Proactive Investors - Cloud security is a “new hot space” with app modernization driving a significant growth opportunity, analysts at Bank of America (NYSE:BAC) believe.
They wrote in a note to clients that the adoption of Cloud computing has introduced great efficiencies but also its fair share of cybersecurity risks.
As a result, the bank’s analysts see the Cloud Native Application Protection Platform (CNAPP) market at about $7.2 billion in 2023 and expect it to grow at a compound annual growth rate of 24% to $16.3 billion through 2027.
“CNAPP provides security from the early stage of application development in a process known as ‘code-to-cloud,’ improving the historical fragmented view of threats by connecting insights from the developer environment to application runtime, contextualizing alerts and offering remediations,” they explained.
They noted that CNAPP solutions typically incorporate three key components that were previously used as standalone tools: Cloud Workload Protection Platform, Cloud Security Posture Management, and Cloud Infrastructure Entitlement Management.
Mor recently, some companies had added Application security and Data security to provide more complete end-to-end capabilities, they added.
“A complete solution will handle the full cloud workload lifecycle, protect against misconfigurations, increase workload visibility and secure the environments while the applications are running,” the analysts wrote.
They noted that many vendors have entered the CNAPP market from different angles, including Palo Alto Networks Inc (NYSE:NASDAQ:PANW, ETR:5AP) and CrowdStrike (NASDAQ:CRWD) Holdings Inc (NASDAQ:CRWD) and startups like Wiz and Orca.
“Palo Alto Networks identified the opportunity early on, building its Prisma Cloud portfolio ($500 million annual recurring revenue as of Q4 2023) through seven acquisitions, which is both its strength and potential weakness of limited integration, while private company Wiz has made notable strides, reaching almost $350 million of revenues in less than three years,” they wrote.
“The market is evolving rapidly and private companies, once leading the space technologically, see more established security vendors entering the space like Crowdstrike, Zscaler Inc . (NASDAQ:ZS), Fortinet Inc (NASDAQ:FTNT) and others.”
They noted that some companies, like private firms Wiz and Orca, have started in the space with an agentless approach.
“This approach has provided an efficient way to gain visibility of the resources, their configuration, and the activity at the cloud control plane,” they wrote.
“It has also provided a quick and easy integration into the cloud provider, which together help to inspect the network hygiene and gain visibility into misconfigurations.”
But they also pointed out that agent-based approaches have added the important functionality of continuous visibility and telemetry across various environments, such as detecting active threats currently running, with vendors like Wiz adding agent functionality, naming it a sensor, data collector, or a host scanner.