Cloud and data security, zero-trust technology, identity solutions and DevSecOps tools are expected to be among the hottest cyber investment areas in the coming months, according to a group of investors speaking at the 2021 RSA Conference. Here, a panel of investors speak onstage during TechCrunch Disrupt SF 2018 at Moscone Center. (Photo by Steve Jennings/Getty Images for TechCrunch)

Cloud and data security, zero-trust technology, identity solutions and DevSecOps tools are expected to be among the hottest cyber investment areas in the coming months, as new start-ups emerge and look to become the next “unicorn,” according to a group of panelists speaking Wednesday at the 2021 RSA Conference.

The COVID-19 pandemic accelerated digital innovation and transformation across the entire business world, the panelists explained, forcing security vendors to react in kind, and thus creating a myriad of new opportunities for financiers to invest in the cyber sector.

“The pandemic just created a lot of pain for companies and the way they worked, and that also led to a lot of opportunities for new companies,” Saam Motamedi, partner at venture capital firm Greylock Partners, who noted a surge of companies rapidly ramping up their digital assets over the last nine-to-12 months.

Motamedi suspects these companies were originally planning this transformation as a long-term project, but the pandemic shifted timelines dramatically. “Now it’s existential,” he said. “If you want it to transform that way you interact with your customers and go from a retail presence to a digital presence, you’ve got to do it right away and you look to new vendors and innovative technology.” And that includes security vendors and their solutions.

Chenxi Wang, general partner at early-stage venture capital fund Rain Capital, noted that the number of product pitch meetings she took in 2020 actually increased over 2019, despite a major Q2 slowdown when the pandemic was officially declared. “The rate of innovation is unheard of,” she said, noting that one public company where she’s a board member accelerated its own innovation “because of the requirement of having to adopt a different operating model.”

Chenxi Wang, Rain Capital

By the end of March, it was starting to look like the cybersecurity investment space would be resistant to the economic harm perpetrated by the coronavirus, according to Dino Boukouris, founding and managing director of investment bank Momentum Cyber. “We were looking at the trends of people embracing working from home, we saw the trends of increased endpoints that were being deployed that needed to be protected [and have] security connectivity,” said Boukouris. “We… saw some of these trends that we thought were just going to accelerate and fortunately they did” as Q2 shifted to Q3.

“For the most part the companies that we were working with, they saw a nice boost, even of their projects. About halfway through the year they started upward revising their numbers which was a pleasant surprise,” Boukouris continued. “We really didn’t skip a beat. We had one of the best years. The last 12 months was a record 12 months for us. We had record revenue growth.” Indeed, between December and January, the firm closed six transactions in a period of 60 days. “That was the highest velocity we have seen since we launched the firm.”

Wang said that companies poised to do well in the rapidly accelerated digital economy are those that can cater to concepts such as dynamic network infrastructure and securing edge computing. In particular she said the market is witnessing “great momentum in cloud security.”

“We have a few investments in different aspects of cloud security, but I think the combination of modern infrastructure and policy-as-code is a trend that I’m watching very closely,” said Wang, when asked where the next cyber investment unicorn may come from. “And looking at how to build [a] security pipeline – not just security products, but a security pipeline from design to remediation and back in a completely automated fashion. I’m looking for companies that will plug into the pipeline stage and really transform the business of security.”

Meanwhile, Boukouris suggested keeping an eye on the zero-trust network access space for possible unicorns, following the trend of such companies as Zscaler, Palo Alto Networks, iboss and Perimeter 81. Additionally, he believes managed security services currently remains the top overall area of investment. “Maybe not so much for the earlier-stage investors that are looking for the most innovative capabilities and technologies, but it’s an area where security tools… consolidated on your security architectures and your security stacks at the organization is increasing in importance,” especially with the shortage of available security talent.

“We’re trying to make more sense out of our data, so a lot of people are turning more and more to professional services firms, managed services firms, red teaming, blue teaming, purple teaming, pen-testing firms,” Boukouris continued. “So we actually expect to see funding to continue to flow into the security services space, especially on the private equity front.”

Motamedi agreed that cloud security is a key area, but also listed data security – both the identification and classification of sensitive data in heterogenous environments, as well as access governance. Additionally, he cited identity technology, and also the DevSecOps concept of shifting left.

“So as companies all become software companies and developer productivity becomes more important, security responsibilities have to shift earlier and more towards the design phase,” he said. “There’s opportunity and tooling that’s going to support that.”