Microsoft: A Deep Dive Into Its Mammoth Cybersecurity Business
Contributor since 2021 / 3818 Followers
Summary:
- I think that the market is underestimating the scale of Microsoft’s cybersecurity business and how much they are investing into the business.
- In this article, I will put Microsoft next to the nine largest pure play cybersecurity companies to understand the true scale of their revenue and R&D spend.
- In addition, Microsoft is a leader in many categories within cybersecurity, providing a complete cybersecurity solution for those with a Microsoft-heavy technology stack.
- I looked into Microsoft’s Identity and Access Management business and who the main competitors are in the segment.
- In addition, I will make a detailed comparison between CrowdStrike and Microsoft in the endpoint security market.
Michael Loccisano/Getty Images Entertainment
Microsoft (NASDAQ:MSFT) has a huge cybersecurity business and I think many investors have no idea just how big that is. This article aims to focus on Microsoft’s cybersecurity business and determine if there are any worries for the current cybersecurity pureplay companies like Palo Alto Networks (PANW) and CrowdStrike (CRWD).
Size of Microsoft’s cybersecurity business
Microsoft’s cybersecurity business surpassed $20 billion in revenue for the calendar year of 2022.
According to Microsoft CEO Satya Nadella, this is how they see their own cybersecurity business:
We are the only company with integrated end-to-end tools spanning identity, security, compliance, device management and privacy informed and trained on over 65 trillion signals each day. We are taking share across all major categories we serve. Customers are consolidating on our security stack in order to reduce risk, complexity and cost.
Based on management commentary and disclosures in Microsoft’s annual reports, I was able to put together the chart showing Microsoft’s cybersecurity revenue from 2020 to 2022. In 2022 alone, Microsoft’s cybersecurity business grew about 33% on a huge run rate of $15 billion.
Microsoft Cybersecurity Revenue (Author generated, Microsoft AR)
How does this $20 billion in cybersecurity revenue relate to the revenues we see from the pure play cybersecurity players?
I think many investors will be surprised by how Microsoft’s cybersecurity revenue alone is larger than the revenues of the top five pure play cybersecurity players combined.
Microsoft’s cybersecurity revenue dwarfs the largest pure play cybersecurity players (Author generated, company reports)
I think that the ability of Microsoft to grow at about 33% growth rate at a billion-dollar run rate is highly impressive and demonstrates the benefits of its strong industry recognition of the Microsoft brand, strong distribution and bundling abilities.
The next graph is even more mind boggling. If you thought Microsoft is sitting on its credentials and not investing in its cybersecurity business, you could not be more wrong. Microsoft spent $4 billion on research and development for its cybersecurity business in 2022, far outpacing any of the other pure play cybersecurity companies out there. For a period of five years until 2026, Microsoft will be committed to spending $4 billion on its cybersecurity business, with a total investment of $20 billion by 2026.
Cybersecurity players R&D spend (Author generated, company reports)
Although Microsoft is investing $4 billion each year, this $4 billion is spread across different categories within cybersecurity. On the other hand, pure play cybersecurity players are able to invest in a more focused manner in their own focused business. For example, CrowdStrike’s focus is on endpoint and Okta’s (OKTA) focus is on identity assess management means that their research and development spend is likely to be focused on these areas. As such, when I sum up all the research and development spend of all pure play cybersecurity companies, it adds up to around $5 billion, which is in my view, in-line with Microsoft’s own research and development spend of $4 billion each year.
Leadership positions in cybersecurity categories
Needless to say, with this much investment going into its cybersecurity business, the result is that Microsoft has leading positions across most categories in cybersecurity.
For example, Gartner lists Microsoft as a leader in endpoint protection platforms, access management, enterprise information archiving and unified endpoint management tools.
Forrester also recognized Microsoft’s leadership positions in nine categories. These nine categories include cloud security gateways, endpoint security software, identity as a service, security analytics platforms, extended detection and response, amongst others.
Lastly, IDC Vendor Assessment MarketScape’s report for 2022 recognized Microsoft as a leader in the unified endpoint management software.
With leadership positions across multiple categories within cybersecurity, I think that Microsoft is poised to continue to be one of the players that can successfully gain market share across these categories as it provides a wide range of leading solutions across the cybersecurity spectrum.
Breakdown of Microsoft’s cybersecurity business
Based on the sell-side analysts industry conversations and market data work, the following is a breakdown of Microsoft’s cybersecurity business.
Microsoft cybersecurity business breakdown (Citi)
The largest part of Microsoft’s cybersecurity revenue comes from bundling via Office 365 E3 or E5 allocation, amounting to 30% of Microsoft’s cybersecurity revenue. This demonstrates the strong competitive advantage Microsoft has in its distribution capabilities as a result of its strong brand name and bundling.
The Other Systems Infra segment is a catch all bucket that includes businesses like network security, patch and endpoint management, email security, amongst others.
Apart from these two segments, the Identity and Access Management business is the largest identifiable cybersecurity business of Microsoft outside of those included in the bundles and others segments. This is due to Microsoft’s Active Directory legacy. The second largest segment is the end point security segment, which is roughly at $3.1 billion in revenue, compared to CrowdStrike’s $2.2 billion revenue.
Identity and Access Management business
The Identity and Access Management market is expected to grow at a 14% CAGR and reach a size of almost $26 billion by 2026. In the 3-year period from 2019 to 2021, Microsoft gained 9% in market share while Okta gained 3% in market share. As Microsoft and Okta’s market share today is only around 33%, there are still sizeable legacy vendor market share opportunities up for grabs for the two players as the market still remains fragmented.
IAM market share (Citi)
I am of the view that there is scope for both Microsoft and Okta to leverage on the infrastructure modernization trends while I think the key wallet share and consolidation winner here will be Microsoft.
Although Microsoft is in general less sophisticated than Okta, Microsoft has a good roadmap and its conditional access features are being marketed as an Okta-killer.
On the other hand, larger organizations are hesitant to have too large a concentration risk in Microsoft given that it could result in a singular point of error, which plays into Okta’s hands. Furthermore, Okta is known to have the simplest and the most elegant platform and product design on the market, and it is easier to implement and scale. Furthermore, a stronger alignment between Okta and AWS could most effectively challenge Microsoft here.
Based on reviews on Gartner, we can see that while Okta has significantly more reviews than Microsoft thus far, its overall rating and willingness to recommend score are similar to that of Microsoft, which underscores my point that both Microsoft and Okta could be the two players to consolidate the market going forward from here.
Microsoft vs Okta reviews (Gartner)
Endpoint security business
The endpoint security market is expected to grow at a 16% CAGR and reach a size of almost $22 billion by 2026. The two largest share gainers from 2019 to 2021 are inevitably Microsoft and CrowdStrike, which grew share by 10% and 5% respectively.
Endpoint security market share (Citi)
As a result of legacy players in the endpoint security market, these players remain uncompetitive with the offerings of CrowdStrike and Microsoft due to poor sales execution, stale technology, amongst other reasons.
Newer players like CrowdStrike and SentinelOne (S) have been aggressively growing in the market to leverage on the dislocation in the market as a result of their innovative technology and offerings.
Microsoft has taken a price promotion approach in recent days as it is offering about 50% discount on Defender for Endpoint until June of 2023. This is a relatively new territory for new players like CrowdStrike and SentinelOne as it has changed the competitive landscape to one that potentially may be more driven by price. It remains to be seen whether we will see Microsoft gain share at the expense of these newer players due to these aggressive price promotions taken by Microsoft.
That said, I do think that the next generation, newer vendors could have some sort of competitive advantage in that they are razor focused on a particular category within the cybersecurity space. As a result, it is difficult for Microsoft to reach technical parity with these next generation vendors. Furthermore, the robustness of managed offerings and total cost of ownership are different amongst the different players, which could lead to a unique value proposition within the endpoint security market for each player.
In addition, there continues to be market share from legacy vendors that these players can continue to capture in the longer run. SentinelOne could be more potentially affected than CrowdStrike by the threat Microsoft poses as a result of its smaller product portfolio, smaller scale and less enterprise focused installed base.
Microsoft vs CrowdStrike
At the end of the day, I am interested to see how CrowdStrike and Microsoft compare against each other.
CrowdStrike does have a nice comparison of its own endpoint offering compared to all other endpoint security players, including Microsoft Defender. As can be seen below, CrowdStrike does see its signatureless protection, frictionless updates, consistent cross platform support and 24/7 expert hunting and best-in-class integrated intel as its advantages over Microsoft Defender.
CrowdStrike vs Microsoft (CrowdStrike)
Of course, it does not make sense to just rely on what CrowdStrike describes as its advantages over Microsoft Defender. After carrying out multiple rounds of research, I have found both CrowdStrike and Microsoft Defender to be rather complete in terms of the features they have for endpoint security solutions.
At the end of the day, I think that customers choose Microsoft Defender if they already are predominantly using a Microsoft-centered environment and if they do not require advanced features.
On the other hand, customers choose CrowdStrike because of their endpoint solutions that brings more advanced features to customer, while still being easy to use and deploy. Also, similar to above, customers without a Microsoft -heavy technology stack are likely to choose CrowdStrike as well.
When I looked further into the reviews of Microsoft and CrowdStrike, it was evident that a higher proportion of CrowdStrike’s customers were giving it five stars and more willing to recommend the CrowdStrike offering.
CrowdStrike vs Microsoft reviews (Gartner)
Conclusion
I think that Microsoft will and has been increasingly leaning toward its cybersecurity business as a new growth driver given the increasing importance and rising total addressable market in the segment.
We can see that Microsoft does already have the largest cybersecurity business in the market today, as a result of its strong brand name, distribution and decent cybersecurity offerings. At the end of the day, it provides a more end-to-end solution for customers and makes it simpler to bundle for those who already have a Microsoft-heavy technology stack.
That said, I do think that there will be others in the industry that are specialists in what they do, and these players can continue to be leaders in the market alongside Microsoft as the examples that I explained earlier about Okta and CrowdStrike showed earlier.
This is a result of their strong focus on the identity and access management market and endpoint security market respectively, which results in more advanced offerings, better technology and innovation in the segment. That said, Microsoft’s ability to bundle is a strong competitive advantage that will continue to serve it well. As long as it has a complete cybersecurity offering, it does not really need the most advanced features to continue to gain market share.
Disclosure: I/we have no stock, option or similar derivative position in any of the companies mentioned, and no plans to initiate any such positions within the next 72 hours. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.
Outperforming the Market
Outperforming the Market is focused on helping you outperform the market while having downside protection during volatile markets by providing you with comprehensive deep dive analysis articles, as well as access to The Barbell Portfolio.
The Barbell Portfolio has outperformed the S&P 500 by 41% in the past year through owning high conviction growth, value and contrarian stocks.
Apart from focusing on bottom-up fundamental research, we also provide you with intrinsic value, 1-year and 3-year price targets in The Price Target report.
Join us for the 2-week free trial to get access to The Barbell Portfolio today!