Security targets drive an increase in cloud-native M&A

April 10 2020
by Michael Hill

As Zscaler's reach for Cloudneeti illustrates, acquirers are upgrading their portfolios with applications that secure cloud-native environments. The growth of these deals corresponds with an uptick in cloud-native technology adoption, spurring security vendors to add cloud-native capabilities via M&A. Future deals could spread beyond information security providers, with cloud platform suppliers and other infrastructure players seeking cloud-native security technologies.

According to 451 Research, acquirers racked up 20 cloud-native security transactions in 2019, five times as many as they inked just two years earlier. What's more, they started 2020 on pace to beat last year, having struck five such deals so far. Similar to the preceding years, many of these purchases have seen established buyers (e.g., Zscaler, HPE, ServiceNow and FireEye) picking up cloud-native startups to support cloud use cases.

Cloud-native software applications are underpinned by technologies such as containers, Kubernetes (container orchestration) and serverless functions. Data collected via our surveys indicates that adoption of these technologies is increasing. Not only do 78% of organizations plan to expand container deployments in the next two years, 69% say they plan to increase Kubernetes deployments and 26% plan to deploy more serverless functions.

Buyers are ramping up tuck-in acquisitions of early-stage cloud-native security vendors in anticipation of just such a surge in customer demand. Sophos and Trend Micro are among the cadre of security providers attempting to expand into the cloud-native market via M&A. In 2019, their acquisitions included, respectively, those of Avid Secure and Cloud Conformity. Meanwhile, Palo Alto Networks and Check Point bought into the serverless security market with their respective purchases of startups PureSec and Protego Labs.

Given that we expect cloud security to remain a top priority in this evolving market, we'll likely see more corresponding M&A, not only from security vendors but also from cloud platform suppliers themselves. Indeed, as cloud-native applications proliferate and the securing of cloud workloads becomes more crucial, cloud infrastructure providers would appear to have an opportunity to compete for market share by adding security functionality at the platform level – something that could help them further differentiate their offerings as organizations look to address maturing customer needs.

Figure 1: Adoption of cloud-native technologies

Figure 1

Source: 451 Research, DevOps Q1 2019 and Digital Pulse: Budgets and Outlook 2019