IT & Security in a Pandemic
As the term “a new normal” has recently become the world’s tagline, many IT and Security companies are wondering what, if anything, will really change. While the workplace for many of these companies has remained largely unaffected—employees already worked remotely or have made an easy transition—these firms’ demand pipeline will look much different. The tech industry may more or less stay the course, but the sectors it serves need technology solutions now more than ever. I’ve been spending the past three months speaking to over two dozen CTOs, CIOs, and CISOs at Fortune 2000 companies and based on their perspectives, I see these changes manifesting themselves in three broad phases.
Phase I: The Initial Transition (3-5 weeks)
In the first month of the shelter-in-place transition, these subsegments of the IT and security market were most relevant to a remote workforce. These market segments continue to stay relevant today:
Prior to the COVID-19 pandemic, it was rare for large enterprises to distribute laptops and remote work resources to their full teams. These companies have found themselves scrambling to supply their workforce with the necessary resources to build home offices, and as a result we’ve seen huge buying sprees in computers, printers, webcams, internet routers, etc.
Basic Collaboration and Conferencing
Teamwork and conferencing products like Zoom, Slack, and Microsoft Teams have seen a rapid spike as companies seek to retain in-person productivity with the transition to online workspaces.
- VPN Technology
Security leaders have been challenged to secure home offices, largely by fortifying public Wi-Fi connections. The biggest winners in this space have been the firewall vendors that bundle VPN solutions with network firewalls (e.g., Palo Alto Networks’ GlobalProtect). However, industry leaders face latency issues, and have been forced to buy more to reduce performance impact.
- Endpoint Security
Because employees are no longer protected by their companies’ network firewall, it’s more important than ever to have endpoint protection on laptops, phones, etc. In addition to network security, some employers have taken advantage of this technology to monitor productivity.
- Basic IT Customer Support
During the first few weeks of lockdown, most businesses saw a significant increase in demand for basic IT support services (e.g., setting up Zoom, setting up hardware, etc.) as employees adjusted to working from home. IT call centers were overwhelmed with calls and those with automation products, like ServiceNow and Moveworks, benefited significantly.
Phase II: Bolstering the Remote Workforce (2-4 months)
After tackling the initial challenges that accompany a transition of this size, companies will look to expand the capabilities of their workforce infrastructure and will need to implement secondary systems to do so. While these categories are not essential to conducting business, they are important considerations for companies looking to move past a bare-bones online workplace.
- IAM & CASB
Technology allowing management access across users (both employees and customers), has seen a spike in sales. This is likely because companies can’t clearly see who has access to what information when no one is in the office and they are looking to solve that. Some organizations are also thinking about how they can replace slow performing VPN infrastructure with a Zero Trust approach.
- Collaboration & Automation in SOC
Security Operation Centers are groups for which collaboration is both critical and particularly hard to replicate remotely. Since these teams are used to working together in large rooms with giant screens, shelter-in-place orders have significantly impacted their productivity. Technologies allowing increased collaborative efficiency among SOC teams will thus provide significant value.
- IT Support Automation
As IT teams face increased demands from the virtual workforce, many are looking to automate certain tasks like software updates and password resets.
- Phishing and Security Awareness
Phishing activity has increased dramatically as a result of COVID-19. In addition to a higher volume of attacks, employees are also increasingly more likely to fall victim to such attacks in the home environment, given their decreased awareness and higher stress levels.
Phase III: Planning for the Future (3-12 months)
Perhaps the biggest change we’ll see is in how companies think about their infrastructure needs for the future. Specifically, I expect to see many on-prem-focused companies move to a hybrid-cloud approach. By providing malleable infrastructure, the cloud allows for quick capacity adjustments and the ability to add new capabilities without accessing physical sites. Indeed, we’ve already seen these advantages affording cloud-native companies a leg up: while they were able to transition to the virtual environment relatively quickly, on-prem companies have had a slower implementation process of new technology.
As on-prem companies struggle with the online transition and cloud-native companies continue to seamlessly update their technology needs remotely, IT and security leaders have leveraged these experiences as a hybrid-cloud proof of concept. As such, my guess is that many on-prem companies will look to make a transition to cloud infrastructure when possible.
So, who loses?
As a result of the pandemic, companies are improving efficiency, but they’re also trimming the fat. This shift to hybrid-cloud infrastructure will clearly impact companies that cater to enabling on-prem infrastructure. So too will the services of many IT providers working on “nice-to-have” improvements.
There’s also a question of what happens to the future of the burgeoning privacy market. The current pandemic has demonstrated the importance of contact tracing to containment measures. With Apple and Google working together to implement this technology in the United States, and other countries recording citizens’ locations, privacy will likely take a back seat for the foreseeable future. The scope of this change, however, is unclear: more authoritarian regimes seemed to have managed the pandemic better due to their control and monitoring of citizens, and there is an argument to be made that citizens are more willing to give up certain rights if the government uses private data for good. Indeed, certain European countries are discussing relaxing GDPR regulations to increase citizen monitoring capabilities—and with public health on the line, people are willing to give up their privacy. While in the long-term, I do believe the need for enterprises to protect consumer privacy is critical, I fear this will take a backseat as we deal with the lasting impact of the pandemic.
Recommendations for startups
As the IT sector moves to accommodate the world’s “new normal”, startups must also navigate growth and sales in a rapidly evolving demand pipeline. These are the four tips I would recommend for weathering the lockdown and subsequent reopening process:
Devote yourself to product development during the shelter in place. Customers are preoccupied. Few will want to take new meetings, and even fewer will be interested in buying fully ramped products. The best use of this time is in product development, not sales.
Prepare your marketing. Now is a good time to build the necessary marketing collateral (e.g., one-pagers, blog posts, case studies, whitepapers, etc.) to attract enterprise customers. This will be helpful in generating some level of inbound leads today and will be critical ammunition to jumpstart sales growth when things start to return to normal. I’ve tried to remind founders that this is a real opportunity: at the early stage, we are often trying to desperately keep content up-to-date with sales motion, and for the first time we have the opportunity to build strong materials before we sell.
Channel focus and upsell. Field sales have been negatively impacted by the pandemic, and I don’t expect this to change anytime soon. In the meantime, the best way for vendors to win is to implement upsell and channel strategies. I would highly recommend that companies focus on hiring channel sales talent that have access to public vendors in their sectors and also MSPs/MSSPs. A new partnership will allow these channels to upsell to their own customer base, so large players who otherwise wouldn’t have worked with earlier stage startups will be a lot more open to the idea now. There is a finite window of opportunity here: once a channel picks a winner in a sector, they are unlikely to pick a second. As such, speed is essential; it might be worth it to give in to certain terms to win a partnership deal.
Aim for 2x growth in 2020. Most companies need to work on revising their 2020 financial plans to be more realistic. While many haven’t yet felt the impact on topline growth, I am quite certain that most will. New meetings with customers are at an all-time low, and with a relatively long selling process, the impact of this loss will be felt in Q3, Q4 and beyond. Companies should do what they can to get to at least 2x growth: this will position them well for future fundraising in 2021.
As COVID-19 has changed the way many companies do business, it has also warped the IT and security market, minimizing the importance of some sectors while providing windows of opportunity for others. The winners here will be those who are proactive in responding to the changes in the workplace environment and who are able to position themselves as essential technology for companies seeking to define their new normal.