Story image

DLP and IaaS container encryption hitting mainstream says Gartner

11 Sep 17

Experimentation and hard work in data loss protection and infrastructure-as-a-service container encryption technologies are beginning to pay off for an increasingly diverse range of organisations, according to Gartner.

The two technologies have made it onto the ‘slope of enlightenment’ on Gartner’s 2017 Hype Cycle for Cloud Security, with the analyst firm forecasting both technologies to fully mature within the next two years.

The hype cycle aims to showcase which technologies are ready for mainstream use and which are still years away from productive deployments for most organisations.

Jay Heiser, Gartner research vice president, says security continues to be the most commonly cited reason for avoiding public cloud use.

“Yet paradoxically, the organisations already using the public cloud consider security to be one of the primary benefits,” Heiser says.

“Data loss protection is perceived as an effective way to prevent accidental disclosure of regulated information and intellectual property,” Gartner says.

“In practice, it has proven more useful in helping identify undocumented or broken business processes that lead to accidental data disclosures, and providing education on policies and procedures.

“Organisations with realistic expectations find this technology significantly reduces unintentional leakage of sensitive data,” Gartner says.

However, the company also notes that it is ‘relatively easy’ for determined insiders or motivated outsiders to circumvent DLP.

Meanwhile Gartner says IaaS container encryption, which providers organisations with a way to protect data held with cloud providers by encrypting data from an entire process or application held in the cloud, is likely to become an ‘expected feature’ offered by cloupd providers.

“Indeed Amazon already provides its own free offering, while Microsoft supports free BitLocker and DMcrypt tools for Linux.”

The latest cloud security hype cycle see tokenisation, high-assurance hypervisors and application security-as-a-service joining identity-proofing services on the ‘plateau of productivity’ – meaning the real world benefits of the technologies have been demonstrated and accepted.

Identity-proofing services is the only entrant remaining from last year’s hype cycle plateau of productivity.

Disaster recovery-as-a-service and private cloud computing have both been relegated to the ‘trough of disillusionment’ – when technology doesn’t live up to initial hype and become unfashionable – though Gartner says it expects both to achieve mainstream adoption within the next two years.

Gartner notes DRaaS has around 20-50% market penetration.

“Early adopters are typically smaller organsiations with fewer than 100 employees, which lacked a recovery data centre, experienced IT staff and specialised skills needed to manage a DR program on their own.”

Gartner notes that the use of third party specialists for building private clouds – used when companies want the benefits of public cloud but aren’t able to find cloud services which meet their needs in terms of regulatory requirements, functionality or IP protection – is growing rapidly because of the cost and complexity of building a true private cloud.

Data loss protection for moible devices, key management-as-a-service and software defined perimeter are among the technologies assigned to the ‘peak of inflated expectations’ category, with Gartner noting the offerings will take at least five years to reach productive mainstream adoption.

"Understanding the relative maturity and effectiveness of new cloud security technologies and services will help security professionals reorient their role towards business enablement," Heiser says.

"This means helping an organisation's IT users to procure, access and manage cloud services for their own needs in a secure and efficient way."

Corelight and Exabeam partner to improve network monitoring
The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
SailPoint releases first identity annual report
SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Verifi takes spot in Deloitte Asia Pacific Fast 500
"An increasing amount of companies captured by New Zealand’s Anti-Money laundering legislation are realising that an electronic identity verification solution can streamline their customer onboarding."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.