Takeaways from Gartner’s 2021 Hype Cycle for Cloud Security report

Gartner predicts worldwide public cloud services will grow 26.2% in 2021 in the group’s latest Forecast: Public Cloud Services, Worldwide, 2019-2025, 2Q21 Update.

In 2020, the cloud kept IT roadmaps and initiatives moving forward while supporting growing virtual workforces and a record-breaking pace of digital transformation. A McKinsey survey of global executives found that the pace of digital transformation accelerated by seven years in 2020.

In addition, 61% of enterprises that integrated cloud as part of their digital transformation efforts grew revenue by 25% or more. Cloud infrastructure also enabled IT to meet tight time-to-market schedules for new applications and systems. However, IT skeptics became believers when cloud infrastructure scaled up and down in response to unpredictable workloads with no previous forecast data to rely on.

Gartner cites the accelerating cloud adoption in enterprises following the pandemic, which is expected to drive a five-year compound annual growth rate (CAGR) of 21.5%. As a result, worldwide public cloud services are predicted to grow from $387.7 billion in 2021 to $805.5 billion in 2025. By 2023, 70% of all enterprise workloads will be deployed in cloud infrastructure and platform services, up from 40% in 2020.

Complexity equals risk

The greater the cloud complexity in an enterprise, the greater the cybersecurity risks. The cloud’s enterprise dominance brings more sophisticated, complex cybersecurity risks and breach attempts that require correspondingly higher-level security techniques. The more complex an enterprise’s cloud infrastructure is, the more challenging it becomes to secure. Gartner predicts that through 2025, more than 99% of cloud breaches will be traced back to preventable misconfigurations or mistakes by end users. Gartner’s latest Hype Cycle for Cloud Security report reflects the progression enterprises are making in adopting cloud-first strategies across all lines of business and at the infrastructure level.

The latest Hype Cycle profiles 29 technologies, down from 33 last year. Gartner has removed cloud security assessments, cloud testing tools and services, disaster recovery-as-a-service (DRaaS) document-centric identity proofing, OAuth 2.0, and OpenID Connect. Multicloud managed services (MCMS) is a new category on this year’s Hype Cycle and was previously referred to as cloud service brokerage (CSB). Gartner defines CSB as an IT role and business activity in which a company or internal entity adds value to one or more (public or private) cloud services.

Key takeaways

• Cloud-native application protection platforms (CNAPP) are new to this year’s Hype Cycle. CNAPPs help secure cloud-native applications by consolidating multiple cloud-native tools and data sources, including infrastructure-as-code (IaC) scanning. Public cloud deployments continue to outpace and will eventually overtake private datacenter workloads as nearly all organizations migrate to a multicloud strategy. Gartner’s logic for creating a new category is to track how the dominance of multicloud deployments is forcing enterprises to combine intelligent automation, including cloud security posture management (CSPM) and cloud workload protection platforms (CWPPs), to protect their IaaS-deployed applications.
• Security services edge (SSE) is also new to this year’s Hype Cycle. Virtual workforces, digital-first selling, service, and customer experience are driving the adoption of security services edge (SSE) technologies. SSE technologies and solutions have proven effective in reducing the complexity of protecting endpoints while improving the cloud services’ security on an enterprise-wide scale. Providing improved endpoint security with access controls, threat protection, data security, security monitoring, and acceptable use control enforced by network-based and API-based integration, SSE is seeing rapid growth and is delivered as a cloud-based service with a few vendors also providing on-premises and agent-based components as part of their architectures. According to Gartner, zero-trust, least-privileged access based on identity and context is a core capability of leading SSE offerings. SSE also appears on the Hype Cycles for Network Security and Application Security this year.
• The challenges of supporting virtual workforces are driving innovation gains in cloud security. In addition, organizations’ increased reliance on their virtual workforces is creating opportunities for cloud cybersecurity providers to raise the intensity and pace of new product development. Gartner sees this dynamic driving demand for improved tooling and innovation in the areas of SaaS security posture management (SSPM), enhanced identity protection tools (cloud-delivered IAM), and zero-trust network access (ZTNA) to replace legacy VPN technologies.
• IT, security and risk management leaders prioritize enterprise digital asset management (EDRM) and cloud tools that can eliminate misconfigurations this year. Gartner believes that EDRM, also known as information rights management (IRM), provides persistent protection of sensitive data, with intellectual property being the primary concern of company executives. EDRM is also used for retaining control of unstructured data transferred through partnerships in secured collaboration workflows. Additionally, IT leaders are looking for new tools to reduce and potentially eliminate cloud misconfiguration errors, as many are finding new areas for improvement based on their internal security audits.
• Inquiries into Gartner on CIEM have more than doubled over the past year. According to Gartner, cloud infrastructure entitlement management (CIEM) tools help enterprises manage cloud access risks via administration-time controls to govern entitlements in hybrid and multicloud IaaS. CIEM platforms also rely on analytics, machine learning, and AI to identify anomalies in account definitions and privileges. CIEM is indispensable for a zero trust network access (ZTNA) strategy as it provides enforcement and remediation of least privileged access.

Conclusions

Gartner’s latest Hype Cycle for Cloud Security reflects how quickly the pandemic is reordering the cybersecurity landscape. IT, risk, and management professionals are most concerned with keeping their intellectual property (IP) secure and alleviating the chance of misconfiguring their cloud infrastructures. Internal audits provide invaluable insights into how misconfigurations can lead to gaps in cloud infrastructure security, especially in hybrid cloud configurations.

There are now many opportunities to secure virtual workforces while protecting hybrid and multicloud infrastructure essential for digital transformation strategies to succeed. This pressure brings a new level of innovation intensity to cybersecurity vendors. That intensity is evident in the pivotal role cloud native application protection platforms (CNAPP) and security services edge (SSE) play in this year’s Hype Cycle for Cloud Security.