From perimeter to data: The five layers of cyber security

With more and more devices, cars, homes and – not least – production and manufacturing processes being connected to the internet, businesses and individuals are increasingly exposed to cyber-risks and vulnerable to cyber-attacks. This growing need for protection means a requirement for more sophisticated approaches to cyber security – something that is providing attractive opportunities for investors to participate in the growth prospects of companies at the forefront of these developments. Indeed, the layered approach that this article discusses has proven to be the most effective as malefactors only need to be right once, while security professionals – and the organisations they protect – need to be right all the time.

Perimeter security: the first line of defence

Perimeter security has traditionally been synonymous for firewalls; i.e., the protection of data and systems by filtering out potentially dangerous or unknown traffic. With the growing ubiquity of the cloud and remote access, perimeter security solutions – once designed to locally manage and protect local networks - must now adapt to this new and more complex landscape.

The transformation of network security defence

Network security covers both hardware and software technologies, and processes and devices that protect a network and its data from harm. Again, the expansion of the cloud and working from home/anywhere are fundamentally changing the landscape here; networks now also include the path to the cloud and hybrid infrastructures that may consist of on-premises data centres, public/private cloud instances, and SaaS applications. 

Perimeter and network security

With an increasing use and a deeper integration of cloud technologies into business processes and with the establishment of flexible work models (on-site, remote and hybrid), many organizations are struggling with more complex network and data vulnerability issues. Innovators in this sector are thus rethinking established security concepts and developing new models. For instance, Zscaler and CrowdStrike have developed a solution based on the idea of “zero trust”, where user identity, device posture (i.e., a device’s security credentials), and access policies are used to grant or withhold access rights. These risk-based conditional access solutions help steering a multitude of individual access requirements from users by detecting in real time possible threats which may arise when identities don’t match with corresponding access rights. This, in turn, protects complex and thus more vulnerable IT environments from breaches.

Endpoint security: where a network’s safety begins

The growing use of the cloud is also resulting in profound changes in how endpoints – i.e., any device that is connected to the network and can communicate both ways – should be protected from cyberattacks. Indeed, malicious actors now often target the vulnerability of endpoint devices to get access to a network while, until relatively recently, they would have focused on breaching perimeter security.

Given the increasing proliferation of devices connected to organization’s networks, the growth of the “internet of things” (IoT), and the unique risks associated with “bring your own device” (BYOD) policies, endpoint security is likely to represents a particularly strong growth area for the foreseeable future. Indeed, some estimates suggest that the endpoint security market will grow at a CAGR of 8.3% by 2028, reaching a value of USD 24.58 bn.1

Endpoint security

Formed in 2011, CrowdStrike has developed a comprehensive endpoint security offering comprising of a range of unified modules to prevent breaches. Their Falcon platform collects cyber security data – processing over 6 trillion events per week2 – and leverages AI to constantly improve its performance ands deliver one of the highest detection and efficacy rates in the industry.

The company’s annual recurring revenue grew by 65% year-on-year to exceed 1.7 billion, as of January 31, 2022.3

Endpoint security market: projected market CAGR of 9.4% by 2026, reaching a value of USD 22 billion4

Application security: defending apps and users

Application security is as multifaceted as applications themselves. It includes not only the procedures used to protect websites and apps while in use, but also those used during their development and design. 

Again, the rise of the cloud is changing the game here. With more and more organizations hosting resources in this way, application security is becoming ever more complex. Recent research suggests that the global application security market will experience a CAGR of 18.30% by 2028 reaching a value of USD 22.54 bn, up from USD 6.95 USD bn in 2021.5

Application security

One of the leaders in a range of cyber security areas and disciplines, Zscaler’s “Private Access” (ZPA) solution applies the principles of zero trust and segmentation to give users secure and direct connectivity to apps while eliminating unauthorized access via “zero trust network access” (ZTNA). ZPA is currently the world’s most deployed ZTNA platform6 , and this model is expected to become dominant in the coming years – Gartner predicts that, by 2025, over 70% of remote access deployments will use ZTNA7.

Application security – projected market CAGR of over 18% by 2028, reaching a value of USD 22.54 billion8

Data security: the heart of protection

The protection of data across platforms and applications connected to an organization’s network is often considered the paramount discipline of cyber security. The safeguarding of data is vital for every enterprise as many companies base their processes and business models on the storage, transmission, and, not least, the monetarization of gathered internal and external data. Indeed, the consequences of breaches in this respect present one of the greatest risks to companies and other organisations in terms of potential liability and reputational damage.

Data security

According to Cowen Research and Boston Consulting Group, the “human element” is responsible for at least three quarters of cyber breaches. Issues here include, for example, users failing to follow security protocols or becoming victim to deceptive communications or other forms of social engineering. For this reason, security awareness training for staff remains key to limiting such breaches. KnowBe4, the world’s largest security awareness training and simulated attack platform9 , offers a range of programmes to help build more resilient and secure organizations. Founded in 2010, the company employs over 47,000 staff and its annual recurring revenue grew by 44% year-on-year in 2021 to reach over USD 285 million. It was also named a “Leader in Security Awareness and Training Solutions” by Forrester Research in Q1 2022.

Allianz Global Investors identifies first movers in cybersecurity

When it comes to cyber security, it is vital for companies to stay a step ahead of malicious actors. Cybercrime is, and will continue to be, a difficult-to-assess risk. Leading companies providing solutions in this area are thus likely to benefit from the growing need for holistic cyber security approaches – a need that will only become more pertinent, and complex to address, in the coming years. 

Allianz Global Investors identifies innovators and first movers in cyber security across the full range of cyber security solutions, especially those that provide innovative solutions to protect applications, organizations, and users in complex cloud environments.

  • Disclaimer
    Investing involves risk. The value of an investment and the income from it will fluctuate and investors may not get back the principal invested. Past performance is not indicative of future performance. This is a marketing communication. It is for informational purposes only. This document does not constitute investment advice or a recommendation to buy, sell or hold any security and shall not be deemed an offer to sell or a solicitation of an offer to buy any security.

    The views and opinions expressed herein, which are subject to change without notice, are those of the issuer or its affiliated companies at the time of publication. Certain data used are derived from various sources believed to be reliable, but the accuracy or completeness of the data is not guaranteed and no liability is assumed for any direct or consequential losses arising from their use. The duplication, publication, extraction or transmission of the contents, irrespective of the form, is not permitted. This material has not been reviewed by any regulatory authorities. In mainland China, it is for Qualified Domestic Institutional Investors scheme pursuant to applicable rules and regulations and is for information purpose only. This document does not constitute a public offer by virtue of Act Number 26.831 of the Argentine Republic and General Resolution No. 622/2013 of the NSC. This communication’s sole purpose is to inform and does not under any circumstance constitute promotion or publicity of Allianz Global Investors products and/ or services in Colombia or to Colombian residents pursuant to part 4 of Decree 2555 of 2010. This communication does not in any way aim to directly or indirectly initiate the purchase of a product or the provision of a service offered by Allianz Global Investors. Via reception of his document, each resident in Colombia acknowledges and accepts to have contacted Allianz Global Investors via their own initiative and that the communication under no circumstances does not arise from any promotional or marketing activities carried out by Allianz Global Investors. Colombian residents accept that accessing any type of social network page of Allianz Global Investors is done under their own responsibility and initiative and are aware that they may access specific information on the products and services of Allianz Global Investors. This communication is strictly private and confidential and may not be reproduced. This communication does not constitute a public offer of securities in Colombia pursuant to the public offer regulation set forth in Decree 2555 of 2010. This communication and the information provided herein should not be considered a solicitation or an offer by Allianz Global Investors or its affiliates to provide any financial products in Brazil, Panama, Peru, and Uruguay. In Australia, this material is presented by Allianz Global Investors Asia Pacific Limited (“AllianzGI AP”) and is intended for the use of investment consultants and other institutional /professional investors only, and is not directed to the public or individual retail investors. AllianzGI AP is not licensed to provide financial services to retail clients in Australia. AllianzGI AP is exempt from the requirement to hold an Australian Foreign Financial Service License under the Corporations Act 2001 (Cth) pursuant to ASIC Class Order (CO 03/1103) with respect to the provision of financial services to wholesale clients only. AllianzGI AP is licensed and regulated by Hong Kong Securities and Futures Commission under Hong Kong laws, which differ from Australian laws.

    This document is being distributed by the following Allianz Global Investors companies: Allianz Global Investors GmbH, an investment company in Germany, authorized by the German Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin); Allianz Global Investors (Schweiz) AG; in HK, by Allianz Global Investors Asia Pacific Ltd., licensed by the Hong Kong Securities and Futures Commission; in Singapore, by Allianz Global Investors Singapore Ltd., regulated by the Monetary Authority of Singapore [Company Registration No. 199907169Z]; in Japan, by Allianz Global Investors Japan Co., Ltd., registered in Japan as a Financial Instruments Business Operator [Registered No. The Director of Kanto Local Finance Bureau (Financial Instruments Business Operator), No. 424], Member of Japan Investment Advisers Association, the Investment Trust Association, Japan and Type II Financial Instruments Firms Association; in Taiwan, by Allianz Global Investors Taiwan Ltd., licensed by Financial Supervisory Commission in Taiwan; and in Indonesia, by PT. Allianz Global Investors Asset Management Indonesia licensed by Indonesia Financial Services Authority (OJK).

    2785491

Recent insights

Navigating Rates

Bond markets don’t just guide fixed income decision-making. They can help with investors’ broader allocation decisions by offering insight into a range of different asset classes. With yields down sharply in recent months, which assets could be poised to benefit?

Discover more

Climate change will impact investments. risklab’s analysis offers guidance on future-proofing portfolios against potential climate scenarios.

Discover more

The Big Question

More extreme weather is making many investors ask how the potential impact on portfolios can be measured and mitigated. In this new series focused on the big questions for investors, risklab has three ideas for future-proofing your portfolio against climate change – without making radical changes.

Discover more

Allianz Global Investors

You are leaving this website and being re-directed to the below website. This does not imply any approval or endorsement of the information by Allianz Global Investors Asia Pacific Limited contained in the redirected website nor does Allianz Global Investors Asia Pacific Limited accept any responsibility or liability in connection with this hyperlink and the information contained herein. Please keep in mind that the redirected website may contain funds and strategies not authorized for offering to the public in your jurisdiction. Besides, please also take note on the redirected website’s terms and conditions, privacy and security policies, or other legal information. By clicking “Continue”, you confirm you acknowledge the details mentioned above and would like to continue accessing the redirected website. Please click “Stay here” if you have any concerns.