By George Hulme

There’s no doubt that the cybersecurity market is hot, but you need to focus: While research firm Gartner expects the 2015 cybersecurity market to hit $75 billion, spending won’t be evenly distributed. For instance, IDC says the biggest forward-looking areas of growth will likely be security analytics and security information and event management, threat intelligence and mobile security. In most areas, sales will expand 10 percent, with mobile growing at 18 percent and cloud security at 50 percent

In the year ahead, your customers are going to seek insights on how they can improve the information and intelligence they currently have on the risks and threats to their organizations. And when it comes to on-premises equipment, their security investments, while still strong, won’t experience much, if any, growth. Instead, the lion’s share of cybersecurity spending will happen in the areas where applications and data are heading: mobile and cloud.

With these trends in mind, I reached out to security vendors and service providers for their perspective on the most important channel security trends for 2016.

1. With apps, data and infrastructure moving to cloud services, it’s no surprise that security will follow.

“Cloud-based security technologies are gaining traction as the sophistication and intensity of cyberattacks accelerates and businesses demand better manageability and adaptability of security solutions, with reduced cost and network complexity. Unlike disjointed on-premises security solutions, the cloud offers security defenses better threat visibility, shared intelligence across customers, and agile software that enables rapid adaptation to emerging threats. The dissolving network perimeter also has created severe challenges in terms of capacity, manageability, adaptability and coverage of IT security appliances.”

—Shlomo Kramer, CEO and co-founder of Cato Networks

“With the expanding use of cloud technology, businesses also will need more granular cloud-based IT security that can protect their network, regardless of where their employees’ physical locations are. Businesses also will rely more heavily on cloud-based email and Web security companies that are able to layer protection on top of existing infrastructures without adversely affecting affordability.”

—Justin Gilbert, channel sales manager, AppRiver

Solution providers need to make the point that security must follow data, and data’s moving to the cloud and going mobile. There are plenty of channel-focused vendors looking for new partners.

2. From international data privacy and security intelligence sharing, financial services, and health care: Expect regulatory burdens to continue to increase.

“Regulatory requirements have generally been viewed as helping to drive organizations to meet minimum security standards; however, the overall security effectiveness or impact of regulatory requirements has been nominal. We can expect to see a much more meaningful advancement in the rigor of security requirements laid down by the regulators in 2016. This is partly due to accelerated advancements in public–private threat intel sharing and the regulators’ acknowledgement of the need to seek out cutting-edge threat data and security best practices from the organizations that are on the front lines of defending against them.

For example, in IoT, the FDA is making significant improvements to beef up minimum security requirements for medical devices, which could otherwise pose grave safety risks to people, care providers and medical-device manufacturers that depend on their trusted operation. Because the vertical markets are so intimately interconnected, we also will see more teeth in enforcement of security requirements.”

—Sam Rehman, CTO, Arxan

While “compliant” has never been synonymous with “secure,” regulatory best practices are a starting point for customers in affected verticals. And the new enforcement “teeth” that Rehman mentions may be help your CISO partners justify increased security spending.

3. With health-care data fetching a premium, expect the health-care vertical to continue to be a target among criminals for fraud and medical identity theft.

“According to various reports, including the Data Breach Index for 1H 2015 from Gemalto, the health-care industry holds the dubious distinction of having the greatest number of data-breach incidents compared to other industries. Ponemon’s Cost of Data Breach Study report confirms that the cost per record stolen is higher in health care than any other industry. Health-care data still command a 10x premium over financial and other personal information. At the same time, most health-care companies lack the ability to find a network attacker that has circumvented preventive security and is in the process of exploring an unfamiliar network, gaining additional points of control and getting closer to protected health information and personal identity information records.

Even data encryption, greater network segmentation and additional authentication controls are unlikely to impede network attackers, who can steal valid credentials that provide access to critical data to carry out their work.

These network attacks will continue to occur in 2016 and health care will likely continue to be the top industry to be victimized by data breaches.”

—David Thompson, Sr. director product management, LightCyber

Partners serving health-care customers, especially smaller practices that may not have in-house security expertise, need to make them recognize the target on their backs. The Breach Level Index is a valuable resource for stats and recommendations.

4. Security analytics is poised to move from talk to action.

“Technology that encourages and promotes intelligence, preparedness and response also will take a radically increased profile in cybersecurity through 2016 and beyond — so organizations will invest more heavily in security solutions that deliver deeper understanding and analysis of their structural, digital and network maps. These types of security technologies will have massive impact on organizations in 2016.”

—Ray Rothrock, CEO, RedSeal

“We’ve heard a lot about the potential of big-data-enabled security analytics. But the truth is, most enterprises that have a big-data architecture in place are simply storing more data. Not many organizations are extracting security value from it. That will change. We’ll begin to see IT services analyze and threat model big data into unprecedented, actionable intelligence.”

—Darren Gaeta, VP of Partnerships and Alliances, Securonix

“Organizations will realize that algorithms – not big data – are the key to detecting and mitigating cyberattacks.

The old security paradigm is that someone’s data traffic must be inspected to determine the presence of a cyberthreat or attack, resulting in the potential for privacy violations; however, new innovations in data science, machine learning, and behavioral analysis will enable protection while preserving privacy.

To combat cyberattacks that evade perimeter security, enterprises are collecting petabytes of flow and log data in hopes of detecting attacks. These systems turn into unwieldy analysis projects that typically detect an attack only after the damage is done, wasting valuable time and money. Threat-detection algorithms will play a significant role in making big data more useful and actionable.”

—Hitesh Sheth, CEO, Vectra Networks

“It is well recognized that conventional security information and event management solutions can’t catch up to fast-evolving offensive technologies and tactics employed by hackers, cybercriminals, and other bad actors. Next-gen cybersecurity solutions must have better situational awareness about their own network and provide defense against enemies.

Advances in data science have matured significantly in the last few years, so it’s now becoming possible to apply the potential of big data to cybersecurity to achieve much greater situational awareness and network visibility, giving security teams the intelligence they need to respond quickly and accurately to threats. In particular, demand will be strong for those solutions that can automate and operationalize these analytics capabilities, so detection of threats can be tied to next steps in remediation.”

—Usman Choudhary, senior VP and chief product officer, ThreatTrack Security

Big data that isn’t mined is a big missed opportunity. Helping customers find clues on breaches in log and other data is an ideal entry point for analytics.

5. Cybersecurity skills shortages show no sign of relief, setting up demand for security services.

“The security skills gap is a major contributor to risk. Small businesses and mid-level enterprises, in particular, do not have the security resources or skilled staff to combat advanced threats. Rather than focus on point solutions, which can be costly and time-consuming to manage, companies should consider converged platforms, offered as a managed service, that bundle both capabilities and expertise. This will help businesses achieve competencies and effective defenses that were previously accessible only to large enterprises.”

—Kramer, Cato Networks

“The shortage of security researchers and incident-response talent will get worse. The need for security researchers and incident-response personnel is growing faster than the available talent pool. This will prompt organizations to rely on the automation of manual, time-consuming security tasks. It’s the only practical, short-term way to free up the thinning ranks of security teams to focus on critical and strategic security work.”

—Sheth, Vectra Networks

“Though currently a fledging trend, in 2016 there will be an uptick of traditional security vendors partnering with networking companies and cloud providers. In the age of hybrid data centers and mobile workplace environments, traditional network firewalls aren’t enough to keep enterprise data safe, and vendors with areas of expertise will need to bridge the gap to create a more comprehensive security solution. The current perimeter is rapidly disappearing and vendors are circling the wagons to secure enterprise networks at the application level.

Also, with too many products and no services, services will become more relevant. Too many products are deployed that do not communicate among each other — no API or REST API available and all vendors have features that overlap. It takes human genius to put all that together in some sort of an orchestrated fashion and to run it smoothly. It takes a lot of time for professional services to streamline daily operations.”

—David Holmes, senior technical marketing manager for security, F5 Networks

Partners have plenty of new and established security services vendors to choose from. The problem is that solutions providers are not immune to the skills shortage plaguing customers. Look for vendors with strong enablement and support operations.

George W. Hulme is an internationally recognized security and business technology writer. For more than 20 years, Hulme has written about business, technology and IT security topics. From March 2000 through March 2005, as senior editor at InformationWeek magazine, he covered the IT security and homeland security beats. His work has appeared in CSOOnline, ComputerWorld, Network Computing, Government Computer News, Network World, San Francisco Examiner, TechWeb, VARBusiness and dozens of other technology publications.