The link between security and corporate digitization is pervasive. Everything companies do today has some form of digital context, so everything also has the potential for exploit. This new reality is a massive challenge, but also a huge opportunity for providers to create the next generation of managed cybersecurity services.
“US clients are concerned about security in literally every digital aspect of their business,” said Matthew Stamper, Research Director at Gartner and former CISO at Kio Networks. “However, most SMEs are not going to invest in a 10-person security staff, so service providers are uniquely positioned to see some interesting growth in this segment.”
Leapfrogging Legacy to Jump on Next-Gen
While the legacy approach to security (firewalls, network infrastructure, anti-virus, etc.) is still prolific around the world, new technologies like AI and machine learning have shown that they can outperform in the security segment.
Global security defense company Darktrace offers a solution that uses self-learning how to protect whatever system it is applied to. The company even hired people from GCHQ and MI5 to advise on how to make AI useful in the security world.
“New attacks are created all the time, and a lot of approaches rely on analyzing yesterday’s attack to predict tomorrow’s which is flawed,” said Nicole Eagan, CEO of Darktrace. “Customers don’t want to throw more money at the problem only to see the bad guys change the whole attack vector. This is where AI and machine learning can help, using self-learning to identify unknown threats, even if it’s specific to one company. Providers need to detect that, not just weed out the next Wannacry.”
ABI Research forecasts that “machine learning in cybersecurity will boost big data, intelligence, and analytics spending to US$96 billion by 2021,” however, like most areas of the tech industry, talent is scarce in the region, perhaps even more so due to the unique requirements of the security profession.
Securing the Security Talent
A career in security can begin with mathematics, application, development, and DevSecOps, but stretches over to regulatory and legal compliance, creating a huge expanse within the discipline.
“To be a security architect, you need knowledge of WAN, wireless, and LAN technologies first, because security is required for all of these,” said Juan Huicab, Security Product Manager at Alestra. “If a security professional doesn’t know about those first, it’s difficult to become an architect.”
There’s also a whole variety of certifications available, such as CISSP, CISA, and CIPB, and students are now coming out of college with cybersecurity degrees too. The profession also includes regulations, law, and governance, and within full-stack infrastructure, from the application to the data center, everything is unique again. The industry offers an infinite number of security areas to explore, so there’s few professions that are as intriguing for people with an intellectual curiosity.
“The demand signal for cybersecurity is reaching the supply side now, slowly,” said Stamper. “We’ve seen high-profile breaches, such as Wannacry, reveal that security teams are understaffed, under-resourced, and under-skilled in a lot of cases, so there’s a massive influx of demand for security engineers, architects, and secure coding talent, but they’re just not there, so salaries are being raised to attract them.”
Still, even within companies where the budget has been prioritized for cybersecurity, companies may not be able to hire the people for it, either because they don’t exist, or due to the fact that they’re so in demand and so scare. If companies and educators can overcome this crisis, the opportunity for them is exponential.
The Commercial Opportunity
The financial services industry tends to be ahead of the curve from a security standpoint, but small to mid-sized companies and other sectors, such as healthcare, still fall behind. The big tools in terms of adoption rates are Palo Alto for firewalls, Cisco for networking gear, and Symantec anti-virus, but it often stops there.
Many of the mid-sized US vendors haven’t yet broken into the Latin American market, giving Nearshore a chance to shine — the missing part of the puzzle is a world-class, service delivery model for localized security needs, and an innovative new approach to security as a service.
“Innovation is key; we need to innovate at the same speed as the attackers innovate themselves,” said Nieto. “We’re in a prime position to stay one step ahead in terms of solutions and people, preparing them for the next waves of cybersecurity threats before they occur.”
As long as SMEs remain unaware of how to initiative their own security protocols and systems, they will always look to outsource them to a service provider. Nearshore companies need to step up to the challenge, bypassing the legacy approach and seizing the chance to become global leaders in next-gen cybersecurity.