Amazon recently announced another stellar quarter, with AWS again being the main headliner for the ecommerce high flyer. Yet I’m convinced AWS growth and profitability has even deeper implications for traditional hardware-bound network security vendors.

Weeks ago I spoke with a CISO at a forward-thinking IT shop. It was one of the most encouraging and thought-provoking IT discussions I’ve had in a while. He said they were betting on the cloud to “transform” their security posture by enhancing security and scale and reducing costs and complexity.

The Cloud as a Driver of Security Transformation

This is a substantial shift in thinking from just a few years ago when the cloud was seen as being less secure by most CISOs. While I’ve certainly seen the enterprise cloud shift firsthand, most of the drivers were operations-driven.  IT wanted more agility and scale or some cost savings for unpredictable or seasonal workloads. Security concerns were seen by many as obstacles to cloud migration.  That has clearly changed.

The cloud is now seen as transformational versus as a potential security posture tradeoff. This is a big deal than a stellar AWS quarter.

It threatens the future growth and margin potential of today’s powerful security hardware and infrastructure players, those who have benefited from rising cyber threats and growing, increasingly connected networks. Several seemed to have peaked in 2014/2015 when cloud enterprise workloads were mere outliers. It looks uphill from here onwards for all security vendors tied to hardware for critical enforcement capabilities.

If he is right (and I think he is) the cloud will be the wheelhouse of security transformation. And many vendors are ill-prepared for such a software, service and IaaS-based disruption.

Why? Here is a list of factors that will drive the cloud software security transformation.

1) Consolidation of Buyers; Commoditization of Hardware

Cloud providers are usually building their own infrastructure, around new management, scale and security requirements, well beyond what most organizations can afford or even consider.  If needed, they can go to traditional hardware vendors and negotiate from a position of great volume / influence over terms, margins and specifications in ways that few enterprises and service providers ever could.

The long term effects of this shift will be dramatic, decisive and in some cases devastating to vendor models tied to specialized hardware and skill sets. Many will be pushed aside as enterprises look for single layers of enforcement and more granular access tunnels to address more sophisticated attacks aimed at increasingly connected systems.

2) Security with Scale is becoming Strategic

Cloud infrastructure is being architected for new, emerging demands, especially related to horizontal and vertical scale and security.  Cloud environments will increasingly adopt software and service-centric solutions that can scale globally and seamlessly, without location-specific constraints.

Digitalization will add to cloud delivery pressures and force IT into more software and services and away from hardware-defined tradeoffs.  This, combined with buyer consolidation and commoditization, will make IaaS and managed service providers (and best practice enterprise shops) powered by software-defined capabilities much more influential than the traditional hardware vendors.

3) Software and Services are Strategic to Security and Scale

After decades of innovation aimed at hardware differentiation and specialization as a means of growth and profitability the tables have turned and vendor operating models will need to shift to survive.  The virtualization, software and cloud-defined benefits of scale and agility will embrace security in ways that simple weren’t possible in complex networks of devices architected for simpler, slower times, manageable security demands and single vendor networks.

The cloud won’t compromise security; it will transform it.

[Originally published at Vidder blog]