Not a member yet? Register now and get started.

lock and key

Sign in to your account.

Account Login

Forgot your password?

Tech Trends: IT Security Gets Cloudier Everyday

Research Question: What factors are creating the most pressure on the traditional IT firewall marketplace?


By: John Harrington

Click here to download report (.pdf)



Data security is moving faster than ever to a direct service model based in the cloud, cutting into new client sales for the major firewall vendors. The trend continues to couple with the enormous number of companies now competing to sell some form of data security in a saturated market. As a result, sources said their sales of firewalls and related support products are lagging behind even they already-lowered expectations for the remainder of 2017. Reseller and integration sources for Cisco Systems Inc (CSCO), FortinetInc (FTNT), CheckPointSoftwareTechnologiesInc. (CHKP), PaloAltoNetworksInc. (PANW) and JuniperNetworksInc. (JNPR) reported much lower levels of new product sales in the United States and Western Europe year to year. Sales are focused around firewall renewals and endpoint  protection installed primarily on mobile devices. Microsoft Corp (MSFT) increasingly is selling itself as a primary security vendor with built-in services on its Office365, Azure and other cloud platforms. Its approach is hurting standalone firewall sales in the midmarket as users no longer are centralized on DIY networks. Meanwhile, cloud vendor Proofpoint Inc (PFPT) continues to gain momentum. Also, Amazon.comInc.’s (AMZN) Amazon Web Services is hosting a large array of privately held security-as-a-service vendors that deliver real-time security through the cloud to clients abandoning DIY solutions. Taken altogether, the era of large-scale growth for the major firewall vendors appears to be permanently over.



  • However, even more vendors are sharing that money, and nearly every security company is moving to a cloud-based delivery strategy, completely changing the industry.
  • Competition from hosted software security products is creating a situation in which vendors like Palo Alto Networks, Fortinet, Juniper and CheckPoint are struggling to simply hold on to their existing clients. Cloud computing continues to cut down the workloads on DIY networks that run traditional hardware-based firewall appliances.
  • Proofpoint, which bet on cloud-delivered security-as-a-service from the company’s inception, now is benefiting from the shift, along with a number of vendors like privately held Cylance Inc.
  • The new model is insecurity-as-a-service hosted on platform-as-a-service hardware run by AWS or Microsoft in their global data centers. This enables security companies to collaborate on services like threat detection engines and counter-measure delivery against attacks in real time.
  • The approach creates a rapidly growing subscription base that delivers revenue monthly to security companies. However, cloud-hosted options from a growing number of relatively new companies are affecting traditional security vendors’ growth opportunities, even as they introduce new products.



Blueshift Research has been tracking security vendors’ sales pipeline since February 2014 to determine client buying trends and how they affect the major public companies in data security. The coverage is conducted on a constant monitoring basis to detect shifts in vendor momentum.



Current Research

Blueshift Research spoke with 17 CEO or senior-level sources, with 14 based in the United States and three in Western Europe. Sources have taken part in our previous research, and sell and integrate firewall and platform security products from major vendors as well as cloud based network security. Interviews were conducted in July and the first two weeks of August.

Cloud-Based Software Is Taking Over Security in a Mobile World

“We had a jump up in our Cisco security sales early in the year, but that has slowed down considerably. The core switch market in enterprise networks has fallen off, and Cisco depends on that to drive their SDN-embedded security. We aren’t seeing any new firewall deployments from any vendor in our customer service areas. When we talk to the reps or the admins in the networks, it’s all about renewals and support. Cloud-based threat detection is what is hot right now. There is no physical deployment for that. The users plugin. It’s 100% in the cloud, and these detection engines are updated minute to minute. I think the traditional firewall box installs are going to become a thing of the past over the next few years.”—CEO of an eastern network integration firm

  • “We have started a hosted firewall and threat identification service based on Fortinet for the firewall piece because our customers have been moving some of their workers to Office 365 in Microsoft’s cloud, leaving some resources still in their network. They will not be buying a new firewall deployment because they don’t want to pay someone in-house to manage security anymore, even though they are still running critical stuff in their network. We are running the new service for this kind of situation. We just got it going, What this tells us is the place to concentrate is on the service side. Our individual appliance sales are way down in comparison to a year ago. The supported software and cloudside, our Proofpoint customers,is up. It’s not big money all at once upfront like when we were selling large Palo Alto deals a couple of years ago, but the revenue is recurring. As that builds up over time, it’s a better model longterm. Unfortunately, it’s going to cost a lot of people their jobs. It’s all automated, and we can support thousands of endusers with three or four people. In the past, maybe at various customer locations you’d have 20 or more guys spread out doing the onsite support.”—CEO of a network security company serving enterprise clients in the mid size to large network user segment in the western United States
  • “The cloud is setting up the virtual local area network as a global network. What we are doing is supporting something in the area of 70,000 endpoints [users] over more than 200 customers. The companies are all based in the UK, but the reality is that the workers using their network resources are all over the world. We have our own support people available at one single number, but you might be speaking with one of our staff who is semi-retired and living in Bulgaria on his farm. We put the customers in Microsoft, We supply the security out to the endpoints using Panda [Security’s] Adaptive Defense and Cylance in collaboration with Panda on the threat side. In effect, there are no fire walls as such anywhere in the system. This includes supported VoIP where you might be in North Carolina, but when you use the company phone, your call is run through a server in Birmingham, making you a UK worker so fa r as our customer’s customers are concerned. We used to sell a variety of firewall vendors. However, we’ve eliminated them all, and we are fully virtual and all our customers are as well. I will guarantee you this will be how it’s all operated moving ahead. Our support calls are now down to an online printer that’snot working in New Zealand where someone in Liverpool is trying to remotely print some documents for the branch office in Wellington. If you combine things in the manner we have with Microsoft, you have 100% security end to end, and it’s all bundled into one per-user price each month. With the software we use to run all of this, it essentially operates and fixes itself. How will the big IT companies deal with this?Their former hold on the work place is dissolving directly in front of their faces.”—CEO of a global network integration and support firm based in the United Kingdom, serving enterprise clients in transport, manufacturing and retail
  • “The deals in our pipeline are almost all project—not product—related. Within an overall security revamp, there might be a new firewall or traffic analysis sale, but we do not lead with product anymore. In the past, even up to last year, you would go in with product first. Palo Alto was very aggressive in making quotas, and we would always wait until the last few weeks of any given quarter before we’d dangle a deal possibility. Now we get the discounts all the time, but we don’t go into the customer selling product. It has to be professional service first because,in many cases,you are dismantling what they were doing and reconfiguring because the use cases have really changed. In several deals we are trying to close now, the main focus is in consolidation around a cloud migration. The pressure from the vendors is to push us to sell, but we can’t make enough that way. We have to get paid for our expertise, even if that means we are taking out firewalls instead of putting them in.”—CEO of an East Coast security and data management company serving Fortune 1000 clients


About the Author

John Harrington is an award-winning investigative reporter and veteran WallStreetresearcher. John previously served as senior editor and senior researcher at OTR Global, and was a three-time Emmy Award-winning TV journalist.

John brings expertise and relationships in internet networking, networksecurity, fiber optic communications, and data center computing to Blueshift Research. John will contribute regularly, sharing deep insight into tech and communications trends, often before they are recognized by WallStreet.


Previous Report Coverage Areas and Companies

Blueshift Research has been reporting on the following technology areas since Feb. 14, 2014, covering these public companies:

  • Cloud Computing/On-Demand Hosted IT (AMZN, CRM, GOOG/GOOGL, IBM, MSFT, ORCL, WDAY)
  • Enterprise IT Networking (ANET, CSCO, CTXS, FFIV, HPE, IBM, JNPR, MSFT, ORCL, RHT, RVBD)
  • Data Storage / Management / Analysis (AMZN, BRCD, CSCO, GOOG/GOOGL, HPE, IBM, INTC, MSFT, NTAP, ORCL, PSTG, RHT, TDC, WDC)
  • Data Centers and Fiber Optic Networking (AMZN, CONE, DFT, DLR, EQIX, IBM, INTC, MSFT, QTS, ZAYO)
  • Fiber Network Construction and Implementation (ALU, CIEN, CSCO, DY, GLW, IESC, JNPR, NOK)


To access these reports, please contact your Blueshift Research sales representative or John Harrington.