Microsoft Enters The SSE Market; Opportunities And Challenges
Contributor since 2018 / 10463 Followers
Summary:
- On July 11, Microsoft announced the launch of two new security products.
- With these new products, Microsoft will enter the Security Service Edge market, directly competing with the likes of Zscaler, Palo Alto, and Cloudflare.
- Microsoft’s cybersecurity business surpassed $20 billion in annual revenue in Q1, making it one of the biggest and fastest-growing business segments for the company.
- CEO Satya Nadella has ambitious plans for the cybersecurity business, which makes sense given the massive gap that still needs to be filled in the global cybersecurity landscape.
- A deep dive into Microsoft’s new security products and the market leaders in SSE, such as Zscaler, reveals opportunities and challenges.
wellesenterprises
Microsoft’s (NASDAQ:MSFT) recent announcement regarding its foray into the Security Service Edge (SSE) market has sent ripples through the cybersecurity industry, putting several prominent players on notice. The SSE market, also known as the computer security Secure Service Edge market, is a rapidly growing sector that focuses on securing network traffic and data at the edge of the network. By offering comprehensive security solutions at this crucial juncture, Microsoft aims to position itself as a formidable player capable of challenging established cybersecurity companies. The impact of Microsoft’s entry into the SSE market is expected to be significant. By leveraging its strong presence and customer base, Microsoft has been able to secure substantial deals, affecting the market position of other cybersecurity companies. With this expansion into the security domain, Microsoft will directly compete with cloud network security providers such as Zscaler Inc (ZS), Cloudflare Inc (NET), and Palo Alto Networks (PANW).
The Expanding Presence In Network Security With Entra Internet Access And Entra Private Access
In today’s digital landscape, where the reliance on technology is ever-increasing, the frequency and complexity of cyberattacks have reached unprecedented levels. Organizations of all sizes and industries are facing a relentless barrage of threats that have the potential to compromise their sensitive data and disrupt their operations. The statistics paint a grim picture, with password attacks skyrocketing from 1,287 attacks per second in November 2021 to over 4,000 attacks by November 2022. The cost of cybercrime has increased dramatically in the last few years and is expected to increase further in the next few years.
Exhibit 1: The estimated cost of cybercrime
Statista
Recognizing the urgent need for robust security measures, Microsoft is taking significant strides to expand its offerings beyond user authentication and directory management. The company’s latest announcement unveils two groundbreaking products: Microsoft Entra Internet Access and Microsoft Entra Private Access. These solutions are designed to empower organizations to establish trust not only in their digital experiences and services but in every interaction that underpins them.
The traditional approaches to network security are struggling to cope with the demands imposed by flexible work arrangements and the surge in cloud-based workloads. Relying on VPNs to channel traffic through legacy network security stacks compromises security posture and hampers user experiences. Additionally, using disparate solutions and access policies introduces vulnerabilities that can be exploited by malicious actors.
Microsoft Entra Internet Access emerges as an identity-centric Secure Web Gateway that safeguards access to the internet, SaaS applications, and Microsoft 365 resources. By extending Conditional Access policies with network conditions, this product fortifies protection against malicious internet traffic and other threats. Its integration with Microsoft 365 ensures best-in-class security, enhanced visibility, and seamless access to Microsoft 365 apps, ultimately boosting productivity for users across the board.
Complementing Internet Access, Microsoft Entra Private Access represents an identity-centric Zero Trust Network Access solution that secures access to private applications and resources. With this product, users can effortlessly connect to private apps from any location, utilizing any device and network. By eliminating the need for legacy VPNs, Entra Private Access significantly reduces operational complexity and costs. It also facilitates the enforcement of granular security measures such as Conditional Access for individual applications, multifactor authentication, and device compliance, even for legacy applications without necessitating changes to those applications.
Both Microsoft Entra Internet Access and Microsoft Entra Private Access, in conjunction with Microsoft Defender for Cloud Apps which serves as a cloud access security broker for Software-as-a-Service (SAAS) solutions, form Microsoft’s comprehensive Security Service Edge solution. This represents an important step forward in the convergence of identity and network security controls. By unifying these controls and creating unified Conditional Access policies, organizations can extend comprehensive protection and governance to all identities and resources within their digital estate. With a centralized platform for safeguarding and verifying identities, managing permissions, and enforcing intelligent access policies, organizations can now defend their digital assets more effectively with the use of Microsoft products.
Moreover, Microsoft has recently introduced a new automated cybersecurity product called Microsoft Security Copilot. Powered by generative AI technology, this platform utilizes an AI assistant to manage threat detection. This innovative approach demonstrates Microsoft’s commitment to advancing cybersecurity solutions and leveraging cutting-edge technologies to enhance protection.
Rising Cybersecurity Threats for SMEs
The uncertain geopolitical landscape, particularly heightened by the Russia-Ukraine war, has accelerated the frequency and complexity of cyber threats and attacks. An Accenture (ACN) study reveals that an overwhelming 97% of organizations have witnessed an increase in cyber threats since the start of the conflict, prompting them to take proactive measures. Nearly half of the respondents have enhanced their incident response capabilities, while 51% have updated their business continuity and enterprise risk plans. Despite the rising threat landscape, the study highlights that only 39% of organizations prioritize close collaboration with government agencies on policies and recommendations in response to the war. This indicates a potential gap in leveraging collective expertise and resources to combat cyber threats effectively. Organizations need to forge strong partnerships with government agencies and collaborate on comprehensive cybersecurity strategies.
Further, third parties and external networks are perceived as highly susceptible areas for attacks, with 54% of organizations identifying them as primary targets. This finding aligns with the previous year’s study, indicating a consistent trend. External breaches continue to pose a significant risk, accounting for 61% of successful breaches overall. In industries such as Utilities, the threat from supply chain partners is even higher at 62%, highlighting the importance of robust security measures throughout the ecosystem.
The impact of cyberattacks is felt across all businesses, but small to medium-sized enterprises are particularly vulnerable. Accenture’s Cost of Cybercrime Study reveals that 43% of cyberattacks target small businesses, yet only 14% of them are adequately prepared to defend against these threats. This alarming statistic underscores the urgent need for SMEs to prioritize cybersecurity and implement robust defense measures to safeguard their operations and sensitive data. The massive disruption caused by cyberattacks on SMEs can be seen in how these events impacted the business operations of targeted companies.
Exhibit 2: The impact of website breaches
Sectigo
In the context of Microsoft’s expansion into the SSE market, the geopolitical landscape and the associated increase in cyber threats further underscore the importance of robust cybersecurity solutions. Microsoft’s entry into the market comes at a crucial time when organizations are grappling with evolving risks and the need for comprehensive protection. By offering innovative SSE products, Microsoft has the opportunity to address the pressing cybersecurity challenges faced by organizations, including the vulnerabilities stemming from third parties and external networks. The convergence of Microsoft’s SSE offerings with the overarching need for collaboration, risk planning, and enhanced incident response capabilities aligns well with the industry’s growing recognition of the geopolitical landscape’s impact on cybersecurity.
Can Microsoft Secure A Meaningful Share Of The SSE Market?
Microsoft’s EIA is currently in public preview, albeit with limited functionality. At this stage, it can only protect Microsoft 365 and Windows clients. However, broader features such as general traffic protection, cloud firewall, threat protection, and support for other operating systems are scheduled to be introduced later in the year. Notably, Microsoft’s naming for these products mirrors that of Zscaler, with Zscaler’s main products being Zscaler Internet Access and Zscaler Private Access. Zscaler was recognized as a leader in the 2023 Gartner Magic Quadrant for SSE.
Exhibit 3: Magic quadrant for SSE
Gartner
Analysts caution that gaining meaningful market share in the SSE space may prove more challenging for Microsoft compared to other segments of the security market. This difficulty stems from the lack of inherent ties with Microsoft software in the realm of network security and Secure Access Service Edge (SASE). While Microsoft has enjoyed adoption in endpoint security through its integration with Windows and identity products, achieving similar success in network security may require overcoming the complexity of enforcing policies across heterogeneous environments due to the diverse nature of systems, technologies, and infrastructures involved.
One significant challenge is the lack of standardized protocols and interoperability among different systems and technologies. Each component within a heterogeneous environment may have its own set of security protocols, access controls, and authentication mechanisms. Ensuring seamless integration and policy enforcement across these varied components becomes a complex task. It requires comprehensive understanding and support for multiple standards and protocols, as well as the ability to bridge any gaps that may exist between different technologies. Additionally, heterogeneous environments often involve integrations with third-party systems, cloud services, and external networks. This introduces additional complexities in terms of security controls, access management, and data protection. Managing security policies that extend beyond the organization’s boundaries requires close collaboration and coordination with external entities, such as cloud service providers or business partners, to ensure a consistent and effective security posture across the entire ecosystem.
Despite the challenges and intense competition, the introduction of Microsoft’s EIA and EPA products has the potential to bolster the company’s campaign to establish security as a top category, especially as its traditional stronghold in Windows-related products begins to recede. Microsoft’s security business has become a significant revenue generator for the company, surpassing annual revenue of $20 billion. This is one of the fastest-growing business segments as well. The company bundles its security products within the Azure cloud computing business and the Office 365 platform, offering customers comprehensive solutions to safeguard their digital assets.
The initial rollout of Microsoft’s Security Edge solution may target SMBs, posing a considerable risk to cybersecurity vendors with exposure to this market. However, Goldman Sachs (GS) analyst Gabriela Borges highlights that many enterprises and SMBs rely on Microsoft to provide a baseline level of security and then complement it with best-in-breed providers. This approach creates a total addressable market where both Microsoft and third-party vendors like Palo Alto Networks, Zscaler, and startup Wiz can capture growth and offer specialized solutions. While Microsoft’s expansion into the SSE market holds promise, crucial details such as availability dates and pricing for the new computer network offerings remain undisclosed.
Takeaway
Microsoft’s expansion into the Security Service Edge market signifies a notable shift in the cybersecurity landscape. With the introduction of innovative products, the company is poised to challenge established players and leverage its strengths to gain market share. However, the tech giant faces unique challenges in the SSE domain, particularly in enforcing policies across heterogeneous environments. Despite these challenges, Microsoft’s strong brand reputation, extensive customer base, and substantial investments in R&D position it well for success in the cybersecurity space. As organizations grapple with the increasing complexity and frequency of cyber threats, Microsoft’s entry into the market offers new opportunities for enhanced protection and collaboration. The cybersecurity industry can expect further innovation and competition as Microsoft continues to establish security as one of its top categories.
Analyst’s Disclosure: I/we have a beneficial long position in the shares of MSFT either through stock ownership, options, or other derivatives. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.
Seeking Alpha’s Disclosure: Past performance is no guarantee of future results. No recommendation or advice is being given as to whether any investment is suitable for a particular investor. Any views or opinions expressed above may not reflect those of Seeking Alpha as a whole. Seeking Alpha is not a licensed securities dealer, broker or US investment adviser or investment bank. Our analysts are third party authors that include both professional investors and individual investors who may not be licensed or certified by any institute or regulatory body.
Unlock Alpha Returns With Our Comprehensive Investment Suite
Beat Billions offers a wide range of tools and resources to help you achieve superior investment returns. Our team of expert analysts uncovers undercovered and thinly followed stocks to supercharge your investment returns.
- Access our model portfolios and receive actionable ideas to build a successful portfolio.
- Join our community of like-minded investors and exchange ideas to maximize your investment potential.
- Keep track of the real-time activities of investing gurus.
Don’t miss out on our launch discount – act now to secure your subscription and start supercharging your portfolio!
