Story image

DLP and IaaS container encryption hitting mainstream says Gartner

11 Sep 2017

Experimentation and hard work in data loss protection and infrastructure-as-a-service container encryption technologies are beginning to pay off for an increasingly diverse range of organisations, according to Gartner.

The two technologies have made it onto the ‘slope of enlightenment’ on Gartner’s 2017 Hype Cycle for Cloud Security, with the analyst firm forecasting both technologies to fully mature within the next two years.

The hype cycle aims to showcase which technologies are ready for mainstream use and which are still years away from productive deployments for most organisations.

Jay Heiser, Gartner research vice president, says security continues to be the most commonly cited reason for avoiding public cloud use.

“Yet paradoxically, the organisations already using the public cloud consider security to be one of the primary benefits,” Heiser says.

“Data loss protection is perceived as an effective way to prevent accidental disclosure of regulated information and intellectual property,” Gartner says.

“In practice, it has proven more useful in helping identify undocumented or broken business processes that lead to accidental data disclosures, and providing education on policies and procedures.

“Organisations with realistic expectations find this technology significantly reduces unintentional leakage of sensitive data,” Gartner says.

However, the company also notes that it is ‘relatively easy’ for determined insiders or motivated outsiders to circumvent DLP.

Meanwhile Gartner says IaaS container encryption, which providers organisations with a way to protect data held with cloud providers by encrypting data from an entire process or application held in the cloud, is likely to become an ‘expected feature’ offered by cloupd providers.

“Indeed Amazon already provides its own free offering, while Microsoft supports free BitLocker and DMcrypt tools for Linux.”

The latest cloud security hype cycle see tokenisation, high-assurance hypervisors and application security-as-a-service joining identity-proofing services on the ‘plateau of productivity’ – meaning the real world benefits of the technologies have been demonstrated and accepted.

Identity-proofing services is the only entrant remaining from last year’s hype cycle plateau of productivity.

Disaster recovery-as-a-service and private cloud computing have both been relegated to the ‘trough of disillusionment’ – when technology doesn’t live up to initial hype and become unfashionable – though Gartner says it expects both to achieve mainstream adoption within the next two years.

Gartner notes DRaaS has around 20-50% market penetration.

“Early adopters are typically smaller organsiations with fewer than 100 employees, which lacked a recovery data centre, experienced IT staff and specialised skills needed to manage a DR program on their own.”

Gartner notes that the use of third party specialists for building private clouds – used when companies want the benefits of public cloud but aren’t able to find cloud services which meet their needs in terms of regulatory requirements, functionality or IP protection – is growing rapidly because of the cost and complexity of building a true private cloud.

Data loss protection for moible devices, key management-as-a-service and software defined perimeter are among the technologies assigned to the ‘peak of inflated expectations’ category, with Gartner noting the offerings will take at least five years to reach productive mainstream adoption.

"Understanding the relative maturity and effectiveness of new cloud security technologies and services will help security professionals reorient their role towards business enablement," Heiser says.

"This means helping an organisation's IT users to procure, access and manage cloud services for their own needs in a secure and efficient way."

Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
SIS announces a partnership with Platform 4
“We are looking forward to a strong future in the New Zealand security industry with this global giant as our strategic partner."
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
Kiwis know security is important, but they're not doing much about it
Only 49% of respondents use antivirus software and even fewer – just 19% -  change their passwords regularly.