Hype Cy­cle for Cloud Se­cu­rity in 2017

Rapid growth in cloud adop­tion is driv­ing in­creased in­ter­est in securing data, ap­pli­ca­tions and work­loads says Gart­ner Hype cy­cle


As we go by the re­cently re­leased ‘Hype Cy­cle for Cloud Se­cu­rity for 2017’, it re­veals in­ter­est­ing trends. “Se­cu­rity con­tin­ues to be the most com­monly cited rea­son for avoid­ing the use of pub­lic cloud,” said Jay Heiser, re­search vice pres­i­dent at Gart­ner. “Yet para­dox­i­cally, the or­ga­ni­za­tions al­ready us­ing the pub­lic cloud con­sider se­cu­rity to be one of the pri­mary ben­e­fits.” The at­tack re­sis­tance of the ma­jor­ity of cloud ser­vice providers has not proven to be a ma­jor weak­ness so far, but cus­tomers of these ser­vices may not know how to use them se­curely. “The Hype Cy­cle can help cy­ber­se­cu­rity pro­fes­sion­als iden­tify the most im­por­tant new mech­a­nisms to help their or­ga­ni­za­tions make con­trolled, com­pli­ant and eco­nom­i­cal use of the pub­lic cloud,” added Heiser.

The Gart­ner, Inc. Hype Cy­cle for Cloud Se­cu­rity helps se­cu­rity pro­fes­sion­als un­der­stand which tech­nolo­gies are ready for main­stream use, and which are still years away from pro­duc­tive de­ploy­ments for most or­ga­ni­za­tions. Hype Cy­cle is a graph­i­cal de­pic­tion of a com­mon pat­tern that arises with each new tech­nol­ogy or other in­no­va­tion. Each year, Gart­ner cre­ates more than 90 Hype Cy­cles in var­i­ous do­mains as a way for clients to track tech­nol­ogy ma­tu­rity and fu­ture po­ten­tial. The five phases in the Hype Cy­cle are Tech­nol­ogy Trig­ger, Peak of In­flated Ex­pec­ta­tions, Trough of Dis­il­lu­sion­ment, Slope of En­light­en­ment and Plateau of Pro­duc­tiv­ity.


The peak of in­flated ex­pec­ta­tions is a phase of over en­thu­si­asm and un­re­al­is­tic pro­jec­tions, where the hype is not matched by suc­cess­ful de­ploy­ments in main­stream use. This year the tech­nolo­gies at the peak in­clude data loss pro­tec­tion for mo­bile de­vices, key man­age­ment as-aser­vice and soft­ware-de­fined perime­ter. Gart­ner ex­pects all of these tech­nolo­gies will take at least five years to reach pro­duc­tive main­stream adop­tion.


When a tech­nol­ogy does not live up to the hype of the peak of in­flated ex­pec­ta­tions, it be­comes un­fash­ion­able and moves along the cy­cle to the trough of dis­il­lu­sion­ment. There are two tech­nolo­gies in this sec­tion that Gart­ner ex­pects to achieve main­stream adop­tion in the next two years:

Dis­as­ter re­cov­ery as a ser­vice (DraaS: This is in the early stages of ma­tu­rity, with around 20-50 per­cent mar­ket pen­e­tra­tion. Early adopters are typ­i­cally smaller or­ga­ni­za­tions with fewer than 100 em­ploy­ees, which lacked a re­cov­ery data cen­ter, ex­pe­ri­enced IT staff and spe­cial­ized skills needed to man­age a DR pro­gram on their own.

Pri­vate cloud com­put­ing: This is used when or­ga­ni­za­tions want to the ben­e­fits of pub­lic cloud — such as IT agility to drive busi­ness value and growth — but aren’t able to find cloud ser­vices that meet their needs in terms of reg­u­la­tory re­quire­ments, func­tion­al­ity or in­tel­lec­tual prop­erty pro­tec­tion. The use of third-party spe­cial­ists for build­ing pri­vate clouds is grow­ing rapidly be­cause the cost and com­plex­ity of build­ing a true pri­vate cloud can be high.


The slope of en­light­en­ment is where ex­per­i­men­ta­tion and hard work with new tech­nolo­gies are beginning to pay off in an in­creas­ingly di­verse range of or­ga­ni­za­tions. There are cur­rently two tech­nolo­gies on the slope that Gart­ner ex­pects to fully ma­ture within the next two years:

Data loss pro­tec­tion (DLP): This is per­ceived as an ef­fec­tive way to pre­vent ac­ci­den­tal dis­clo­sure of reg­u­lated in­for­ma­tion and in­tel­lec­tual prop­erty. In prac­tice, it has proved more use­ful in help­ing iden­tify un­doc­u­mented or bro­ken busi­ness pro­cesses that lead to ac­ci­den­tal data dis­clo­sures, and pro­vid­ing ed­u­ca­tion on poli­cies and pro­ce­dures. Or­ga­ni­za­tions with re­al­is­tic ex­pec­ta­tions find this tech­nol­ogy sig­nif­i­cantly re­duces un­in­ten­tional leak­age of sen­si­tive data. It is rel­a­tively easy, how­ever, for a de­ter­mined in­sider or mo­ti­vated out­sider to cir­cum­vent.

In­fra­struc­ture as a ser­vice (IaaS) : A con­tainer en­cryp­tion is a way for or­ga­ni­za­tions to pro­tect their data held with cloud providers. It’s a sim­i­lar ap­proach to en­crypt­ing a hard drive on a lap­top, but it is ap­plied to the data from an en­tire process or ap­pli­ca­tion held in the cloud. This is likely to be­come an ex­pected fea­ture of­fered by a cloud provider and in­deed Ama­zon al­ready pro­vides its own free of­fer­ing, while Mi­crosoft sup­ports free BitLocker and DMcrypt tools for Linux.


Four tech­nolo­gies have reached the plateau of pro­duc­tiv­ity, mean­ing the real-world ben­e­fits of the tech­nol­ogy have been demon­strated and ac­cepted. To­k­eniza­tion, high-as­sur­ance hy­per­vi­sors and ap­pli­ca­tion se­cu­rity as a ser­vice have all moved up to the plateau, join­ing iden­tity-proof­ing ser­vices which was the only en­trant re­main­ing from last year’s plateau.

“Un­der­stand­ing the rel­a­tive ma­tu­rity and ef­fec­tive­ness of new cloud se­cu­rity tech­nolo­gies and ser­vices will help se­cu­rity pro­fes­sion­als re­ori­ent their role to­ward busi­ness en­able­ment,” said Heiser. “This means help­ing an or­ga­ni­za­tion’s IT users to pro­cure, ac­cess and man­age cloud ser­vices for their own needs in a se­cure and ef­fi­cient way.”

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.