Worldwide Information Security and Risk Management market revenue is predicted to reach $186.2B by 2024, with Cloud Security growing at a 33% Compound Annual Growth Rate (CAGR) between 2019 and 2024 according to Gartner.
- According to Gartner, there’s been a noticeable acceleration in clients purchasing SaaS-based Identity Access Management (IAM) and Identity Governance and Administration (IGA) systems this year.
- Gartner cautions clients to beware of slideware and marketectures in the Secure Access Service Edge (SASE) market as vendors rush new solutions to market that don’t reflect a true cloud-based delivery-as-a-service model.
- The Gartner 4Q19 security spend forecast predicts spending on Cloud Access Security Broker (CASB) solutions will grow 45.3% in 2020, 40.7% in 2021, 36.7% in 2022 and 33.2% in 2023, outpacing all other information security markets.
- Three technologies have been removed from this year’s Hype Cycle, including Virtual Machine (VM) backup and recovery, Identity Proofing and Corroboration and IaaS Volume Encryption.
These and many other new insights are from the Gartner Hype Cycle for Cloud Security, 2020, published on July 17 of this year with the graphic provided in their recent article Top Actions From Gartner Hype Cycle for Cloud Security, 2020. Gartner declares that public cloud computing platforms have proven battle-ready by supporting unplanned, unexpected workloads from enterprises during the pandemic.
Get started on your cybersecurity degree at American Military University.
The article highlights three of the 33 technologies in this year’s hype cycle in their recent post. These are Secure Access Service Edge (SASE), Cloud Security Posture Management and Cloud Access Security Brokers (CASB). Gartner sees a steady pace of inquiries from clients regarding CASB by those organizations that have adopted cloud platforms as an integral part of their infrastructures. The Gartner Hype Cycle for Cloud Security, 2020, is shown below:
Top Actions From Gartner Hype Cycle for Cloud Security, 2020, Augusut 27, 2020, Smarter With Gartner
Details of What’s New In Gartner’s Hype Cycle for Cloud Security, 2020
- Cloud Infrastructure Entitlements Management (CIEM) is on the Gartner Hype Cycle for Cloud Security for the first time this year. Gartner defines Cloud Infrastructure Entitlement Management (CIEM) as specialized identity-centric SaaS solutions focused on managing cloud access risk via administration-time controls for managing entitlements and data governance in hybrid and multicloud IaaS architectures. CIEMs often rely on analytics, machine learning (ML) and advanced statistical techniques to detect anomalies in account entitlements. An example of this would be the accumulation of privileges that are dormant or not used over time. CIEM relies on a least-privilege approach to governance and compliance. Gartner predicts CIEM will continue to offer significant advantages over proprietary Cloud Infrastructure and Platform Services (CIPS) embedded technologies for governance of identity entitlements. Active vendors in this area include Authomize, Britive, CloudKnox Security, Ermetic, Obsidian Security, Polyrize, SailPoint, Saviynt and Sonraí Security.
- SaaS Security Posture Management (SSPM) is the second category added to the Gartner Hype Cycle for Cloud Security for the first time this year. Gartner defines SaaS SSPM as tools that continuously assess the security risk and manage SaaS applications’ security posture. Core capabilities include reporting native SaaS security settings’ configuration and offering suggestions for improved configuration to reduce risk. Optional capabilities include comparison against industry frameworks and automatic adjustment and reconfiguration. Gartner notes that client interest in SSPM continues to increase. At the same time, SaaS cybersecurity vendors realize the need to provide an enterprise-wide SaaS platform capable of scaling across all applications. Vendors active in this area include Adaptive Shield, AppOmni, Cloudneeti and Obsidian Security.
- Gartner predicts seven of the 33 key technologies in the Hype Cycle are just two years away from mainstream adoption and will deliver a high level of benefit. The seven technologies include Cloud Access Security Brokers, Cloud Security Assessments, Cloud Service Brokerage, Cloud-Testing Tools and Services, Document-Centric Identity Proofing, Enterprise Digital Rights Management OAuth 2.0. Gartner also estimates that Cloud Security Posture Management, OpenID Connect and SaaS-Delivered IAM are two to five years away from mainstream adoption and will also deliver a high level of benefit.
- Secure Access Service Edge (SASE) is one of the most over-hyped cloud security areas today, with Gartner cautioning clients to beware of slideware and marketectures that don’t fully explain true cloud-based delivery. Gartner notes over a dozen vendors and products have briefed them in the SASE market in the last twelve months. Vendors have been prone to overcommit their SASE capabilities in an attempt to land new customers in this fast-growing market. Gartner’s forecasts show a strong upside for SASE through 2024. The research firm predicts at least 40% of enterprises will have strategies to adopt Secure Access Service Edge (SASE) up from less than 1% at the end of 2018.
- Gartner predicts Zero Trust Network Access (ZTNA) and microsegmentation will merge within the next two years on the Hype Cycle and potentially in the cybersecurity market. As identity- and role-based access augment network-based access to cloud resources and applications, the impediments to merging ZTNA and microsegmentation go away, leading to consolidation in this market area. Gartner notes that ZTNA addresses the user-to-application scenarios organizations face, while identity-based segmentation addresses component-to-component scenarios. Combining them enables organizations to achieve a more comprehensive Zero Trust Security framework.
- Enterprises who have successfully integrated cloud security into their broader enterprise cloud strategy are ahead of their peers in three key areas. The three areas where enterprise cloud security leaders are differentiating themselves include the following: SaaS-delivered Identity and Access Management (IAM); Cloud Access Security Brokers (CASBs) for SaaS; and Cloud Security Posture Management (CSPM) for IaaS and PaaS.
Gartner Hype Cycle for Cloud Security, 2019. Published July 23 2019, document reference G00369584; written by Jay Heiser and Steve Riley (client access required).
Gartner Hype Cycle for Cloud Security, 2020. Published July 17 2020, document reference G00448013; written by Steve Riley, Jay Heiser and Tom Croll (client access required).
Top Actions From Gartner Hype Cycle for Cloud Security, 2020. Smarter With Gartner blog. August 27, 2020