let's focus on that red line for a moment some of the names that we've highlighted over the past two years show very well here first i want to talk about palo alto networks pre-covet as you might recall we highlighted the valuation divergence between palo alto and fortinet and we said fortinet was executing better on its cloud strategy and palo alto was at the time struggling with the transition especially with its go to market and its sales force compensation and really refreshing its portfolio but we told you that we were bullish on palo alto networks at the time because of its track record and the fact that cios consistently told us that they saw palo alto as a thought leader in the space that they wanted to work with they said that palo alto was the gold standard the best especially larger company cisos so that gave us confidence that palo alto a very well-run company was going to get its act together and perform better and palo alto has just done just that as we expected they've done very well and they've been rapidly moving customers to the next generation of platforms and we're very impressed by the company's execution and the stock has generally reflected that now some other names that hit our radar and the etr data a couple of years ago continue to perform well crowdstrike z-scaler sales sail point and cloudflare a cloudflare just reported and beat earnings but was off the stock fell on headwinds for tech overall the big rotation but the company is doing very well and they're growing rapidly and they have momentum as you can see from the etr data and we put that double star around proof point to highlight that it was worthy of fetching 12 and a half billion dollars from private equity firm so nice exit there supporting the continued control consolidation trend that we've predicted in cyber security now let's turn our attention to octa and auth zero this is where it gets interesting and is a clever play for octa we think and we want to drill into it a bit octa is acquiring auth zero for big money why well we think todd mckinnon octa ceo wants to run the table on identity and then continue to expand his tam he has to do that to justify his lofty valuation so octa's ascendancy around identity and single sign sign-on is notable the fragmented pictures that we've shown you they scream out for simplification and trust and that's what octa brings but it competes with some major players most notably microsoft with active directory so look of course microsoft is going to dominate in its massive customer base but the rest of the market that's like jump ball it's wide open and we think mckinnon saw the opportunity to go dominate that sector now octa comes at this from an enterprise perspective bringing top-down trust to the equation and throwing a big blanket over all the discrete sas platforms and unifying employee access octa's timing was perfect it was founded in 2009 just as the massive sasification trend was happening around crm and hr and service management and cloud etc but the one thing that octa didn't have that auth 0 does is serious developer chops while octa was crushing it with its enterprise sales strategy auth 0 was laser focused on developers and building a bottoms up approach to identity by acquiring auth0 octa can dominate both sides of the barbell and then capture the fat middle so yes it's a pricey acquisition but in our view it's a great move by mckinnon now i don't know mckinnon personally but last week i spoke to arun shrestha who's the ceo of security specialist beyond id they're a platinum services partner of octa and there a zero trust expert he worked for octa for a number of years and shared with me a bit about mckinnon's style and think big approach arun said something that caught my attention he said firewalls used to be the perimeter now people are and while that's self-serving to octa and probably beyond id it's true people apps and data are the new perimeter and they're not in one location and that's the point now unfortunately i had lined up an interview with dia jolly who was the chief product officer at octa in a cube alum for this past week knowing that we were running this segment in this episode but she unfortunately fell ill the day of our interview and had to cancel but i want to follow up with her and understand how she's thinking about connecting the dots with auth 0 with devs and enterprises and really test our thesis there this is a really interesting chess match that's going on let's look a little deeper into that identity space this chart here shows some of the major identity players it has some of the leaders in the identity market and there's a breakdown of etr's net score now net score comprises five elements the lime green is we're adding the platform new the forest green is we're spending six percent or more relative to last year the gray is flat send plus or minus flat spend plus or minus five percent the pinkish is spending less and the bright red is where exiting the platform retiring now you subtract the red from the green and that gets you the result for net score which you can see superimposed on the right hand chart at the bottom that first column there the far column is shared in which informs and indicates the number of responses and is a proxy for presence in the market oh look at the top two players in terms of spending momentum now sales sale point is right there but auth 0 combined with octa's distribution channel will extend octa's lead significantly in our view and then there's microsoft now just a caveat this includes all of microsoft's security offerings not just identity but it's there for context and cyber arc as well includes its acquisition of adaptive but also other parts of cyberarks portfolio so you can see some of the other names that are there many of which you'll find in the gartner magic quadrant for identity and as we said we really like this move by octa it combines positive market forces with lead offerings from very well-run companies that have winning dna and passionate people now to further emphasize emphasize what what's happening here take a look at this this chart shows etr data for octa within sale point and cyber arc accounts out of the 230 cyber and sale point customers in the data set there are 81 octa accounts that's a 35 overlap and the good news for octa is that within that base of sale point in cyber arc accounts octa is shown by the net score line that green line has a very elevated spending and momentum and the kicker is if you read the fine print in the right hand column etr correctly points out that while sailpoint and cyberarc have long been partners with octa at the recent octane 21 event octa's big customer event the company announced that it was expanding into privileged access management pam and identity governance hello and welcome to coopetition in the 2020s now our current thinking is that this bodes very well for octa and cyberark and sailpoint well they're going to have to make some counter moves to fend off the onslaught that is coming now let's wrap up with what has become a tradition in our quarterly security updates looking at those two dimensions of net score and market share we're going to see which companies crack the top 10 for both measures within the etr data set we do this every quarter so here on the left we have the top 20 sorted by net score or spending momentum and on the right we sort by shared n so again top 20 which informs shared end and forms the market share metric or presence in the data set that red horizontal lines those two lines on each separate the top 10 from the remaining 10 within those top 20. in our method what we do is we assign four stars to those companies that crack the top ten for both metrics so again you see microsoft palo alto networks octa crowdstrike and fortinet fortinet by the way didn't make it last quarter they've kind of been in and out and on the bubble but you know this company is very strong and doing quite well only the other four did last quarter there was same four last quarter and we give two stars to those companies that make it in both categories within the top 20 but didn't make the top 10. so cisco splunk which has been steadily decelerating from a spending momentum standpoint and z-scaler which is just on the cusp you know we really like z-scaler and the company has great momentum but that's the methodology it is what it is now you can see we kept carbon black on the rightmost chart it's like kind of cut off it's number 21 only because they're just outside looking in on netscore you see them there they're just below on on netscore number 11. and vmware's presence in the market we think that carbon black is really worth paying attention to okay so we're going to close with some summary and final thoughts last quarter we did a deeper dive on the solar winds hack and we think the ramifications are significant it has set the stage for a new era of escalation and adversary sophistication now major change we see is a heightened awareness that when you find intruders you'd better think very carefully about your next moves when someone breaks into your house if the dog barks or if you come down with a baseball bat or other weapon you might think the intruder is going to flee but if the criminal badly wants what you have in your house and it's valuable enough you might find yourself in a bloody knife fight or worse what's happening is intruders come to your company via island hopping or inside or subterfuge or whatever method and they'll live off the land stealthily using your own tools against you so they can you can't find them so easily so instead of injecting new tools in that send off an alert they just use what you already have there that's what's called living off the land they'll steal sensitive data for example positive covid test results when that was really really sensitive obviously still is or other medical data and when you retaliate they will double extort you they'll encrypt your data and hold it for ransom and at the same time threaten to release the sensitive information to crushing your brand in the process so your response must be as stealthy as their intrusion as you marshal your resources and devise an attack plan you face serious headwinds not only is this a complicated situation there's your ongoing and acute talent shortage that you tell us about all the time many companies are mired in technical debt that's an additional challenge and then you've got to balance the running of the business while actually affecting a digital transformation that's very very difficult and it's risky because the more digital you become the more exposed you are so this idea of zero trust people used to call it a buzzword it's now a mandate along with automation because you just can't throw labor at the problem this is all good news for investors as cyber remains a market that's ripe for valuation increases and m a activity especially if you know where to look hopefully we've helped you squint through the maze a little bit okay that's it for now thanks to the community for your comments and insights remember i publish each week on wikibon.com and siliconangle.com these episodes they're all available as podcasts all you do is search breaking analysis podcast put in the headphones listen when you're in your car out for your walk or run and you can always connect on twitter at divalante or email me at david.valante at siliconangle.com i appreciate the comments on linkedin and in clubhouse please follow me so you're notified when we start a room and riff on these topics and others and don't forget to check out etr.plus for all the survey data this is dave vellante for the cube insights powered by etr be well and we'll see you next time [Music] you

>> From The Cube Studios in Palo Alto in Boston, bringing you data-driven insights from The Cube in ETR. This is "Breaking Analysis" with Dave Vellante >> The pandemic not only accelerated the shift to digital but it also highlighted a rush of cyber criminal sophistication, collaboration, and chaotic responses by virtually every major company in the planet. The SolarWinds hack exposed supply chain weaknesses and so-called island hopping techniques that are exceedingly difficult to detect. Moreover, the will and aggressiveness of well-organized cybercriminals has elevated to the point where incident responses are now met with counter attacks, designed to both punish and extract money from victims via ransomware and other criminal activities. The only upshot is the cybersecurity market remains one of the most enduring and attractive investment sectors for those that can figure out where the market is headed and which firms are best positioned to capitalize. Hello, everyone. And welcome to this week's Wikibon Cube Insights powered by ETR. In this "Breaking Analysis" we'll provide our quarterly update of the security industry, and share new survey data from ETR and the Cube community that will help you navigate through the maze of corporate cyber warfare. We'll also share our thoughts on the game of 3D chess that Okta CEO, Todd McKinnon, is playing against the market. Now, we all know this market is complicated, fragmented and fast moving. And this next chart says it all. It's an interactive graphic from Optiv, a Denver, Colorado-based SI that's focused on cybersecurity. They've done some really excellent research and put together this awesome taxonomy, and it mapped vendor names therein. And this helps users navigate the complex security landscape. And there are over a dozen major sectors, high-level sectors within the security taxonomy and nearly 60 subsectors. From monitoring, vulnerability assessment, identity, asset management, firewalls, automation, cloud, data center, sim, threat detection and intelligent endpoint network, and so on and so on and so on. But this is a terrific resource, and going to help you understand where players fit and help you connect the dots in the space. Now let's talk about what's going on in the market. The dynamics in this crazy mess of a landscape are really confusing sometimes. Now, since the beginning of cyber time, we've talked about the increasing sophistication of the adversary, and the back and forth escalation between good and evil. And unfortunately, this trend is unlikely to stop. Here's some data from Carbon Black's annual modern bank heist report. This is the fourth, and of course now, VMware's brand, highlights the Carbon Black study since the acquisition, and to catalyze the creation of VMware's cloud security division. Destructive malware attacks, according to the recent study are up 118% from last year. Now, one major takeaway from the report is that hackers aren't just conducting wire fraud, they are. 57% of the banks surveyed, saw an increase in wire fraud, but the cybercriminals are also targeting non-public information such as future trading strategies. This allows the bad guys to front-run large block trades and profit. It's become a very lucrative practice. Now the prevalence of so-called island hopping is up 38% from already elevated levels. This is where a virus enters a company supply chain via a partner, and then often connects with other stealthy malware downstream. These techniques are more common where the malware will actually self-form with other infected parts of the supply chain and create actions with different signatures, designed to identify and exfiltrate valuable information. It's a really complex problem. Of major concern is that 63% of banking respondents in the study reported that responses to incidents were then met with retaliation designed to intimidate, or initiate ransomware tax to extract a final pound of flesh from the victim. Notably, the study found that 75% of CISOs reported to the CIO, which many feel is not the right regime. The study called for a rethinking of the right cyber regime where the CISO has increased responsibility and a direct reporting line to the CEO, or perhaps the COO, with greater exposure to boards of directors. So, many thanks to VMware and Tom Kellerman specifically for sharing this information with us this past week. Great work by your team. Now, some of the themes that we've been talking about for several quarters are shown in the lower half of the chart. Cloud, of course is the big driver thanks to work-from-home and to the pandemic. And the interesting corollary of course, is we see a rapid rethinking of end point and identity access management, and the concept of zero trust. In a recent ESG survey, two thirds of respondents said that their use of cloud computing necessitated a change in how they approach identity access management. Now, as shown in the chart from Optiv, the market remains highly fragmented, and M&A is of course, way up. Now, based on our research, it looks like transaction volume has increased more than 40% just in the last five months. So let's dig into the M&A, the merger and acquisition trends for just a moment. We took a five-month snapshot and we were able to count about 80 deals that were completed in that timeframe. Those transactions represented more than $20 billion in value. Some of the larger ones are highlighted here. The biggest of course, being the Thoma Bravo, taking Proofpoint private for a $12 plus billion price tag. The stock went from the low 130s and is trading in the low 170s based on the $176 per share offer. So there's your arbitrage, folks. Go for it. Perhaps the more interesting acquisition was Auth0 by Optiv for 6.5 billion, which we're going to talk about more in a moment. There was more private equity action we saw as Insight bought Armis, an IOT security play, and Cisco shelled out $730 million for IMImobile, which is more of an adjacency to cyber, but it's going to go under Cisco security and applications business run by Jeetu Patel. But these are just the tip of the iceberg. Some of the themes that we see connecting the dots of these acquisitions are first, SIs like Accenture, Atos and Wipro are making moves in cyber to go local. They're buying SecOps expertise, as I say, locally in places like France, Germany, Netherlands, Canada, and Australia, that last mile, that belly to belly intimate service. Israeli-based startups chocked up five acquired companies in the space over the last five months. Also financial services firms are getting into the act with Goldman and MasterCard making moves to own its own part of the stack themselves to combat things like fraud and identity theft. And then finally, numerous moves to expand markets. Okta with Auth0, CrowdStrike buying a log management company, Palo Alto, picking up dev ops expertise, Rapid7 shoring up it's Coobernetti's chops, Tenable expanding beyond Insights and going after identity, interesting. Fortinet filling gaps in a multi-cloud offering. SailPoint extending to governance risk and compliance, GRC. Zscaler picked up an Israeli firm to fill gaps in access control. And then VMware buying Mesh7 to secure modern app development and distribution service. So tons and tons of activity here. Okay, so let's look at some of the ETR data to put the cyber market in context. ETR uses the concept of market share, it's one of the key metrics which is a measure of pervasiveness in the dataset. So for each sector, it calculates the number of respondents for that sector divided by the total to get a sense for how prominent the sector is within the CIO and IT buyer communities. Okay, this chart shows the full ETR sector taxonomy with security highlighted across three survey periods; April last year, January this year, and April this year. Now you wouldn't expect big moves in market share over time. So it's relatively stable by sector, but the big takeaway comes from observing which sectors are most prominent. So you see that red line, that dotted line imposed at the 60% level? You can see there are only six sectors above that line and cyber security is one of them. Okay, so we know that security is important in a large market. But this puts it in the context of the other sectors. However, we know from previous breaking analysis episodes that despite the importance of cyber, and the urgency catalyzed by the pandemic, budgets unfortunately are not unlimited, and spending is bounded. It's not an open checkbook for CSOs as shown in this chart. This is a two-dimensional graphic showing market share in the horizontal axis, or pervasiveness in net score in the vertical axis. Net score is ETR's measurement of spending velocity. And we've superimposed a red line at 40% because anything over 40%, we consider extremely elevated. We've filtered and limited the number of sectors to simplify the graphic. And you can see, in the sectors that we've highlighted, only the big four are above that 40% line; AI, containers, RPA, and cloud. They exceed that sort of 40% magic waterline. Information security, you can see that as highlighted and it's respectable, but it competes for budget with other important sectors. So this is of course creates challenges for organization, because not only are they strapped for talent as we've reported, they like everyone else in IT face ongoing budget pressures. Research firm, Cybersecurity Ventures estimates that in 2021, $6 trillion worldwide will be lost on cyber crime. Conversely, research firm, Cannolis peg security spending somewhere around $60 billion annually. IDC has at higher, around $100 billion. So either way, we're talking about spending between 1 to 1.6% annually of how much the bad guys are taking out. That's peanuts really when you consider the consequences. So let's double-click into the cyber landscape a bit and further look at some of the companies. Here's that same X/Y graphic with the companies ETR captures from respondents in the cybersecurity sector. That's what's shown on the chart here. Now, the usefulness of the red lines is 20% on the horizontal indicates the largest presence in the survey, and the magic 40% line that we talked about earlier shows those firms with the most elevated momentum. Only Microsoft and Palo Alto exceed both high watermarks. Of course, Splunk and Cisco are prominent horizontally. And there are numerous companies to the left of the 20% line and many above that 40% high watermark on the vertical axis. Now in the bottom left quadrant, that includes many of the legacy names that have been around for a long time. And there are dozens of companies that show spending momentum on their platforms, i.e above single digits. So that picture is like the first one we showed you, very, very crowded space. But so let's filter it a bit and only include companies in the ETR survey that had at least 100 responses. So an N of 100 or greater. So it was a little easier to read but still it's kind of crowded when you think about it. Okay, so same graphic, and we've superimposed the data that determined the plot position over in the bottom right there. So there's net score and shared in, including only companies with more than 100 N. So what does this data tell us about the market? Well, Microsoft is dominant as always, it seems in all dimensions but let's focus on that red line for a moment. Some of the names that we've highlighted over the past two years show very well here. First, I want to talk about Palo Alto Networks. Pre-COVID as you might recall, we highlighted the valuation divergence between Palo Alto and Fortinet. And we said Fortinet was executing better on its cloud strategy, and Palo Alto was at the time struggling with the transition especially with its go-to-market and its Salesforce compensation, and really refreshing its portfolio. But we told you that we were bullish on Palo Alto Networks at the time because of its track record, and the fact that CIOs consistently told us that they saw Palo Alto as a thought leader in the space that they wanted to work with. They said that Palo Alto was the gold standard, the best, especially larger company CISOs. So that gave us confidence that Palo Alto, a very well-run company was going to get its act together and perform better. And Palo Alto has just done just that. As we expected, they've done very well and rapidly moving customers to the next generation of platforms. And we're very impressed by the company's execution. And the stock has generally reflected that. Now, some other names that hit our radar in the ETR data a couple of years ago, continue to perform well. CrowdStrike, Zscaler, SailPoint, and CloudFlare. Now, CloudFlare just reported and beat earnings but was off, the stock fell on headwinds for tech overall, the big rotation. But the company is doing very well and they're growing rapidly and they have momentum as you can see from the ETR data. Now, we put that double star around Proofpoint to highlight that it was worthy of fetching $12.5 billion from private equity firm. So nice exit there, supporting the continued consolidation trend that we've predicted in cybersecurity. Now let's turn our attention to Okta and Auth0. This is where it gets interesting, and is a clever play for Okta we think, and we want to drill into it a bit. Okta is acquiring Auth0 for big money. Why? Well, we think Todd McKinnon, Okta CEO, wants to run the table on identity and then continue to expand as TAM has to do that, to justify his lofty valuation. So Okta's ascendancy around identity and single sign-on is notable. The fragmented pictures that we've shown you, they scream out for simplification and trust, and that's what Okta brings. But it competes with some major players, most notably Microsoft with active directory. So look, of course, Microsoft is going to dominate in its massive customer base, but the rest of the market, that's like (indistinct) wide open. And we think McKinnon saw the opportunity to go dominate that sector. Now Okta comes at this from an enterprise perspective bringing top-down trust to the equation, and throwing a big blanket over all the discreet SaaS platforms and unifying employee access. Okta's timing was perfect. It was founded in 2009, just as the massive SaaSifiation trend was happening around CRM and HR, and service management and cloud, et cetera. But the one thing that Okta didn't have that Auth0 does is serious developer chops. While Okta was crushing it with its enterprise sales strategy, Auth0 was laser-focused on developers and building a bottoms up approach to identity. By acquiring Auth0, Okta can dominate both sides of the barbell and then capture the fat middle. So yes, it's a pricey acquisition, but in our view, it's a great move by McKinnon. Now, I don't know McKinnon personally, but last week I spoke to Arun Shrestha, who's the CEO of security specialist, BeyondID, they're a platinum services partner of Okta. And they're a zero trust expert. He worked for Okta for a number of years and shared with me a bit about McKinnon's style, and think big approach. Arun said something that caught my attention. He said, firewalls used to be the perimeter, now people are. And while that's self-serving to Okta and probably BeyondID, it's true. People, apps and data are the new perimeter, and they're not in one location. And that's the point. Now, unfortunately, I had lined up an interview with Diya Jolly, who was the chief product officer at Okta and a Cube alum for this past week, knowing that we were running this segment in this episode but she unfortunately fell ill the day of our interview and had to cancel. But I want to follow up with her, and understand how she's thinking about connecting the dots with Auth0 with devs and enterprises and really test our thesis there. This is a really interesting chess match that's going on. Let's look a little deeper into that identity space. This chart here shows some of the major identity players. It has some of the leaders in the identity market, and is a breakdown at ETR's net score. Now net score comprises five elements. The lime green is, we're adding the platform new. The forest green is we're spending 6% or more relative to last year. The gray is flat send plus or minus flat spend, plus or minus 5%. The pinkish is spending less. And the bright red is we're exiting the platform, retiring. Now you subtract the red from the green, and that gets you the result for net score which you can see super-imposed on the right hand chart at the bottom, that first column there. The far column is shared in which informs and indicates the number of responses and is a proxy for presence in the market. Oh, look at the top two players in terms of spending momentum. Now SailPoint is right there, but Auth0 combined with Okta's distribution channel will extend Okta's lead significantly in our view. And then there's Microsoft. Now just a caveat, this includes all of Microsoft's security offerings, not just identity, but it's there for context. And CyberArk as well includes this acquisition of adaptive, but also other parts of CyberArk's portfolio. So you can see some of the other names that are there, many of which you'll find in the Gartner magic quadrant for identity. And as we said, we really like this move by Okta. It combines positive market forces with lead offerings from very well-run companies that have winning DNA and passionate people. Now, to further emphasize what's happening here, take a look at this. This chart shows ETR data for Okta within SailPoint and CyberArk accounts. Out of the 230 CyberArk and SailPoint customers in the dataset, there are 81 Okta accounts. That's a 35% overlap. And the good news for Okta is that within that base of SailPoint and CyberArk accounts, Okta is shown by the net score line, that green line has a very elevated spending in momentum. And the kicker is, if you read the fine print in the right hand column, ETR correctly points out that while SailPoint and CyberArk have long been partners with Okta, at the recent Octane21 event, Okta's big customer event, The company announced that it was expanding into privileged access management, PAM, and identity governance. Hello, and welcome to co-opetition in the 2020s. Now, our current thinking is that this bodes very well for Okta and CyberArk and SailPoint. Well, they're going to have to make some counter moves to fend off the onslaught that is coming. Now, let's wrap up with what has become a tradition in our quarterly security updates. Looking at those two dimensions of net score and market share, we're going to see which companies crack the top 10 for both measures within the ETR dataset. We do this every quarter. So here in the left, we have the top 20, sorted by net score spending momentum and on the right, we sort by shared N. So it's again, top 20, which informs, shared N informs the market share metric or presence in the dataset. That red horizontal lines, those two lines on each separate the top 10 from the remaining 10 within those top 20. And our method, what we do is we assign four stars to those companies that crack the top 10 for both metrics. So again, you see Microsoft, Palo Alto Networks, Okta, CrowdStrike, and Fortinet. Fortinet by the way, didn't make it last quarter. They've kind of been in and out and on the bubble, but company is very strong, and doing quite well. Only the other four did last quarter. They were the same for last quarter. And we give two stars to those companies that make it in both categories within the top 20 but didn't make the top 10. So Cisco, Splunk, which has been steadily decelerating from a spending momentum standpoint, and Zscaler, which is just on the cusp. We really like Zscaler and the company has great momentum, but that's the methodology. That is what it is. Now you can see, we kept Carbon Black on the right most chart, it's like kind of cut off, it's number 21. Only because they're just outside looking in on net score. You see them there, they're just below on net score, number 11. And VMware's presence in the market we think, that Carbon Black is right really worth paying attention to. Okay, so we're going to close with some summary and final thoughts. Last quarter, we did a deeper dive on the SolarWinds hack, and we think the ramifications are significant. It has set the stage for a new era of escalation and adversary sophistication. Now, major change we see is a heightened awareness that when you find intruders, you'd better think very carefully about your next moves. When someone breaks into your house, if the dog barks, or if you come down with a baseball bat or other weapon, you might think the intruder is going to flee. But if the criminal badly wants what you have in your house and it's valuable enough, you might find yourself in a bloody knife fight or worse. Well, what's happening is intruders come to your company via island hopping or insider subterfuge or whatever method. And they'll live off the land stealthily using your own tools against you so that you can't find them so easily. So instead of injecting new tools in that send off an alert, they just use what you already have there. That's what's called living off the land. They'll steal sensitive data, for example, positive COVID test results when that was really, really sensitive, obviously still is, or other medical data. And when you retaliate, they will double-extort you. They'll encrypt your data and hold it for ransom, and at the same time threaten to release the sensitive information, crushing your brand in the process. So your response must be as stealthy as their intrusion, as you marshal your resources and devise an attack plan. And you face serious headwinds. Not only is this a complicated situation, there's your ongoing and acute talent shortage that you tell us about all the time. Many companies are mired in technical debt, that's an additional challenge. And then you've got to balance the running of the business while actually effecting a digital transformation. That's very, very difficult, and it's risky because the more digital you become, the more exposed you are. So this idea of zero trust, people used to call it a buzzword, it's now a mandate along with automation. Because you just can't throw labor at the problem. This is all good news for investors as cyber remains a market that's ripe for valuation increases and M&A activity, especially if you know where to look. Hopefully we've helped you squint through the maze a little bit. Okay, that's it for now. Thanks to the community for your comments and insights. Remember I publish each week on wikibon.com and siliconangle.com. These episodes, they're all available as podcasts. All you got to do is search breaking analysis podcasts, put in the headphones, listen when you're in your car, or out for your walk or run, and you can always connect on Twitter @DVellante, or email me at david.vellante@siliconangle.com. I appreciate the comments on LinkedIn and in Clubhouse, please follow me, so you're notified when we start a room and riff on these topics and others. And don't forget to check out etr.plus for all the survey data. This is Dave Vellante for The Cube Insights powered by ETR. Be well, and we'll see you next time. (light instrumental music)