Trends in Cloud-Based Cybersecurity Contracting, FY 2021-2023

The last three federal fiscal years have seen dramatic growth in the procurement of cloud-based cybersecurity solutions. Pushed by executive orders, the adoption of zero trust as an organizing framework, and a growing number of available solutions, federal agencies have been increasing investment in security solutions delivered as-a-Service. This week’s post provides some data illustrating the trends in this area of procurement.

Total Number of Solutions Procured

The chart below shows the total number of cloud-based security solutions procured over the last three fiscal years. Obligation data (i.e., spending) is not yet available, but the total value of awarded contracts (TCV) is, so that data will also be provided below.

Although the federal procurement of cloud-based security solutions was increasing before FY 2021, the transition from that fiscal year to FY 2022 turned out to be a pivotal. The number of contracts awarded for cloud-based cybersecurity nearly tripled in FY 2022 compared to FY 2021. This growth continued in FY 2023, but at a slower pace, likely because agencies had made a stronger push the previous year.

TCV by Security Solution Type

We here at Federal Market Analysis do not only track the market in aggregate. We also do our best to classify the solutions procured by their purpose or function. To that end, the data shown below illustrates how federal agencies spent the most on identity and access management solutions in fiscal 2023. Please keep in mind that the data shown below is for awarded contract ceiling values, not for spending against those contracts.

The focus on IDaM comes as no surprise as verifying the identity of users on agency networks is a key component of the zero trust approach. Yet, agencies are also buying more capabilities for penetration testing and vulnerability management, and even good old firewalls remain attractive. The interesting category included here is system development. This is an engineering category with the work focused on hardening the security of cloud-based systems.

TCV by Vendor Solution

The data presented here adds color to the identity and access management category discussed above. As we can see, agencies awarded far more for the SailPoint Identity Security capability than for any other solution. Additional IDaM solutions in the top 10 include ID.me and Okta’s IDaaS.

Persistent threats, well-publicized hacks of agency systems, and the growing sophistication of cyber attacks have put mitigating the online security risk front and center. It is no understatement to conclude from the data presented here that evolving cloud-based offerings are now supporting federal investment in cybersecurity. Cloud-based solutions appear to have become an increasingly popular option for federal customers.