Defined by Gartner as internet-fabric-based managed security services, 'in the cloud' security services appear at the 'peak of inflated expectations' on Gartner's 2009 Hype Cycle for Infrastructure Protection. Services provided may include managed firewalls, intrusion detection systems, intrusion prevention systems, antivirus services, distributed denial-of-service protection services, messaging security and web gateway.
Gartner managing vice president Ray Wagner said the introduction of in-the-cloud and as-a-service offerings in security had the potential to change the landscape for vendors by tilting the advantage toward bandwidth and security-as-a-service providers, and by giving buyers an additional option in build or buy decisions.
"Technologies at the 'peak of inflated expectations' on a Gartner Hype Cycle are there due to over-enthusiasm and unrealistic expectations, and limited successful implementations, as the technology is pushed to its limits," said Mr Wagner. "Cloud security providers must deliver on customer expectations for the effectiveness, scalability and cost savings of performing security filtering in the cloud or as a service. The small or midsize business is an appealing initial market for these delivery models at lower price points, and we expect that the technology will become mainstream within two to five years."
Gartner recommends that organisations look at leveraging security-as-a-service providers, and bandwidth and remote connectivity service providers for opportunities to consolidate premises-based equipment into cloud-based delivery options, especially for remote-office or branch-office situations that would otherwise require on-site deployment and hardware maintenance.
Technologies at the 'peak of inflated expectations' on a Gartner Hype Cycle generally soon tip over the peak and experience disillusionment among corporate users.
Gartner research director Lawrence Orans said that Network Access Control (NAC) is a technology that has moved from the 'peak of inflated expectations' down to the 'trough of disillusionment' on the Hype Cycle for Infrastructure Protection since 2006, based largely on the fact that it is not commonly deployed to fulfil its initial usage case - quarantining PCs that are missing patches or have out-of-date antivirus signatures.
According to Gartner, most early adopters of NAC have taken a different approach to NAC policies and have found worthwhile usage cases for NAC technologies. Instead of blocking users from the network (and from doing their jobs) because their PCs are missing a patch, most organisations that have deployed NAC are using it to implement guest network services.
"NAC functionality is increasingly being embedded in infrastructure and in core security products such as firewalls and endpoint protection platforms, which will help make NAC more affordable and easier to implement and manage," said Mr Orans. "We currently rate the technology as early mainstream and estimate that it will reach maturity within two to five years."
Gartner's security-related Hype Cycles assess major developments in both mature and emerging technologies in a broad range of areas related to security, risk management, compliance and governance, to help security professionals make critical technology purchasing and implementation decisions in an environment of economic uncertainty and constrained resources.
For example, security tools that are early in the development cycle are worth evaluating, but may be too immature for most organisations to use. Businesses that are facing immediate risks from the threats addressed by a newly introduced class of security tools, or seeking to gain competitive advantage by deploying tools early, may want to move ahead more rapidly.
Gartner has seven current security-related Hype Cycles, five of them updated in 2009. These interactive reports track technologies and technology vendors across a comprehensive set of markets and market segments, evaluating their technological capabilities, business value and real-world viability.
Gartner's updated security-related Hype Cycles are:
- Hype Cycle for Business Continuity Management, 2009
- Hype Cycle for Data and Application Security, 2009
- Hype Cycle for Governance, Risk and Compliance Technologies, 2009
- Hype Cycle for Identity and Access Management Technologies, 2009
- Hype Cycle for Infrastructure Protection, 2009
Additional information is available in the Gartner report 'A Guide to Security-Related Hype Cycles, 2009'. The report is available on Gartner's website at http://www.gartner.com/...
Gartner analysts will provide more detailed analysis on the key issues facing the information security industry at the Gartner Information Security Summit, taking place 21-22 September, at the Lancaster London hotel. Gartner analysts, industry experts and IT security practitioners will deliver unbiased, realistic analysis of the current state of information security, as well as an independent vision of how things will evolve over the long term. For complete event details, please visit the Gartner Information Security Summit website at www.europe.gartner.com/.... Members of the media can register by contacting Holly Stevens at holly.stevens@gartner.com.