Choices in Cloud Security Providers: An art, not a science

Choices in Cloud Security Providers: An art, not a science

Cybersecurity and cyber warfare are fast becoming predominant concerns in the business world which is resulting in an opportunity for the Next Generation Firewall industry space to help ensure the security of their customers. Whereas in the recent past the market has been focused on consolidation and endpoint security, going forward firms will continue to focus on their move to the cloud. We also expect to see inevitable implications due to the increase in number of user devices (IOT), and automation playing a larger role in the management of these additional components. This article examines the Next Generation Firewall industry in detail including future areas of focus by some of the leading competitors.

Strategy over price

Delivery on strategy, rather than price, is currently the main driver of the cloud security industry. Decisions over choice of security stack involves the determination of best architecture for a customer and subsequently matching this strategy with an appropriate supplier. For example, if a company were to decide it prefers to deploy proxy servers to sit between end-user devices and an application, cloud security company Zscaler would be recommended over the leading global cybersecurity firm Palo Alto Networks. This is because Palo Alto has long believed that proxies have outlived their usefulness and practicality, joining a long list of legacy security products, while Zscaler vocally propounds the benefits of proxy-based architecture because they can inspect encrypted traffic, eliminate appliance cost, and scale to meet evolving traffic demands. The process of determining what solution is best for the end client, therefore, is more of an art than a science, and can only really be achieved on a customer-by-customer basis.

This ‘made-to-measure’ theme continues when we look across the landscape of security services offerings from the major cloud security competitors, as follows:

  • Platforms: Palo Alto has excelled in delivering overall platforms, answering client demands to keep things simple with a single platform offering rather than having to keep track of numerous different firewalls. Palo Alto continues to expand the functionality of their platform and has been successful in signing up clients for multi-year Enterprise License Agreements (ELAs). Having recently completed an acquisition spree, the company continues to innovate as can be seen in their new Prisma Access cloud and Cortex artificial intelligence (AI) offering.

Be that as it may, formidable competition is likely to arrive in the shape of Zscaler’s new partnership with CrowdStrike, which will offer a combined cloud security platform with real-time threat detection and automated policy enforcement across networks and endpoints.

  • Messaging: Cisco remains a formidable competitor in the messaging space, although some consider that the company is held back by its singular strategy of selling wholesale platform solutions – something not everyone is willing to sign up for.
  • Software-defined Wide Area Network (SD-WAN): Fortinet has led in SD-WAN technology for some time now, making the firm a hot topic of conversation. It has the advantage of offering a wide choice of products from its wireless product matrix and is considered very price competitive. In terms of overall take-up, however, Fortinet is nevertheless seen as coming in third behind Palo Alto and Zscaler.
  • Endpoint security: CrowdStrike has taken a lead in providing a best-of-breed, single cloud-based offering, and management service which assists those clients worried about ‘endpoint sprawl’ or the proliferation of devices communicating with the network. Similar to the scenario of proxy offerings as described above, the importance of endpoint security does vary depending on the perspective of each customer.
  • Cloud security: Cybersecurity is evolving from the relatively straightforward delivery of hard perimeters and remote-access VPN to the more complex aspect of having to deal with applications and users regardless of device and location. Palo Alto’s buy-out of RedLock in 2018 means it can now offer security across public cloud computing environments (including AWS, Azure and Google Cloud), a product which has proven to be immensely popular.

Whilst Zscaler is in a position to eventually gain an upper hand in this area as businesses move more towards ‘always-on’, web-based applications designed not to overburden the user solution, companies with older systems (for instance, banks with mainframe systems) are more likely to go with Palo Alto’s Prisma Access offering. This is because these older systems need only connect to Palo Alto’s network, rather than the more complicated necessity of having a ‘clean’ application in order to connect to Zscaler’s Private Access solution.

Jostling for position

Overall, the Next Generation Firewall space has much to offer the customer in terms of technology and innovation, yet it is clear that Palo Alto and Zscaler are leading the way in terms of competition. Whilst experts do not predict Zscaler will wholly replace Palo Alto’s huge data center firewall capability any time soon, they do think there is room for Zscaler to supply either smaller firewalls or retail applications. Palo Alto, on the other hand, will continue to insist that proxies not even be considered for future requirements. In the end, the customer will choose depending on what aspect of their security they consider most important to them. Not a science, therefore, but an art.

This call was hosted on January 10, 2020, under the title: “(CHKP, FTNT, PANW, ZS): Next-Gen Firewalls & Cloud Security – Winners, Losers & 2020 Outlook.”

You can request a replay & transcript of the Hosted Event discussed above, or any of our Hosted Events, by emailing [email protected].

Coleman Research Group, Inc. (“Coleman” or the “Firm”) sponsors events featuring a wide range of speakers (“Guest Speakers”). The opinions, estimates, projections, and views contained in this summary are those of, and exclusively sourced from, the Guest Speakers and are not reviewed or endorsed by the Guest Speakers.  In respect of this summary, Coleman makes no representation or warranty, express or implied, is not providing investment, legal, tax, financial, or accounting advice, and accepts no liability whatsoever. Coleman retains sole discretion as it relates to accessing this information by clients and prospective clients.