Investing in security has been a long-time interest of mine. It dates back to my days as the COO of security company Identix, well before I became a venture capitalist. And new innovation opportunities in security continue to emerge, witness the security need in cloud computing.
There is little question that a significant thrust of future work will be in the cloud. A recent Pew Research survey found that an overwhelming majority – 71 percent – agreed that most people won't do their work with software running on a general purpose PC by 2020. Instead, they will work in Internet-based applications – i.e., in the cloud – such as Google Docs and in smart phone applications accessing the corporate datastore. This is good because of the ease of access to data and the ability to locate information from any device.
The flipside of the coin is the relative lack of security for data and transactions in the cloud. Cloud computing has not become fully trustworthy; there is the possibility that the cloud will not grow but be stuck in hybrid mode, alongside PCs, for the next 40 years, as users live with “some level of fear.” At an IBF VC investment conference forum I participated in earlier his month, many data center decision-makers reported much the same thing. Half said they weren't currently pursuing cloud computing applications because of security and privacy concerns.
But I don't believe the naysayers.
Major companies, such as Symantec, are making significant gains in improving cloud security. And smaller startups – the kind of companies I look for in my investments – are also filling in the gaps.
At the recent IBF Conference, Eric Olden, CEO of Symplified, made a compelling case that startups can be more nimble and adaptive to the new threat environment than the larger, established companies. We will continue to see new companies founded to capitalize on the ever evolving threat picture facing us.
On an additional level, computer supplier giants Hewlett-Packard and IBM have recently provided new services that recommend corporate security goals and best practices. IBM's Application Source Code Security Assessment, for example, has Big Blue consultants test applications, identify security and compliance risks and then provide detailed recommendations to address any problems. H-P has just offered something along the same lines and also unveiled a service aimed at reducing application security vulnerabilities during the development cycle.
Cloud computing is here to stay. Sales of cloud-based applications are growing five times faster than those of traditional applications. This will continue — assuming that major computer computers, alongside startups—continue to tackle the security problem aggressively and seriously.