Greetings and welcome to the kick-off post of my new blog, Macro-Global Disruption. After some deliberation regarding the topic of this inaugural entry, I settled on a sub-sector of the cybersecurity field that represents both a dynamic space brimming with investment opportunities, as well as an intersection point of some of the broader trends that will be progressively unpacked in this blog. So without further ado here we go; and today, we start with a story.
Any of you folks heard of the Lazarus Group? The Lazarus Group is the moniker assigned to a black-hat hacking entity thought to be sponsored by the North Korean regime that is believed to be behind some of the most daring cyber attacks of the 2010s. In 2014, they brought Sony Pictures to its knees in response to the Seth Rogan film “The Interview” that satirized the Pyongyang regime and Kim Jong-un. In 2016, they attempted a bank heist from the Bangladesh Bank amounting to nearly $1B (all but $81M was eventually recovered). And how did they do it? By exploiting vulnerabilities in pre-existing software or IT architecture (in that case MS Word macros).
This little anecdote is a singular illustration of a broader trend: namely, that in today’s world, offensive cyber capabilities and the actors wielding them are leagues ahead of the industry-standard for cyber security, particularly so for private-sector entities. In a November 2020 article, the Cybercrime Magazine summarizes the scope of the threat in stark terms:
“Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.”
Given the date of publication, I would venture that these numbers have been since revised–and in the upwards direction. This clearly is a challenge of macro-global proportions.
So how is the private sector responding? Enter confidential computing. As defined by the Confidential Computing Consortium (CCC) in an October 2021 Report, “Confidential computing is a privacy-preserving computation principle that leverages hardware-based Trusted Execution Environments (TEE) to protect data being processed.” In layman’s terms, confidential computing is a new conceptual overlay for the cybersecurity industry that places a premium on the integration of hardware, software, and best practices to implement zero-trust architecture and its associated behaviors to bolster the capabilities of defensive cyber in order to meet the challenges of an increasingly sophisticated threat environment head-on.
For veteran and newbie tech investors alike, confidential computing presents a ripe field of opportunities in the intermediate to long-term timeframes. According to analysis by the Everest Group for the CCC, “The Total Addressable Market (TAM) for confidential computing in 2021 is US$ 1.9–2.0 billion. The CC market is expected to grow at a CAGR of 90–95% in the best-case scenario and 40–45% in the worst-case scenario through 2026.” Put differently, even in a worst-case scenario the field is forecasted to grow at an astounding CAGR of >40%, with growth expectations more or less ensured through 2026 and beyond. Bottom line: there is immense unrealized potential in this field that will be witnessing exponential growth through mid-decade.
Now onto some of the core players in this emerging new field. I tend to break early entrants down into two groupings: 1) tech giants (IBM, MSFT) and established players (PANW, FTNT) that are expanding into the confidential space, and 2) up-and-comers (HUB Security, Profian, Edgeless Systems) that are working to penetrate the CC field from the bottom-up. For obvious reasons, the resources available to some of the biggest companies on the market–IBM, Cisco, Microsoft Azure–places these giants in an enviable position. That said, innovative thinking has been increasingly emerging from the startup/small-cap scene where budgets for R&D are admittedly lower, yet a less-hierarchical corporate culture is more conducive to out-of-the-box thinking. In terms of portfolio management for my positions in confidential computing, I personally am striving to strike a balance between lower-risk mega-caps and higher-reward start-ups.
One last corner I expect exciting developments from in coming years is the potential for public-private partnerships (PPPs) in the confidential computing industry. One great example is the Joint Warfighting Cloud Capability (JWCC) program, a Pentagon-sponsored initiative that works with tech giants AWS, Microsoft Azure, Oracle, and Google to develop military-grade cloud computing solutions. That said, innovation in the field is a global phenomenon by no means limited to the US market.
For instance, HUB Security (founded by veterans of the IDF’s signals intelligence unit and NASDAQ-bound in 2022), recently inked a PPP with the Israeli MoD. According to last week’s announcement, “The company is partnering with QuantLR, a quantum technology research company, to develop a first-of-its-kind solution that offers user identification capabilities as well as encryption of documents, presentations, and spreadsheets through encryption keys generated by quantum computing.” This is a prime example of bottom-up collaboration by smaller though equally dynamic players pushing public-private collaboration in the field.
The way I see it, confidential computing represents the tip of the iceberg for the changes in the computing/cybersecurity industry we can anticipate to see in coming years as the Web 3.0 paradigm is rolled-out across the globe. Rapid technological change is being accompanied by a marked decentralization in cyber offensive capabilities, thereby empowering hackers/malign actors while threatening enterprises, governments, and civil institutions alike. The market gap presented by these overlapping trends is not going away, and confidential computing players like those discussed above are already stepping in to fill the vacuum. By extension, an abundance of investment opportunities are opening up in this area that, at least to me, resemble the minefield of opportunities that defined the early dotcom bubble in the late ’90s and early 2000s. Like then, some made it big and others lost everything. Due diligence, careful screening, and an understanding of some of the underlying technology in play are essential for informed investing in this disruptive cyber space. Disclaimer: the contents of this blog post should in no way be construed as investment of financial advice, and rather represent the personal opinions of the author.
https://confidentialcomputing.io/ (October 2021 Report)