Cloud adoption was on the rise well before the pandemic, and Gartner now predicts public cloud deployments will outnumber private data center workloads by the end of this year. With this growth comes the urgent need to improve secure access to the web, cloud services and cloud-native applications.
Cloud-first strategies are now common, even among risk-averse organizations. However, execution remains impeded by a lack of necessary skills and tools to ensure secure cloud computing deployments.
Cloud security is the fastest-growing segment in the market for information security technology and services, with particular interest in innovations to support remote working and digital business acceleration.
The Gartner Hype Cycle for Cloud Security, 2021 summarizes the 29 most significant technologies that enable the delivery of controlled, compliant and economical cloud strategies.
Secure Access Service Edge (SASE)
What is it? SASE is delivered as a service and enables access to systems based on the identity of a device or entity, combined with real-time context and security and compliance policies.
SASE delivers multiple converged network and security capabilities, such as SD-WAN and zero trust network access (ZTNA). It also supports branch offices, remote workers, and on-premises general internet security.
How does it benefit your organization? SASE dramatically simplifies the delivery and operation of critical network and network security services mainly via a cloud-delivered model, increasing agility, resilience, and security. It can reduce the number of vendors required for secure access from between four and six today to one or two over the next several years.
What's the timeline? Gartner predicts SASE will have a transformational impact over the next two to five years.
Security Service Edge (SSE)
What is it? SSE secures access to the web, cloud services, and private applications. Capabilities include access control, threat protection, data security, security monitoring, and acceptable use control, all enforced by network- and API-based integration.
How does it benefit your organization? SSE technologies allow organizations to support workers anywhere and anytime, using a cloud-centric approach for the enforcement of security policy. It offers immediate opportunities to reduce complexity and improve user experience by consolidating multiple disparate security capabilities into a single product.
What's the timeline? Gartner predicts SSE will have a high impact over the next three to five years.
SaaS Security Posture Management (SSPM)
What is it? SSPM tools continuously assess the security risk and manage the security posture of SaaS applications. Core capabilities include reporting the configuration of native SaaS security settings, managing identity permissions, and offering suggestions for improved configuration to reduce risk.
How does it benefit your organization? While most organizations use hundreds of SaaS applications, they also rely on a common selection for business-critical operations. Cloud access security brokers provide protection of sensitive data and access at the SaaS layer but are blind to advanced attacks and complex configuration errors.
SSPM tools reduce risk by continuously scanning for and eliminating configuration mistakes, which are the most common cloud security failures.
What's the timeline? Gartner predicts SSPM will have a high impact over the next five to ten years.
Cloud Native Application Protection Platforms (CNAPP)
What is it? New to the Gartner Hype Cycle this year, CNAPPs are an integrated set of security and compliance capabilities designed to help secure and protect cloud-native applications across development and production.
CNAPPs consolidate multiple cloud-native security tools and data sources, including container scanning, cloud security posture management, infrastructure as code scanning, cloud infrastructure entitlements management, and runtime cloud workload protection platforms.
How does it benefit your organization? Securing cloud-native applications requires the use of multiple security testing and protection tools from multiple vendors. This slows developers down and creates fragmented visibility of risk. CNAPPs allow organizations to use a single integrated offering to protect the entire life cycle of a cloud-native application.
What's the timeline? Gartner predicts a lag of five to ten years before CNAPP is established in regular use, but anticipates a high impact.
Some of these cloud security solutions still might take a few years to be universally adopted but reviewing and preparing for them now is essential.
The original article by Tom Croll, senior director analyst at Gartner, is here.
The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends. Image credit: iStockphoto/kynny