Open Password – Montag,
den 8. Juni 2020
Outsell – Data Privacy Solutions – COVID-19 Era – Hugh Logue – Market Leaders – Data Discovery Partner Program – Inventory & Mapping Solution – Alliance of Global Privacy Solution Providers – Proofpoint – ObserveIT – Meta Networks – Wombat Security – Veritas Technology – Symantec – APTARE – Varonis – Iron Mountain – One Trust – Insight Partners – 10 to Watch – Alation – BigID – BitSight – Crownpeak – EPI-USE Labs – IBM Security – SECURITI.ai – Radar – Vista Equity Partners – Trūata – Data Anonymization – Mastercard – TrustArc – Work-From-Home Data Privacy Tools – Data Privacy Professionals – Collaboration – Training – IAAP – Benchmark Information – ARD-DeutschlandTrend – Warn-App – Lockerungen – Angst – Politische Maßnahmen
The Outsell Contribution
Market Size, Share, Forecast and Trends
The Importance of Data Privacy Solutions
in the Covid19-Era
Market Leaders – 10 to Watch
The Essential Actions Required
By Hugh Logue, Director & Lead Analyst
Market Leaders __________________________________________________________________________
The market leaders are a mix of new pure-play data privacy providers (e.g., OneTrust), enterprise security providers (e.g., Proofpoint), data management providers (e.g., Veritas), and cloud computing providers (e.g., IBM). The top 10 market leaders command nearly two-thirds of the overall market share (62%).
In many ways, companies in this market don’t consider each other competitors because they serve different, complementary needs. Indeed, privacy solution providers have formed alliances and partnerships in recent years. For example, in 2019, OneTrust launched its Data Discovery Partner Program, which integrates with BigID, Dataguise, IBM Security Guardium, and Varonis to help customers populate the results of partner data discovery scans into the OneTrust Data Inventory & Mapping solution. Smaller providers are also partnering; for example, in 2017, Evidon, MediaPro, Nymity (since acquired by TrustArc), Prifender, and Radar formed the Alliance of Global Privacy Solution Providers.
Proofpoint. The market leader, Proofpoint is a NASDAQ-listed cybersecurity company that specializes in the risks related to the activities of people. Proofpoint monitors content across email, the cloud, and other online locations to identify personal data and track it across networks. Proofpoint is bolstering its security technology and capabilities through acquisitions. In 2019, the company acquired ObserveIT, an insider threat management platform, and Meta Networks, a cloud security specialist. It is also developing its training business though the 2018 acquisition of Wombat Security, an information security awareness and training software provider.
Veritas Technologies. Veritas Technologies is an enterprise data protection and data management software provider. As part of its portfolio of solutions, Veritas offers tools to enable customers to identify, search for, protect, and monitor personal and sensitive data. In 2005, the security company Symantec (now NortonLifeLock) acquired Veritas for $13.5 billion, but the integration didn’t go as planned, and it sold Veritas to a group of private equity investors for $8 billion in 2016. The newly formed and restructured company enables Veritas to focus on specialist data privacy solutions. To this end, Veritas acquired APTARE in March 2019, which specializes in analytics solutions for data stored in hybrid cloud environments.
Varonis. Founded in 2005, Varonis is an enterprise data security software provider that protects companies from data breaches, automates time-consuming tasks, and offers user behaviour analytics to identify unusual and suspicious usage activity. In 2019, Varonis transitioned from a mainly transactional business model to a subscription model, with the intention of making the business more durable and scalable. This transition was successful, with 65% of customers in 2019 moving to subscriptions, far ahead of Varonis’s forecast of 10% at the beginning of the year; over 80% of license revenues came from subscriptions in 2019. However, the transition also hurt Varonis’s revenue, with its 2019 total revenues of $254 million down 6% from 2018. The drop in revenue has not scared investors, as the company’s share price climbed to an all-time high following the release of its 2019 financial results. For 2020, Varonis is looking to grow in the EMEA region and is targeting revenues in the range of $286 million to $292 million, representing growth of 13% to 15%.
Iron Mountain. Large enterprise providers also serve the privacy solutions market. Iron Mountain is a global leader in storage and information management services, including both digital and physical information, data, and artefacts. Iron Mountain’s cloud-based Policy Center Solution enables customers to maintain compliant data privacy policies, with additional tools to map data throughout the enterprise. Across the company, Iron Mountain generated $4.26 billion in revenue in 2019, up just under 1% over the previous year. Outsell estimates that around $187 million of this revenue came from digital data privacy solutions, with the rest coming from records management, shredding services, and other solutions.
OneTrust. Private equity investment is pouring into the privacy solutions market. OneTrust, which was only founded in 2016, received $200 million in Series A funding in July 2019 from Insight Partners, valuing the company at $1.3 billion. OneTrust also solidified its position on the information side of data privacy by acquiring DataGuidance in March 2019. The acquisition will enable OneTrust to combine data privacy information, including workflow nd templates, with software to create a single destination platform for all things related to data privacy.
10 to Watch ___________________________________________________________________________
The Data Privacy Solutions market is growing rapidly and is likely to see a few companies acquired for billion-dollar-plus valuations over the next five years. However, the hype in the market will die down over the coming years as companies begin to get a better handle on data privacy, uncertainty around news settles, and governments introduce fewer new regulations. Outsell expects that there will be a burst of acquisition activity ahead of this and considers the following companies to be potential candidates.
Alation – alation.com. Alation offers a searchable interface for data within the enterprise that enables users to examine metadata, user permissions, and data descriptions, all within a single repository that can be accessed by all data users within an organization. It incorporates machine learning to analyze how data is used and alert managers when it identifies unusual patterns. As enterprises increase their use of these tools, this will instill better discipline in personal data processes.
BigID – bigid.com. BigID was founded in 2016 and is a pure-play startup in data privacy and protection. The company enables organizations to discover and map all types of data from all enterprise data sources and then automate a range of associated tasks. The company raised $30 million in Series B funding in 2018, and Outsell estimates that the company increased its revenues by 40% in 2018 to $7.5 million. The investment will help the company to improve its sales and marketing activities.
BitSight – bitsight.com. Founded in 2011, Outsell estimates that BitSight already generates around $60 million in revenues, with a three-year CAGR (2015-18) of 26%. The company offers cyber-risk solutions, including security ratings that measure organizations’ daily security performance. This is particularly useful for helping companies to be aware of third parties with which it shares personal data. It is likely that companies that don’t use tools that can make them aware of third-party security risks will be considered negligent if there is a data breach through one of their third-party integrations.
Crownpeak – crownpeak.com. Crownpeak is a digital experience management provider whose Privacy UX solution incorporates privacy into the user experience by applying a privacy-first approach without compromising on customers’ journeys. In 2017, Crownpeak acquired digital governance provider Evidon to boost its cookie management offerings. In the long term, Crownpeak’s approach will be to build trust and remove customers’ pain points while remaining compliant with global privacy laws.
EPI-USE Labs – epiuselabs.com. EPI-USE Labs provides data privacy compliance tools that integrate with the SAP portfolio of enterprise software. For example, its Data Redact tools automatically remove or replace sensitive data in organizations’ SAP systems, enabling them to comply with the GDPR’s right to be forgotten. While privacy by design may be the ideal, in practice, organizations will need to retrofit their existing systems with data privacy tools. This means high demand for solutions such as those offered by EPI-USE Labs, and Outsell estimates that the company increased its revenues by 40% from 2018 to 2019.
IBM Security – ibm.com/security/data-security/guardium. IBM Security is the world’s largest cybersecurity enterprise, managing 70 billion cybersecurity events per day for its 17,000 customers in more than 130 countries. As part of this division, IBM also provides data security solutions, including its Guardium data protection offerings. IBM Security launched the IBM Guardium Analyzer security tool in 2018 to enable organizations to identify and protect sensitive personal information that might be subject to the GDPR. IBM is ahead of its rival big tech competitors, such as AWS, Google, and Oracle, in the data privacy solutions market, and its Guardium platform could provide the structure to quickly fold in additional acquisitions and become the market leader.
SECURITI.ai – securiti.ai. Founded in 2018, SECURITI.ai is a Silicon Valley cybersecurity and data protection infrastructure provider. Its product suite, PRIVACI.ai, helps to automate all major functions needed for data privacy compliance in one place. In January 2020, the company announced $50 million in a Series B funding round, bringing its total funding since 2019 to $81 million.
Radar – radarfirst.com. Radar is unique in having a patent for its incident response management and decisionsupport platform. The platform automates data breach incident response to accelerate the decision-making process at a critical time and avoids organizations over- or undernotifying data subjects and authorities. Outsell estimates the company’s 2015-19 CAGR at 44%. In 2018, Radar received a strategic investment from Vista Equity Partners to enable it to expand operations and accelerate innovation.
Trūata – truata.com. The Trūata Anonymization Solution enables users to use anonymized data in their data analytics, removing the risks associated with privacy regulations. It was developed in 2018 with Mastercard and IBM to meet the GDPR’s requirement for data anonymization requirements while still making data analytics possible for everyday use. The GDPR specifically mentions data anonymization as the preferred way for personal data to be processed, but it does not clarify how to do it. Trūata can leverage Mastercard’s long experience in encrypting and anonymizing personal data for its data management and analytics tools.
TrustArc – trustarc.com. TrustArc provides privacy compliance and data protection, including its TRUSTe certification solutions used by thousands of companies to run their website privacy management processes. The TrustArc Platform automates and manages customers’ privacy compliance processes and integrates with existing IT systems. Outsell estimates that the company, which was founded in 1997, generated around $80 million in 2018 from privacy solutions; it had a 2015-19 CAGR of 26%. In 2019, TrustArc received a $70 million Series D growth investment from the private equity firm Bregal Sagemount. In November 2019, TrustArc announced the acquisition of Nymity, a Toronto-based privacy solution provider.
While COVID-19 will increase demand for data privacy tools as millions more people work from home, providers in this market will not be immune to the crisis in the longer term if, as expected, many businesses are forced to scale back and others collapse entirely. Those supporting their communities and offering free solutions during the pandemic will be better-placed to generate new sales after the crisis, which may make up for a drop in customers from the ensuing economic downturn.
Data Privacy Solutions is still a relatively new market. Outsell expects that it will be short-lived and soon be absorbed by cloud computing, cybersecurity, and SaaS markets that will integrate data privacy tools within their platforms. As the novelty of data privacy fades and consumers become more educated, low-quality providers capitalizing on customers’ confusion will fall away, and the market will consolidate. Data Privacy Solutions providers do not have long to prove that they are worthy of investments and are not short-term opportunists.
The coronavirus pandemic is forcing millions of people to work from home, many for the first time. Data Privacy Solutions providers need to support their communities during this crisis, especially smaller businesses that have never implemented work-from-home policies. Providers can extend free trials, offer freemium solutions, or lower prices for smaller businesses to support the community, earn trust, and potentially gain customers in the longer term.
Outsell recommends the following actions for leaders and their executive teams, boards, and investors competing in the Data Privacy Solutions space.
Improve Work-from-Home Data Privacy Tools! The coronavirus pandemic is accelerating the adoption of data privacy solutions among companies that need to continue complying with data privacy laws while addressing more complex data privacy procedures as staff work from home. In particular, many conventional SMEs are unprepared for this sudden adjustment and may be unaware that there are tools available to support them. Data privacy solution providers need to focus on the specific needs of people working from home and create packages suited to smaller businesses at a lower price point.
Enable Data Privacy to Be Taken Seriously! Data privacy professionals often complain that their departments are underresourced because senior executives do not take their roles as seriously as direct revenue-generating functions like sales, marketing, and product development. As a result, budgets are likely to prioritize support solutions for these roles instead of data privacy. Solution providers in the data privacy market need to provide tools that help professionals provide solid evidence of how their roles can improve a company’s bottom line and also educate the C-suite on the importance of increasing the data privacy tech budget.
Collaborate! Collaboration is at the heart of data privacy compliance, as it is impossible to own the whole ecosystem where data resides. Collaborating with competitors, customers, and vendors is the only way to ensure that data does not slip through the cracks. There is also a need to establish standards in the industry, as the regulations are woefully sparse on technical details when it comes to how to comply. By collaborating, the industry can establish best practices and standards that have a better chance of standing up to court challenges.
Train Data Privacy Professionals! Data privacy officers are currently in high demand as new regulations around the world, such as the GDPR, mandate the appointment of legal compliance officers within large organizations. The data privacy profession is still relatively new, and it is full of inexperienced professionals. Privacy solution providers can help the profession to grow and mature by providing training. For example, IAPP seized this opportunity by introducing a new formal training structure and is now the accreditation standard for lawyers needing to demonstrate their credentials in data privacy.
Cut Through the Hype! There is endless alarmist information online about the pitfalls of data protection regulations, yet there is little guidance on what organizations can do in practice to comply. In part, this is because the regulators themselves offer little practical compliance guidance, instead leaving this to the market to figure out. Most data privacy professionals have a thorough knowledge of the regulations and potential fines but know less about the practical steps. Solution providers need to keep their customers grounded on what is practically possible and be clear where organizations can reduce but not completely eliminate risks.
Provide Market Benchmarks! It would be easy for data privacy professionals to ensure that their organizations are completely compliant with all relevant regulations, but doing so might also put their organizations out of business. Organizations need to be compliant with best practices in their industries, but if they exceed this standard, they might introduce unnecessary burdens. For example, tech giants such as Google and Apple will be held to a higher standard by regulators, and smaller companies may not need to operate at the same high standards. Companies need benchmark information and data about what their counterparts in their industries are doing, so they implement, but not exceed, best practice standards.
Die Angst lässt nach
Bürger begrüßen mehrheitlich
42% würden Warn-App nutzen
Weniger als die Hälfte der Deutschen würde sich eine App herunterladen, die bei der Nachverfolgung von Corona-Infektionsketten hilft. 42 Prozent würden auf dem eigenen Handy bzw. Smartphone eine solche Corona-Warn-App nutzen, 39 Prozent würden sie nicht nutzen. Jeder sechste Deutsche (16 Prozent) sagt, er besitze kein Handy oder Smartphone. Das hat eine Umfrage von infratest dimap für den ARD-DeutschlandTrend von Dienstag bis Mittwoch letzter Woche ergeben.
Die Bundesregierung will demnächst eine Corona-Warn-App vorstellen, in der Infizierte ihr positives Corona-Testergebnis vermerken können. Allen App-Nutzern soll daraufhin angezeigt werden, wenn sie sich für längere Zeit in der Nähe einer infizierten Person aufgehalten haben. Dabei soll der Datenaustausch anonymisiert und dezentral erfolgen. Unter den Menschen, die eine Nutzung der App ablehnen, begründet knapp die Hälfte (45 Prozent) dies mit Datenschutz, Überwachung oder Persönlichkeitsrechten. 13 Prozent meinen, eine solche App funktioniere nicht, bringe nichts oder andere Maßnahmen seien besser.
Dass die zur Eindämmung der Corona-Pandemie beschlossenen Einschränkungen im öffentlichen Leben seit Ende April schrittweise aufgehoben werden, bewertet eine Mehrheit der Deutschen positiv. 56 Prozent sind der Meinung, diese Lockerungen seien richtig. 29 Prozent finden, die Lockerungen gingen zu weit. Für 13 Prozent hingegen gehen sie nicht weit genug. Anhänger fast aller im Bundestag vertretenen Parteien halten die Lockerungen mehrheitlich für richtig. Die Anhänger der AfD sind in dieser Frage indes geteilter Meinung: 38 Prozent sind der Ansicht, sie seien richtig. 35 Prozent finden, sie gingen nicht weit genug. 27 Prozent halten sie für zu weitgehend.
Bei der Lockerung der wegen Corona eingeführten Alltagseinschränkungen gehen die Bundesländer mittlerweile unterschiedlich vor, weil viele Bereiche in der Kompetenz der Länder liegen. 45 Prozent finden es richtig, dass jedes Bundesland für sich entscheidet, wie und wann es Corona-Beschränkungen aufhebt. Eine Mehrheit der Deutschen (55 Prozent) würde sich bei der Aufhebung von Corona-Beschränkungen ein einheitliches Vorgehen der Bundesländer wünschen.
Derweil hat eine klare Mehrheit der Deutschen aktuell kaum Angst vor einer Ansteckung. Drei Viertel der Deutschen (76 Prozent) haben weniger große bzw. kleine Sorgen, dass sie selbst oder Familienmitglieder sich mit dem Corona-Virus anstecken (+2 im Vgl. zu Mai). Bei einem Viertel der Deutschen (24 Prozent) ist diese Sorge aktuell sehr groß bzw. groß (-1).
Nach Meinung der Deutschen erfahren vor allem Kindergärten und Schulen in der Corona-Pandemie zu wenig Beachtung. 53 Prozent sagen, die Politik habe sich um diesen Bereich zu wenig gekümmert. 39 Prozent meinen, sie habe sich bislang angemessen um Kindergärten und Schulen gekümmert. Im Bereich der Gastronomie sagen 46 Prozent, die Politik habe sich angemessen gekümmert; für 45 Prozent war es zu wenig. Bei Kunst- und Kulturbetrieben sagen 42 Prozent, die Politik habe sich angemessen gekümmert; für 44 Prozent indes war es zu wenig. Mehrheitlich angemessen finden die Deutschen die politische Beachtung der Kirchen und Religionsgemeinschaften (60 Prozent), der Reise- und Tourismusanbieter (53 Prozent) sowie der Krankenhäuser und Pflegeheime (52 Prozent). Zu viel gekümmert habe sich die Politik in der Corona-Krise um den Profi-Fußball, sagen 56 Prozent. Für 31 Prozent war das Handeln der Politik hier angemessen. Auch über die Autoindustrie sagen 48 Prozent, die Politik habe sich zu viel gekümmert; für 35 Prozent war es angemessen.
Forum und Nachrichten
für die Informationsbranche
im deutschsprachigen Raum
Neue Ausgaben von Open Password erscheinen viermal in der Woche.
Wer den E-Mai-Service kostenfrei abonnieren möchte – bitte unter www.password-online.de eintragen.
Die aktuelle Ausgabe von Open Password ist unmittelbar nach ihrem Erscheinen im Web abzurufen. www.password-online.de/archiv. Das gilt auch für alle früher erschienenen Ausgaben.
International Co-operation Partner:
Business Industry Information Association/BIIA (Hongkong)