4 codes
Much of the investor attention surrounding Microsoft (NASDAQ:MSFT) discusses its cloud computing prospects and generative ai offerings. While the tech giant has other levers for growth (including gadgets, video games, and more), cybersecurity is an area that's gaining more and more attention, according to to KeyBanc Capital Markets.
“(Cybersecurity) isn't exactly a secret; if it is, it's poorly kept, but the things that make security offerings attractive to end customers (breadth) also make the business itself difficult to grasp. within the broader giant. That is,” analyst Jackson Ader wrote in a note to clients, adding that all of Microsoft's cybersecurity offerings add up to a $100 billion business.
The security is likely to add between 1% and 1.5% to growth through 2027, but if Microsoft were to achieve “sustained market share” (which it has done in recent years), then it could add more than 2% growth in some years. the same time period, Ader said.
“If share growth continues, security revenue could double between 2023 and 2027. Gartner estimates that Microsoft security has gained 0.9% market share over two years. If that pace continues over the next few years, next two years and then starts to degrade slightly thereafter, “What is our bullish case, we estimate that Microsoft's security-based revenue could reach more than $39 billion in 2027, more than double the 19 billion dollars estimated in 2023,” Ader wrote.
Six security cubes
Microsoft divides its security products into six product families and three focus areas: identity, endpoint, and cloud.
Current products generate more than $20 billion in annual revenue. However, estimated growth in the mid-teens over the next few years is likely to result in additional sales of $10 billion by 2027, Ader said.
The six areas are Defender, Sentinel, Entra, Purview, Priva and Intune, which offer different capabilities and solutions, from everything including physical firewalls to newer products such as secure access service offerings at the edge.
And while some security offerings are included with Office 365 subscriptions, depending on license level or setting, there are additional opportunities to upsell advanced features like Defender and XDR.
Of the six areas, Entra (formerly known as Active Directory) and Defender are the two key areas of strength, Ader said, citing the size of the installed base and the issue that they are close to daily customer usage.
Entra is the product group for all identity and network access solutions, including everything from user authentication, permissions, access controls and more. It has been widely adopted due to its protocols, such as requiring multi-factor authentication and an identity governance solution that adds another layer of security on top of Entra ID.
“OKTA's fight against access management disruption from the previous decade has been a bright spot and with Defender we see the endpoint as a natural place for Microsoft to lead, especially when it comes to ai with co-pilot and detection and response capabilities.” Ader wrote in a note to investors.
Microsoft Defender has several capabilities, including Defender for XDR (a set of integrated protection products); Cloud Defender; a DevOps security operations solution; Discovery products and much more.
Then there's Microsoft Purview, which is a data management solution that helps businesses with their data security, governance, risk, and compliance.
Microsoft Priva is the next segment, allowing businesses to manage their data landscape. Capabilities include automating privacy assessments; privacy risk management; scanning for trackers on company websites; consent management; and subject rights requests, making it easier for companies to respond to and fulfill people's requests for the personal data that companies collect from them.
Microsoft Intune is a cloud-based endpoint management solution, which is responsible for managing user access to organizational resources, as well as device management (mobile, desktop, virtual endpoints).
Last but not least: the artificial intelligence aspect.
ai has become increasingly useful for cybersecurity, as threats become more sophisticated and responses must keep pace. In April, Microsoft made its Copilot for Security solution “widely available,” allowing companies to ask questions on topics such as incident response, threat hunting, intelligence, and more.
