Cloud-Based Cybersecurity Spending, FY 2020-2022

Back in the good old days (i.e., a few years ago) no federal agency worth its salt spent much on cloud-based cybersecurity capabilities. In general, agencies regarded cloud computing with suspicion, concluding it was too unsecure to host their data and applications or to provide new capabilities.

Fast forward to today and things have changed.

After several notable security breaches, and a rise in the overall number and sophistication of cyberattacks, technology leaders across the federal government began to realize that they could no longer keep pace with the threat. Cloud computing became more attractive in this context because commercial service providers could offer more advanced cyber defenses at a lower cost. Federal customers noticed the value proposition and spending on cloud services rose accordingly, including on security capabilities delivered as-a-Service.

FY 2020-2022 Spending on Cloud-Based Cybersecurity

The data below shows how federal spending on commercial cloud-based cyber capabilities has risen.

Both the civilian and defense sectors have gotten involved, too. Spending on cloud-based cybersecurity across the civilian sector rose 94% over the last three fiscal years while across the Department of Defense it rose an even more impressive 133%.

Spending by Cyber Solution Type

When it comes to the types of solutions agencies are purchasing, capabilities confirming user Identity and Access Management (ICAM) is by far and away the most popular solution. This trend began even before agencies began showing an interest in zero trust. Now that zero trust is everywhere expect spending on ICAM capabilities to continue growing strongly.

The Cloud Security category contains all types of solutions for which there was no information other than that the capability was a cloud-based security one. Otherwise, I’d expect the ICAM spending to be even higher.

Spending on Cloud Access Points and Gateways remains strong as agencies implement more secure ways to access the commercial cloud services they want. The type of capability on which spending rose the most is for Firewall/Vulnerability Management. Totaling a paltry $1.9M in FY 2020, by FY 2022 spending on Firewall/Vulnerability Management capabilities rose to $98.7M. That’s growth of 5,000% over three fiscal years for those who like things expressed in percentages.

Similar spending growth trajectories can be seen for Malware/Threat Detection, which is up from $2.5M in FY 2020 to $27.8M in FY 2022, and for Endpoint Management/Protection, which rose from $6.1M to $33M over that same period.

Summing up, the federal market for cloud-based cybersecurity is getting stronger. Capabilities featuring advanced analytics and machine learning in particular should continue be in demand as agencies seek to shore up their defenses against the ever present threat of cyberattack.