Enterprises and consumers alike have experienced two recent and rapid technological innovations that will continue to alter the tech landscape: the rise of cloud computing and a mass move to mobile devices and applications. “‘We are on a shift that is as momentous and as fundamental as the shift to the electrical grid,’ said Andrew R. Jassy, the head of [Amazon Web Services]. ‘It’s happening a lot faster than any of us thought.’” [1] Indeed, recent research concludes that paid cloud services are expected to double among small and midsize businesses in five years. [2] Computing giants Microsoft, Google, and Amazon, each with its own set of cloud offerings, will compete to meet this growing demand.
Cloud computing, which promises substantial cost-savings for businesses via “pay-as-you-go access to sophisticated software and powerful hardware,” [3] also poses certain security risks that derive primarily from the security, or lack thereof, of the channel by which information travels to the cloud and that of the data itself while on the server and in use by the cloud service. [4] When it comes to mobile devices, the risks are no less. In fact, the frequency of mobile threats doubled between 2010 and 2011 and the volume of malware targeting smartphones increased 155 percent in 2011 alone. [5] The rash of hacks on mobile devices and public and private networks by “pranksters, criminal syndicates or foreign governments” [6] illuminates the disconcerting reality that “[n]o one is immune to the threat posed by cyber criminals.” [7]
From an economic standpoint, the risks posed by potential security breaches are great: a typical breach might cost a business more than a half million dollars to rectify.[8] Likewise, such an occurrence might have a detrimental psychological effect, reducing the confidence of customers in a particular company or, worse, chilling the transition to cloud and mobile services overall, since no sector is impervious to the security threats.
It is perhaps of little surprise that, against this backdrop, “big companies are expected to spend $32.8 billion on computer security this year, up 9 percent from last year. Small and medium-size businesses will spend more on security than on other information technology purchases in the next three years.”[9] The “white hat” cyber security professionals, whose challenge is to “foster a faster and more open exchange of valuable information [while striving to] stay a step ahead of technically advanced, well-financed cyber criminals,” [10] are not only security powerhouses like McAfee, but also obscure security start-up companies, such as Imperva, Splunk, and Palo Alto Networks. [11] The remarkably strong stock performances that these companies have enjoyed since going public, with shares ranging from 26 to 65 percent above their offering price, has piqued the interest of the venture capital world. Not to be understated, venture capital contributions to these tech security start-ups reached $935 million in 2011, nearly doubling 2010 venture capital investments in the same genre. [12]
Most security start-ups seeking venture financing are focused on one of the following areas of weakness: mobile devices, authentication, intrusion detection, or “big data.” [13] For example, Bit9 is a start-up that blocks malware, Zenprise brings enterprise-level security to consumer mobile devices, and Solera Network tracks breaches in real time. Each of these companies has recently raised tens of millions of dollars in investment rounds led by top-tier venture capital firms, including Sequoia Capital and Intel Capital.[14]
Though this infusion of capital into the cyber security realm is likely spurred on by the potential for big monetary gains for venture capital firms and not altruistic motives, the ultimate security outcome, if the start-ups are successful, will be highly beneficial for many, if not all. Given the positive externality that seems to ensue from this particular type of investment in this age of increasing cyber crime, I can only hope that the unusual risks borne by investors of security companies, such as death threats and aggressive cyber counterattacks by criminals, [15] will not dampen its popularity going forward.
__________________________________________________
[1] Quentin Hardy, Active in Cloud, Amazon Reshapes Computing, The New York Times (Aug. 27, 2012), http://www.nytimes.com/2012/08/28/technology/active-in-cloud-amazon-reshapes-computing.html?ref=technology .
[2] 2012 Microsoft/Edge Strategies Cloud Adoption Study, http://www.edgestrategies.com/component/k2/item/117-just-released-2012-microsoft-edge-technologies-smb-cloud-adoption-study.html (last visited Oct. 13, 2012).
[3] Jeff Beckham, The Top 5 Security Risks of Cloud Computing, Cisco Blog (May 3, 2011, 8:36 AM), http://blogs.cisco.com/smallbusiness/the-top-5-security-risks-of-cloud-computing/ .
[4] Id.
[5] Ian Paul, Mobile Security Threats Rise, PCWorld (Sep. 7, 2012, 9:36 AM), http://www.pcworld.com/article/262017/mobile_security_threats_rise.html .
[6] Nicole Perlroth & Evelyn M. Rusli, Security Start-Ups Catch Fancy of Investors, The New York Times (Aug. 5, 2012), http://www.nytimes.com/2012/08/06/technology/computer-security-start-ups-catch-venture-capitalists-eyes.html .
[7] Kevin Johnson, CIOs Must Address the Growing Mobile Device Security Threat, Forbes (Aug. 16, 2012; 7:55 PM), http://www.forbes.com/sites/ciocentral/2012/08/16/cios-must-address-the-growing-mobile-device-security-threat/ .
[8] Id. (citing cash outlays, business disruptions, and revenue losses as elements of the cost of a security breach).
[9] Perlroth & Rusli, supra note 6.
[10] Johnson, supra note 7.
[11] Nicole Perlroth & Evelyn M. Rusli, Security Start-Ups Catch Fancy of Investors, The New York Times (Aug. 5, 2012), http://www.nytimes.com/2012/08/06/technology/computer-security-start-ups-catch-venture-capitalists-eyes.html .
[12] Id.
[13] Id.
[14] Id.
[15] Id.