CrowdStrike (NASDAQ:CRWD) has been a big winner in the work-from-home movement. Effects from COVID-19 have cemented new cybersecurity standards in place, and the company's revenue has been on a tear again in 2020. Cybersecurity is looking much less like a fortified castle and moat and more like a counterintelligence network. Investors, it's time to make some adjustments.
Building a new framework for digital protection
Faced with shelter-in-place orders, many organizations have been scrambling to keep operations running. Cloud computing has been adopted at a rapid pace, and employees are accessing company data remotely -- thus the need for CrowdStrike's cloud-based endpoint security software, sending its sales (and stock price) through the roof.
Endpoint security is a big need, encompassing not just employee devices but also equipment connected to a network. However, modern security needs are much more complex than simply pushing the defensive perimeter from an office to individual computers, tablets, and phones. In a recent blog post, CEO George Kurtz highlighted the need to continue crafting a "Zero Trust security strategy" -- a departure from traditional security practices that verify then trust a user (such as simple password validation). Zero Trust instead requires continuous and real-time vetting of credentials before allowing access to a network, applications, and data.
CrowdStrike already has the endpoints and workloads covered, but the identity piece of the Zero Trust equation was still missing. To keep its epic expansion going, Kurtz explained why his company made its first-ever acquisition as a public company: Preempt Security. The small $96 million takeover ($86 million in cash, $10 million in stock) will add further capabilities to the CrowdStrike platform and increase the company's total addressable market (there will be about $2 billion in 2020 global spending on identity security services). Kurtz also said CrowdStrike will use Preempt to add a new module to its platform. The company grows, not just by adding more customers, but also by increasing the number of security modules available to them.
What's it to investors?
Traditional cybersecurity methods are breaking down, and incumbent firms are having varying degrees of success in adapting to evolving needs. CrowdStrike itself has been a beneficiary as many of its new customers have been leaving older services.
But unlike some of the older cybersecurity outfits, CrowdStrike isn't simply interested in taking over market share. Rather, the company is trying to architect a brand new type of security for the modern age. Besides the Preempt announcement, CrowdStrike also formed an alliance with workforce and customer identity software provider Okta and security peers Proofpoint and Netskope over the summer of 2020. The companies are collaborating on integration of their various services to create a modern framework based around Zero Trust.
The deal for Preempt doesn't exactly stomp on any toes in this alliance, but Kurtz and company clearly understand that more than just securing endpoints will be needed if CrowdStrike wants to create an enduring growth story. And some of its older and larger rivals -- notably Fortinet and Palo Alto Networks -- are attacking the market by creating something approximating a one-stop shop. Palo Alto CEO Nikesh Arora in particular has been vocal in saying organizations are looking to simplify and reduce the number of vendors they use when discussing his company's acquisition spree in the last couple of years.
The good news for CrowdStrike is that it has momentum working in its favor, and it has reached a scale where it's now generating positive cash flow. Perhaps Preempt will be the first of other acquisitions as the company builds out its vision for a new Zero Trust standard. My money is on CrowdStrike expanding the scope of its platform. Other cybersecurity firms slow to change with the times run the risk of getting left far behind in this fast- and ever-evolving industry. Invest accordingly.