Frankly Speaking, 3/24/20 -- Recession-resistant Cybersecurity Companies
A weekly(-ish) newsletter on random thoughts in tech and research. I am an investor at Dell Technologies Capital and a recovering academic. I am interested in security, blockchain, and cloud infrastru
If you were forwarded this newsletter, you can subscribe here, and view old newsletters here.
I hope everyone is staying safe. It's been a crazy 2-3 weeks, and it feels like it's honestly been months. I'm getting used to working from home, which is a new experience especially since most of my life is so meeting-based. However, it has made me re-learn my WFH habits from my PhD days. It has also reminded me how much I miss my standing desk, so I went ahead and bought a Fully Jarvis.
Another common question people ask me is whether I'm busy or not. I feel like I'm busier and doing more than when I was commuting to an office in Palo Alto or SF. I think the lack of commuting has opened more time, and doing calls from one spot just has made everyone more efficient. Before, someone would have to travel to meet me or vice versa. Now, no one has to travel, so meetings are easier to schedule, but it has led to many more.
As a partner of a doctor, please make her life easier by staying home and practicing social distancing so that she can do her job better!
LET'S BE FRANK
Another question that people ask me is how cybersecurity companies are going to do with a large shift to work from home (WFH) and/or during a recession. I think this is a loaded question because the short answer is that great companies will continue to do well despite a recession regardless of whether they are in cybersecurity or not. The PhD side of me also likes to use a milder and more qualified term such as "resistant" instead of "proof", hence the usage of it in the title of the email. Nothing is really
However, I do think certain categories of cybersecurity companies are going to do well. I spent some time this week thinking about it, and I'm going to outline a few. My first thought was what changes during WFH and a recession. More specifically, what IT infrastructure changes happen? Changes in IT infrastructure typically result in changes in cybersecurity requirements. We've seen this recently with the public cloud, containers, Kubernetes, elimination of corporate perimeters, SaaS, etc. This goes without saying: Just because employees work from home and there is a recession, it doesn't mean attacks will slow down.
In the case of WFH, there will be more external or new endpoints. A lot of employees don't have powerful enough computers at home because they usually have a powerful desktop at work and just an iPad and/or iPhone for leisure internet use at home. With more endpoints accessing from outside the corporate network (if a company has one), a few areas become more important. There will be more focus on endpoint protection, so companies like Crowdstrike and VMware/Carbon Black will see an increase in use. Another area of focus will be on VPNs or SD-WANs to facilitate network access into a corporate network or allow for easier access to internal resources within the organization. Finally, IAM and PAM will become increasingly important because companies will need to grant more access to company resources from potentially newly provisioned assets.
With the recession coming, companies will need to focus on their business efficiency, especially around IT infrastructure. Someone asked me why are businesses considering the use of public cloud, Kubernetes, etc. It's very simple. Their competitors are using it, and it's helping their business. As a result, in a recession, exploratory projects that don't affect the bottom line will probably be delayed, but projects that do improve the bottom line will actually be accelerated. This means projects in public cloud, containers, and Kubernetes. Like all new technologies, risk and threat surfaces change, and with the technologies I mentioned, they will change too fast for security teams to keep up. These technologies are very developer-focused, so companies like Soluble (shameless plug) and Snyk will become more important. They will also be more capital efficient since they don't rely on expensive, capital-intensive enterprise sales teams.
These are just my initial thoughts. Let me know if there are any major categories that I'm potentially missing.