Chaos means cash for cybercriminals, setting off a fresh wave of investment for security startups. Armed with data and powered by cloud, the next generation of security services face a growing attack surface as the world’s connected devices are predicted to exceed 75 billion by 2025.

Backing up and protecting the hundreds of zettabytes of data created and stored using modern cybersecurity techniques is a Sisyphean task.

Taking on the challenge is a new breed of security startups. Their ideas are revolutionary, but whether they will bring a lasting change in the market is yet unknown. In advance of the AWS Startup Showcase: The Next Big Things in AI, Security & Life Sciences, theCUBE, SiliconANGLE Media’s livestreaming studio, looks at the challenges of cybersecurity shortcomings, and the newcomers rethinking data protection.

The security situation is broken

Mirroring the rise in crime has been a spurt of spending, as organizations throw money at solutions to monitor systems and respond to potential threats and vulnerabilities. The cybersecurity market is projected to grow at a compound annual growth rate of 12% to reach $366 billion by 2028, according to Fortune Business Insights.

But the assumption that bigger spend will stop the criminals is false. Traditional rules-based engines that set out to identify and stop the bad guys just can’t cope with trillions of data points dispersed across hybrid environments.

The endpoint is the number one point of infection for all breaches. – Ian Pratt, global head of security for personal systems at HP Inc.

The rise in remote work rendered old-school security firewalls pointless, and employees working from home often use personal, and shared, devices. IoT is now 31 billion devices strong, and growing. Each gadget generates data, posing as potential access points for criminals.

“Whether it’s social engineering and phishing being used to infect targets, steal credentials and maintain persistence, the endpoint is the number one point of infection for all breaches,” Pratt stated in his foreword to the “Nation States, Cyberconflict, and the Web of Profit” study.

Then there are unmaintained services, abandoned open-source code, improper segmentation leading to open access to data, lazy developers that store bypass keys, and the inevitable unintentional errors lurking in expansive projects spanning millions of lines of code. Not to mention the thousands of APIs that often unintentionally provide doorways into the code and the most unreliable factor of all — humans. It all adds up to an insecure security landscape.

“We see things like services that were launched which nobody maintained for years. We see things like improper segmentation that [means] everyone has permission to access everything. Therefore if one environment is breached, everything is breached,” Avi Shua, co-founder, and chief executive officer of Orca Security Ltd. told theCUBE in a recent interview. “You need to assume that everything will fail all of the time, including all of the controls that you baked in.”

Startups set out to revamp security from stem to stern

Digital transformation is changing how the world does business as every sector, from marketing to manufacturing, adopts a data-driven mindset. But cybersecurity seems to be struggling to fully adapt to this new and heavily distributed world.

“If everything has changed in terms of how it is you build technology value, deploy it and operate it. [Then] we have to change how it is we do security and it has to be also from stem to stern,” Brendan Hannigan, chief executive officer of Sonrai Security Inc., told theCUBE.

“Security needs a do-over” is a common refrain heard from experts and executives. But, performing a top-to-bottom reinvention of cybersecurity while simultaneously protecting against attack is a tough task. theCUBE’s John Furrier compares to switching out an airplane engine while flying at 30,000 feet.

“It’s hard, people,” he said. “It’s not just incremental improvement, it’s a fundamental revolutionary change.”

Just as development and operations merged to form DevOps, so data protection and cybersecurity need to join forces as cyber protection, according to Jason English, principal analyst and chief marketing officer at analyst and advisory firm Intellyx LLC.

“We’re on the cusp of another great combination, as the tectonic forces of market dynamics and modern threats are fusing together. Two well-established information technology sectors — data protection and cybersecurity — into a bigger, broader category of solutions called cyber protection,” English said.

David Hatfield, chief executive officer of Lacework Inc., recently told theCUBE that security is fundamentally a data problem.

“If you can get the data problem and the data processing right, you can fundamentally change the industry,” Hatfield stated. “Data science meets cloud security” is how Hatfield describes Lacework’s solution, which automates security with AI that becomes smarter as it ingests data from the expanding attack surface.

Think like a bad guy. – Shreyans Mehta, co-founder and chief technology officer at Cequence Security Inc.

“You need to think like a bad guy. What are they going to go after? Get that visibility first, and then protect these environments,” Mehta stated in a recent CUBE Conversation with Furrier.

And what the bad guys are going after is the data.

“That’s the most valuable thing we’re trying to protect,” Hannigan said, explaining why the data-driven approach to security is so critical for the new generation of solutions.

Startups Sonrai, Anitian Inc., Cequence, Lacework and Orca all provide very different approaches to cybersecurity but all are focused on data protection and compliance. They have something else in common: They’re all built on AWS infrastructure.

“We can see and understand the significance of the inventions like AWS. It’s an amazing invention, the power of it and what it delivers to us. The opportunity which is a must-take opportunity is reinventing security from top to bottom,” Hannigan said.

The surge in investment in solutions means it’s a hot time for startups in the security scene, and there’s a lot of competition amongst companies aiming to reinvent security through their model. Merging data protection and cybersecurity could be the answer, creating a cohesive security landscape and eliminating the fragmentation that characterizes today’s market.

Image: Shutterstock