STANFORD, Conn. – Security services provided “in the cloud” have the potential to provide cost savings and faster deployment compared with equivalent-capacity, premises-based equipment, but providers are yet to deliver on customer expectations, according to Gartner. And that’s bad news in more ways than one, because technologies at the “Peak of Inflated Expectations” on a Gartner Hype Cycle generally soon tip over the peak – causing disillusionment among users.
“In the cloud” security services – which Gartner defines as Internet-fabric-based managed security services – appear at the “peak of inflated expectations” on Gartner’s 2009 Hype Cycle for Infrastructure Protection. Speaking from the Gartner Information Security Summit at the Sydney Convention Centre, Gartner managing vice president Ray Wagner said the introduction of in-the-cloud and as-a-service offerings in security had the potential to change the landscape for vendors by tilting the advantage toward bandwidth and security-as-a-service providers, and by giving buyers an additional option in build-or-buy decisions.
“Technologies at the ‘peak of inflated expectations’ on a Gartner Hype Cycle are there due to over-enthusiasm and unrealistic expectations, and limited successful implementations, as the technology is pushed to its limits,” Wagner said. “Cloud security providers must deliver on customer expectations for the effectiveness, scalability and cost savings of performing security filtering in the cloud or as a service. The small or midsize business is an appealing initial market for these delivery models at lower price points, and we expect that the technology will become mainstream within two to five years.”
Gartner recommends that organizations look at leveraging security-as-a-service providers, and bandwidth and remote connectivity service providers for opportunities to consolidate premises-based equipment into cloud-based delivery options, especially for remote-office or branch-office situations that would otherwise require on-site deployment and hardware maintenance.
As an example of a technology that did tip over the peak, Gartner research director Lawrence Orans cited Network Access Control (NAC), which has moved from the “Peak of Inflated Expectations” down to the “Trough of Disillusionment” on the Hype Cycle for Infrastructure Protection since 2006, based largely on the fact that it is not commonly deployed to fulfil its initial usage case – quarantining PCs that are missing patches or have out-of-date antivirus signatures.
Gartner says that most early adopters of NAC have taken a different approach to NAC policies and have found worthwhile usage cases for NAC technologies. Instead of blocking users from the network (and from doing their jobs) because their PCs are missing a patch, most organizations that have deployed NAC are using it to implement guest network services.
“NAC functionality is increasingly being embedded in infrastructure and in core security products such as firewalls and endpoint protection platforms, which will help make NAC more affordable and easier to implement and manage,” Orans said. “We currently rate the technology as early mainstream and estimate that it will reach maturity within two to five years.”
Additional information is available in the Gartner report ‘A Guide to Security-Related Hype Cycles, 2009’. The report is available on Gartner’s Web site at Gartner.Com
a>>
