The next paradigm shift in digital security is already here

The app market is growing at an unprecedented rate, with the majority of enterprises generating a substantial portion of their revenue from digital services. Adopting a “mobile/app first” strategy is now pivotal, and an average of 100,000 new Android/iOS apps are launched each month. This is ushering in a new paradigm in digital security – with apps, APIs, and other communication protocols as the primary battleground.

‍

Today, most people have dozens of apps installed on their smartphones, from travel apps, banking services, and games to preinstalled apps that they didn’t even know were there. While this has provided convenience like never before, it has also opened new digital surfaces that malicious actors and cybercriminals can attack.

According to Maxwell Veyhe, Partner at GRO, what we’re seeing is a paradigm shift in digital security that will dictate where the industry focuses for the next 5-10 years.

‍

‍

“If you take a step back and look at digital security in the current millennium, you can see three clear epochs,” Maxwell explains. “In the 2000s, digital security was all about networks. In the 2010s, focus shifted to end-point security. Both these areas are now pretty advanced, with major actors dominating the space. The new field in the 2020s is app security. You can think of this as an extension of the end-point security epoch, but the area is still very immature. Bad actors are becoming more and more sophisticated in how they exploit security weaknesses in apps, but the digital security industry is still catching up.”

‍

‍App security and reputational damage

To illustrate the point, Maxwell references a recent study which found that over 50% of the world’s banking, trading, and payment apps with more than 5 million downloads are susceptible to repackaging attacks from malicious hackers. This allows the hacker to enter the app on your phone and re-engineer it to do something different the next time you open it, such as transfer money to another bank account or share your personal data.

It's not just the end-user who suffers from this kind of attack or data breach. Under GDPR (General Data Protection Regulation), companies that collect personal data from European citizens must self-report all significant breaches within 72 hours, and each GDPR violation risks a fine of up to 4% of an organization’s annual worldwide turnover, or €20 million, whichever is larger. More importantly, data breaches damage a company’s reputation, which can have a negative impact on the company’s growth, customer retention, and brand equity.

The solution is to use added digital security to protect the app against attack. However, many companies face an uncomfortable trade-off between app performance and digital security.

‍

“Key criteria for an enterprise to adopt any added technology on their app are that it needs to be an easy process and app performance mustn’t drop,” says Maxwell. “This applies to any feature, including security, so app shielding must be very efficient.”

‍

This is where companies like Promon come in. An Oslo based company within the GRO portfolio, Promon provides app shielding technology for hundreds of apps, protecting billions of users worldwide from tampering, malware, reverse engineering, and more.  

There are only a few pure-play app shielding offerings on the market today and Promon has a significant advantage: It’s not just secure; it provides best-in-class security at the push of a button without affecting app performance – meaning it solves a highly complex security issue incredibly fast without customers even noticing.

This in part is why GRO invested in Promon in 2022. An investment company exclusively focused on B2B software, GRO closely monitors the digital security industry. It made its first move in the area when it invested in the NextGen IT company Trifork in 2015. Today, its portfolio includes several companies working at the forefront of the new digital security paradigm.

‍

Key trends in digital security

So, what’s next for digital security? According to Maxwell, beyond app security there are several key trends that will shape the future, in particular API (Application Programming Interface) security, IGA (Identity Governance and Administration), and IoT (Internet of Things) security. Broadly speaking, all these are closely connected to the continued proliferation of cloud computing allowing organizations to store and process data remotely. Cloud computing provides many benefits, but it also involves multiple touchpoints and is vulnerable to security attacks.

‍

“In the future, we will need more players like Promon to secure apps from malicious attacks. But, as applications become more complex and interrelated, we will also need to be much more aware of the actual data flow between different applications, organizations, and devices. An API, for example, allows an app and an enterprise program to communicate. How can we be sure that the API is secure? We also need to consider identity governance around apps, to ensure that the right people have access to the right level of data. And, what about IoT devices? IoT is being used increasingly to administer and control critical assets and infrastructure, but most IoT still has weak security protocols. We need to think about this already now, because you can bet that the bad actors are.”

‍

GRO is already working with companies in all these fields. In 2023, for instance, GRO invested in the Swedish company Curity, which provides a unique combination of Customer Identity and Access Management (CIAM) and API security to protect data routes throughout an enterprise’s systems, applications, and digital infrastructure. Curity’s offeringis used by global enterprises across a wide range of industries – and the company is developing along one of the higher growth trajectories within GRO’s portfolio.

The API security field is still evolving but it is increasingly appearing on the C-level decision-making agenda. The importance of Digital Identity and API security will only grow over the coming years, as the prevalence of API-led malware attacks is accelerating rapidly, and modern enterprises are becoming more digitalized and interconnected.

When it comes to IGA, GRO’s portfolio includes Omada, one of the world’s best-known providers of identity governance and administration solutions for large enterprises. Within IoT security, GRO has partnered with Secomea, which provides turnkey industrial IoT solutions to enable secure remote control and maintenance in manufacturing facilities. By investing in companies like Promon, Curity, Secomea, and Omada, GRO is helping to drive change in the industry on a wide scale.

‍

The secret to investing is focus, focus, focus

This is not just idle talk. GRO has been helping to push the industry in the right direction for the last decade by investing in companies at the forefront of digital security. So,what is the secret to driving growth in a market that is still niche today, such as app security? Maxwell believes that the answer lies in focus and specialization.

‍

“I’m a firm believer that the world of investing is going towards specialization – people who focus on one area, can identify key industry drivers, can spot opportunities early, and can truly help companies grasp them. If you do this in B2B software, you can have a huge impact, because software as a whole is one of the very few categories that has redefined itself from being an industry of its own to being a critical enabler for all industries.”

Omada is an excellent example. The company joined the GRO portfolio in 2018, when IGA was still a newly developing field, barely understood by those outside the industry. Today, Omada is one of the undisputed global market leaders in IGA and its products are critical to the digital security of many of the world’s largest companies, no matter the industry, from Bayer to BMW.

‍

“When it comes to helping B2B software companies grow, you need to combine deep insight into the thematic area you are investing in – such as digital security – with an in-depth understanding of, and importantly experience in, how B2B software companies operate,” says Maxwell. “This is the secret sauce. Because at the end of the day, you have to develop a relevant operational approach that strikes the right balance between market and product strategy and in-company execution, without overloading management teams. Many investors are very good at giving an ecdotal strategy advice but often end up boiling the ocean. Instead, you must be extremely clear and fast in your prioritization, which means understanding the product-market fit, identifying the top must-wins for the company, and following them through with accountability. That is the case for even the most complex, deep-tech software companies.”

For the greater good

GRO takes a thematic approach to investing and improving safety in the digital world is just one off our thematic focus areas. The others are unlocking resource efficiency, creating a sustainable future, and enabling the digital transformation. Whichever thematic area it works in, GRO applies the same expertise and data-driven insight – and the end goal is always the same.

‍

“We want to help our portfolio companies unleash opportunities in the areas where they specialize,” says Maxwell. “But our ultimate goal is bigger. We believe that B2B software is extremely important in making our world safer, more efficient, and more sustainable – which is why we always partner with companies that can have an impact in one of these areas.”

‍