Before the rise of cloud computing most organizations exclusively used Microsoft’s Active Directory to manage identity profiles. However, this on-premise approach was challenged when authenticating users for cloud applications. Active Directory was designed to authenticate application access within the firewall, while cloud applications sit outside the firewall. Therefore the need for a cloud-based directory has quickly materialized in the identity market. In general, given the large number of enterprise workload that are expected to shift to the cloud, we believe that cloud security services will become significantly relevant over time than traditional on-premise security controls.
An additional driver for identity and access management is the General Data Protection Regulation (GDPR). This regulation is designed to standardize data privacy laws in Europe and went into effect on May 25th 2018. Failure to comply with this regulation can result in fines of EUR 20 million or 4% of total revenues, whichever is greater. In our opinion this regulation has created a “culture of compliance” in Europe, which we believe will drive spending on identity and access management tools that can help corporations to remain compliant with this regulation. Going forward we wouldn’t be surprised that this data privacy framework (or a similar version) will be implemented in other countries.
Conclusion
As traditional network barriers break down with the proliferation of the cloud, we think new companies with cutting edge technologies are well positioned to capture market share from the established incumbents. We would therefore expect that these trends highlight the need for a best of breed approach. Very often the providers of such products and tools are young and innovative companies in the small and mid cap world.
We think the theme of security & safety is becoming increasingly omnipresent in our daily lives and the implications for the automation of data management as well as data infrastructure (such as data centers) are also becoming more critical. As a result the relationship between security and automation (robotics) is symbiotic, with more regulation requiring more security and controls to be put in place, and in turn more automated systems are needed to manage and maintain these checks and controls efficiently.
As long-term oriented investors we think IT security and more broadly speaking security and safety in general are compelling long term secular growth themes for patient investors. Based on these convictions we are shareholders of a number of innovative and young companies which provide solutions for data loss prevention, email and data archiving as well as identity and access management.
Credit Suisse Asset Management has designed strategies to provide clients with “pure-play” exposure to these compelling and complementary long term secular growth themes: Robotics & Automation, Security & Safety, Digital Health, and Infrastructure. For further information please click here.