The Rise Of Decentralized Cybersecurity: Trends & Opportunities

To protect a perimeterless target, you need decentralized cybersecurity. This concept has inspired a huge wave of changes and new startups built for a post-firewall world.

Unfortunately, the shift to decentralized cybersecurity is worsening the talent gap in the sector. SignalFire’s research found that the skilled labor shortage is 35% worse in cybersecurity engineering than in software engineering overall. A review of millions of jobs and hundreds of thousands of job openings revealed that 8.5% of total cybersecurity engineering jobs are unfilled today, compared to only 6.3% for the entire software engineering field.

Luckily, the decentralization of security creates a rare opportunity for companies to rethink their approach from the ground up, as underscored by research from our data science team. SignalFire found that over 50% of Chief Information Security Officers have joined a new company since the start of the pandemic. With fresh thinking and the right tools, businesses can adapt quickly.

What is decentralized cybersecurity?

‍It’s defined as an integrated network of preventative and reactive defenses that guard targets no matter where they are, what they do, or who they interact with across endpoints in the cloud and on-prem.

This many-to-many security model is a necessity now that the pandemic has accelerated and normalized remote work. Permanent network perimeters that lack context will fade away in favor of infrastructure that grants the right person the right access to the right asset at the right time.

Over the past 30 years, cybersecurity has evolved to become progressively more decentralized:

• Phase 1: 1990s. One-to-one security model. Work from office via centrally managed on-prem apps. Optimal strategy: Vault, where nothing gets in or out.
• Phase 2: 2000s. One-to-many security model. Work from office via apps on-prem and virtualized servers. Optimal strategy: Gated fortress, where all entrants must be checked.
• Phase 3: 2010s. Some-to-many security model. Work from home or the road via apps on-prem or in the public cloud. Optimal strategy: Bunkers connected by fortified tunnels.
• Phase 4: 2020+. Many-to-many security model. Work from everywhere via apps everywhere. Optimal strategy: Zero trust architecture philosophy combined with highly integrated and dynamic gates. Bodyguards that travel with targets, monitoring all interactions

This shift demands a rethinking of the entire security ecosystem since solutions must now be agile and cooperative to provide continuous protection as settings and situations vary widely. While before, organizations sought rigid, distinct, best-in-class systems to handle one broad but stable scenario, now they need flexible, interoperable, specific solutions that can adapt to changing conditions.

Simply put, monolithic security solutions can’t win now that access has fragmented across the office, mobile, and home devices. The threat landscape evolves too quickly for single providers to protect every surface in every circumstance.

Instead, SignalFire sees cybersecurity specializing into attack surface-specific and industry vertical-specific solutions. Through a lens of cloud-native security, the sector will increasingly focus on automation and crowdsourcing to address the talent shortage while DevSecOps expands to cover the explosion in Open Source usage. Here are the biggest trends impacting decentralized cybersecurity today and tomorrow:

Decentralized Cybersecurity Trends

Identity starts from zero-trust in the mobile, cloud, work-from-home era

• The improvement of fraud detection, authentication, authorization, provisioning, and other related tools is critical to protecting companies and their data
• The sprawl of cloud applications and APIs has led there to be 45X more non-human identities than human identities, highlighting the need for comprehensive human and non-human identity security strategy
• The vision of a truly zero-trust network won’t be realized without innovative Identity and Access Management (IAM) solutions

The firewall is obsolete for a distributed workforce

• In a perimeterless landscape, we need zero-trust infrastructure that scrutinizes both who is connecting and what they’re connecting to
• Algorithms and black box ML are emerging as popular surfaces where hacks can change outcomes that are difficult to discern
• CIOs and CISOs aren’t aware of their full digital footprint leading to shadow IT where organizations can’t detect attacks
• New monitoring and compliance tools for these fragmented surfaces including IoT, web applications, and cloud are required

Cybersecurity is tech’s biggest skill shortage

• The rising demand and inadequate training opportunities have created a cybersecurity labor and expertise shortage
• The skilled labor shortage is 35% worse in cybersecurity engineering than software engineering overall. 8.5% of total cybersecurity engineering jobs are unfilled today, compared to only 6.3% for the entire software engineering field. Over 50% of CISOs have joined a new company since the start of the pandemic.
• Digital infrastructure has become an increasingly popular target as individual hackers, crime rings, and nation-states prefer cyber attacks as more effective than conventional war or terrorism
• America is failing to draw its best technical talent into security, and our fragmented and decentralized branches of armed forces slow down knowledge sharing and top-down decision making
• An increase in automation can help close the gap short-term, with machine learning allowing the analysis of large data
• The data surplus is driving a need for data identification and prioritization infrastructure as we capture asset and event data from non-traditional sources like IoT devices
• On-the-job and private education skills training solutions are necessary to close the gap in the mid-term until higher education can catch up
• Cybersecurity providers must rely more on product-led growth than sales given fewer labor and financial resources in the current market
• Providers must simultaneously simplify integration processes to reduce their customers’ need for integration engineering labor

Open Source and No-Code are creating uncontrollable mazes of dependencies

• Modern technology stacks are increasingly reliant on the rapidly expanding open source libraries, leading to unforeseen and massive vulnerabilities like Log4j
• Younger, upstart SaaS and Open Source companies often lack the resources and expertise to properly protect their systems despite their rising usage
• Solutions are needed to balance the innovation leveraging open source tooling brings with securing this increasingly fragmented software supply chain
• Additionally, the Cambrian explosion of low-code / no-code software allows line-of-business workers to spin up their own workflows and apps without proper privacy or security oversight, creating layers of internal automation invisible to traditional reviews

SignalFire is already invested in a number of startups addressing these trends, listed below. We love helping our portfolio companies with our Beacon Talent technology that surfaces top recruiting prospects, our data science team that generates customer lead lists, and in-house experts like the former CMO of Stripe. We offer assistance from SignalFire executive chairman and CIO Walter Kortschak, who was the first investor in McAfee Associates in 1991 while at Summit Partners and led the firm’s security investments for several decades which included Avast Software, Darktrace and others. SignalFire also just partnered with two seasoned security executives to advise our investment process and portfolio companies in the sector. We’ll be announcing them soon!

• Anchore: Software supply chain security focused on containers
• Blubracket: Software supply chain security focused on code
• CloudVector: API security (*Acquired by Imperva*)
• Dig Security: Cloud-native, real-time data security
• Horizon3: Autonomous Pen-Testing-as-a-Service
• Project Discovery: Next-generation vulnerability management
• Twingate: Secure access platform for zero-trust networking

Decentralized Cybersecurity Startup Opportunities

Come talk to us if you’re building in these areas:

Automation / Crowdsourcing

• 40% cybersecurity talent shortage makes human intervention more difficult
• The rapid increase in complexity and volume of alerts: billions of devices, attack proliferation, etc.
• Focus: Cross-cloud, cross-SaaS MDR solutions, large crowdsourced networks

Attack Surface Specific Solutions

• Mobile overtaking desktop as the primary endpoint, device proliferation driven by IoT
• User behavior indicative of threat level and used for data protection
• Focus: Asset management, behavioral authentication

Vertical Specific Solutions

• Under-automated/poorly secured verticals are under threat (e.g., 55% increase in healthcare cyber attacks)
• Unique compliance and data privacy needs are not served by horizontal solutions (e.g., KYC)
• Focus: Compliance-mandated data privacy solutions, digital risk management, antifraud orchestration engines

Identity

• Identity is the key to a true zero-trust environment
• 80% of modern cybersecurity breaches involve a compromised set of privileged credentials
• Focus: Unified provisioning and governance across cloud environments and applications, inclusive of real-time alerting

DevSecOps

• Massive proliferation of open-source software exposing security vulnerabilities
• More rapid cloud development driving the need for security automation
• Focus: Cross programming language and cross dev life cycle security solutions

Cloud-Native Network Security

• Shift of work from enterprise data centers to the cloud catalyzed by COVID-19
• Proliferation of users, devices and software applications has made the perimeter-based model redundant
• Focus: Simple packaged implementations of cloud-native security for Enterprises and SMBs

Data Security

• Move to the cloud has democratized data access and usage and accelerated data sprawl
• Discovering, classifying, and monitoring all sensitive data becoming critical due to increased regulatory pressure
• Focus: Real-time data threat detection with robust response measures and multi-cloud functionality

Thanks to rapidly evolving tools that address these problems, CISOs can make sense of data chaos in the cloud. If you’re building in these areas, please reach out to SignalFire’s security investors Jon Lim and Tony Pezzullo at security@signalfire.com. You can also subscribe here for future deep-dives into top cybersecurity sectors and advice from legendary CEOs in the space.

The need for real-time data monitoring: Leading $34M for Dig Security

‍