Posts

Gartner Hype Cycles: Why You Should Believe this Hype

Can there be any more security buzz flying around in the market today? With an estimated 1,600 security vendors each espousing their own rhetoric as to why you just can’t survive unless you have their latest doohickey, it’s no wonder that executives are confused about what’s a smart security investment.

Industry analysts are doing what they can to help executives navigate the complexities of the security market. The sheer number of security categories, sub-categories, and sub-sub-categories is simply astounding, and can further complicate things. And just when you think you have a handle on the latest security trends and you’re confident you know exactly what it is you need, a new threat, new trend, or new technology emerges and makes you re-think everything yet again.

451 Research keeps a close eye on the security market, producing a variety of insightful research including Impact Reports, which feature different companies and independent perspectives on the strengths, weaknesses, opportunities, and threats (SWOT) of those companies. In fact, you can see an Impact Report on OPAQ here.

Gartner also produces a variety of research reports. Some of the most popular reports are the Gartner Hype Cycles, which can be useful as visual guides in helping executives assess different types of security technologies. Two Gartner Hype Cycles that were released earlier this month were the Hype Cycle for Threat-Facing Technologies and Hype Cycle for Enterprise Networking and Communications (these reports are accessible only to Gartner subscribers). The former Hype Cycle features security technologies that aim to “prevent and protect IT systems and applications from attack, enabling fast and effective response.” The latter Hype Cycle features technologies that can help executives to “evolve their networks to support functional and strategic business requirements” and “support digital business initiatives and new business models while also providing flexible, resilient, and scalable connectivity.”

As different as these two Hype Cycles are, there is a common thread – Firewall-as-a-Service is a category represented in both, which features the need for tight integration of networking and security, as well as for automation and orchestration. It’s the first time that Firewall-as-a-Service (FWaaS) is represented in the Hype Cycle for Enterprise Networking and Communications. In both Hype Cycles, it’s defined as “a multifunction security gateway delivered as a cloud-based service or hybrid solution. The promise of FWaaS is to provide simpler and more flexible architecture by leveraging centralized policy management, multiple enterprise firewall features and traffic tunneling to partially or fully move security inspections to a cloud infrastructure.”

With a benefit rating of “High” the business impact of FWaaS “offers a significantly different architecture for branches or even single-site organizations. It also offers greater visibility through centralized policy, increased flexibility and potentially reduced cost by using a fully or partially hosted security workload.” OPAQ is referenced in both Gartner Hype Cycles as a sample vendor providing FWaaS, with serious enterprise-grade Next-Generation Firewall protection powered by Palo Alto Networks.

The as-a-service business model in security is not going away – it’s more than hype; it’s a mainstay. Integrating networking and security into a single cloud service that is simple to deploy and maintain eliminates cost, complexity, and much of the feature-focused security noise that plagues executives pondering smart security investments.

IT Security Professionals Take a Stand: Why They’re Divorcing Themselves from the Security Product Ball and Chain

Business executives despise security – it’s often viewed as an impediment to growth and innovation – but they know they need it. On the other hand, IT security professionals thrive on security and an ecosystem of roughly 1,500 security product and services vendors that compete in a Zoolander-like fashion show, puckering up and striking poses every few minutes to show off their latest wares.

What organizations really need is a set of security functionality that works together to reduce the attack surface and reduce risk. This has traditionally been delivered through a multitude of products and services cobbled together with duct tape and fishing line, resulting in a massively complex and costly infrastructure. In addition to the massive costs, this approach continues to fuel the need for impossible-to-find security experts who can manage and maintain the infrastructure.

What more and more organizations are now realizing is that, rather than receiving the needed security functionality through an array of products and services, they can instead receive it from the cloud. Security-as-a-service not only frees up time for IT security professionals to focus on more strategic business initiatives, but it also reduces costs for business executives seeking to maximize every dollar invested in security.

As a result, what we’re seeing is an influx of IT security professionals picking up bolt cutters and snapping the chains of their traditionally product-centric approach to security. This shift is supported by a market study conducted by analyst firm 451 Research, where they sought to gain insight into the challenges and opportunities more than 300 US mid-tier companies face with respect to network security.

What’s Wrong with More Security Products and Services?
Nothing. As long as you have the personnel expertise, budget and time to dedicate to testing, procuring, integrating, refreshing and managing them. According to the study, more than 82% of respondents claimed they devote between 20 to 60 hours per week of in-house staff resources procuring, implementing and managing network security. The average mid-market organization invests an average of $461,000 per year on IT security, and nearly 40 percent of the total budget is spent on network security. These businesses also expect to increase spending on network security by an average of 10.9% over the next 12 months.

The reality is most mid-tier organizations lack the resources to keep up with this approach. Cloud, mobile and IoT adoption are only making this challenge more difficult.

Despite significant investment in network security, 63% of the respondents expressed having little to no visibility and control over all their distributed network, especially mobile devices, remote users, IoT devices and third parties.

According to the study, tackling these challenges are typically between 3-5 employees dedicated to IT security. This handful of employees are spending many hours managing the various traditional IT security products and services required to protect the network. Many organizations also rely heavily on contractors and part-time employees, as well as MSSP providers, which adds complexity to daily coordination efforts.

What’s keeping these organizations from advancing? 62% cited legacy IT. Challenges presented by legacy IT and personnel shortages are forcing organizations to look for new solutions to solve the network security and resource conundrums.

Nirvana: Automation and Centralized Security Control – From the Cloud
IT security professionals are increasingly looking to cloud-based services and new technologies to address business requirements and security challenges. In fact, two-thirds of the respondents indicated that they strongly prefer using a cloud-based security solution from a security-as-a-service provider for managing or co-managing their security. More than 70% of the respondents indicated they prefer security-as-a-service over on-premises or MSSPs.

The urgency around this shift is strong. More than 85% of the respondents in the study indicated that network security-as-a-service is “important” (within 12 months) or “critical” (within three months). Branch office enablement and optimization and threat management were cited as the main priorities for a swift shift to a network security-as-a-service solution.

The common thread between business executives and IT security professionals is that network security remains a significant business priority. The shift to security-as-a-service is not only about fleeing a complex and costly problem. It’s also about making a smart, strategic move to a delivery model that is strong and sustainable.