Cloud risks

Best time to invest in cloud security tech

Cloud security technologies are constantly evolving, making it challenging for agencies to determine the best time to invest in these services. Agencies can determine when cloud solutions are mature and stable enough for investment with help from Gartner's  cloud security hype cycle. "Understanding the relative maturity and effectiveness of new cloud security technologies and services will help … an organization’s IT users to procure, access and manage cloud services for their own needs in a secure and efficient way." Gartner's VP of Research Jay Heiser said.

The first five years of a technology's development sparks peak interest, but the hype surrounding these innovative solutions often doesn’t match adoption.  In 2017, Gartner sees data loss protection for mobile devices, key management-as-a-service and software-defined perimeter technologies as falling into this category.

When technology doesn’t live up to the hype of inflated expectations, it becomes unpopular with buyers, but may still be relevant for some organizations.  Identity as a service in the "trough of disillusionment" phase and is two to five years away from mainstream adoption. Disaster recovery as a service and private cloud computing, which agencies use to primarily to meet security and regulatory requirements, will reach mainstream adoption within the next two years, Gartner says. 

Two technologies that are beginning to pay off: data loss protection and Infrastructure-as-a-service.

DLP technologies can help prevent accidental disclosure of information and identify undocumented or broken business processes that lead to accidental disclosures.  Although it can reduce unintentional leakage, it is still relatively easy for a determined insider or motivated outsider to circumvent.

IaaS container encryption, which allows data owners to protect their data hosted by cloud providers, is expected to be fully mature within two years. Major cloud providers already offer this feature:  Amazon already provides its own free offering, while Microsoft supports free BitLocker and DMcrypt tools for Linux, Gartner said.  

Real-world benefits also have been seen from tokenization, high-assurance hypervisors, application security as a service and identity services.  These technologies have demonstrated real world benefits in the market and are widely accepted as part of the cloud security landscape.

More information on Gartner’s 2017 hype cycle for cloud security can be found here.

About the Author

Sara Friedman is a reporter/producer for GCN, covering cloud, cybersecurity and a wide range of other public-sector IT topics.

Before joining GCN, Friedman was a reporter for Gambling Compliance, where she covered state issues related to casinos, lotteries and fantasy sports. She has also written for Communications Daily and Washington Internet Daily on state telecom and cloud computing. Friedman is a graduate of Ithaca College, where she studied journalism, politics and international communications.

Friedman can be contacted at or follow her on Twitter @SaraEFriedman.

Click here for previous articles by Friedman.


Charter Sponsors