In the new year, the time is ripe to reflect on our 2022 predictions and look to a fresh batch of 2023 predictions. A year ago, we made the following predictions for 2022:
- Only a minority of enterprises will fully deploy SASE in 2022, but all will force SASE of their vendors
- The physical Firewall market rebound will modulate, while cloud-centric security will continue to grow faster
- Firewall-as-a-Service will begin to cannibalize carrier-class Firewall physical appliances
On our first prediction, we believe we were right. SASE, an architectural IT direction to transform and unify WAN-centric networking and security for branches and remote users, continued to gain interest and traction. However, how the enterprises deployed SASE networking versus security technologies remained extremely disaggregated and on different timelines due to the difficulty of changing too many parts simultaneously. The implications for the technology vendors were that irrespective of whether disaggregated or unified–or even whether single-vendor or multi-vendor SASE–they had to demonstrate to customers that they could help them on their SASE journey today and into the future. In other words, vendors were forced to show SASE capability even if customers didn’t yet take advantage.
Our second prediction was a split decision. We were right that cloud-centric security–the SaaS- and virtual-based variants of network security solutions–would grow faster than traditional network security solutions. While there will always be a role for hardware, the ongoing shift to the cloud limits the role that hardware can play in the enterprise, particularly in the data center. However, as corporate networks–or even cloud service provider networks–footprint expands in size, hardware firewalls play a role. We are wrong about how much appetite the market still had in 2022 after robust 2021. 4Q22 numbers haven’t come in, but if current trends hold, the full-year 2022 revenue growth of the hardware firewall market will match the 2021 rates.
Our third and last prediction was the boldest, and we were wrong. We still believe that cloud-based firewalling can and will eventually put pressure on the highest tiers of firewalls (carrier class), but 2022 was a different year. However, at the branch or even small data center level, we did some start on displacing lower-end firewalls.
Gazing in our crystal ball, we have the following three predictions for 2023:
1 – Security spending to remain stable in looming economic storms
Most economists predict that in 2023 the worldwide GDP growth rate will be weaker at 2.1% compared to the actual 6.0% and expected 3.0% growth in 2021 and 2022, respectively. Put in perspective, 2.1% growth would be the third weakest rate of growth in the last 20 years and only overshadowed by the Great Recession in 2009 and the Covid-19 drop in 2020.
While it would be folly to say security spend will break records in 2023, we expect it to remain stable against increasing economic storminess. Of late, security has and is expected to continue a board-level discussion and hence be a top investment priority. Attacks aren’t stopping even if the economy does. No CEO wants their mugshot on the nightly news because of a security breach.
2 – SASE to keep growing, but a split decision between networking and security components
SASE is the amalgamation of networking (SD-WAN) and security (security service edge [SSE]) technologies. Most enterprises have and will continue to purchase separate SD-WAN and SSE solutions to (eventually) integrate them to achieve the disaggregated form of SASE. We expect enterprises to continue to prioritize the security side of SASE but slow down the networking side as the economic pressure increases. As a result, we foresee the SSE-side of SASE to post another year of solid growth in 2023, but we anticipate that SD-WAN will see a marked deceleration in its growth.
3 – Increased cloud breaches to cause spending on cloud workload security to be over $6 B in 2023, which is over 4x higher than in 2020
This past Fall, we issued our first Advanced Research Report on the cloud workload security market, which goes by various names, including CNAPP, CWPP, and CSPM. We delved into this space because network security vendors have entered cloud workload security as a natural adjacency. We found a market in hypergrowth as enterprises that have or embrace the cloud find many new, thorny security problems. As a result, we expect that enterprises will have to spend the money and lead the cloud workload security market past the $6 B mark, which is 4x higher than in 2020.
A year from now, we’ll reevaluate and see what came true. Until then, all the best in the new year.
Watch This Video:
What’s next for SD-WAN, SASE, and network security in 2023?