The Gartner® Hype Cycle™ report serves as a valuable resource for organizations seeking to navigate the complex landscape of emerging technologies. The report provides deep insights into the maturity, adoption, and practical application of emerging tools and technologies. The Hype Cycle encompasses five – some, quite comically – distinct phases that reflect the journey of technology adoption:
The innovation trigger
- Peak of inflated expectations
- Trough of disillusionment
- Slope of enlightenment
- Plateau of productivity
By understanding the dynamics of these phases, technology buyers can make informed decisions about the potential value and impact of new products and solutions. After all, achieving both an immediate and long-term return on investment (ROI) is critical in today’s both threat (cyber risk) and resource (stagnant budgets) landscape. Now, let’s talk about data security.
From the report:
“Maintaining consistent data security is difficult because so many products provide siloed security controls, use proprietary data classification, act on specific repositories or processing steps, and do not integrate with each other. This restricts organizations’ ability to identify and deploy adequate, and consistent, data security controls while balancing the business need to access data throughout its life cycle.”
In our opinion, security within cloud and SaaS environments is very much fragmented and decentralized. Data security has never been more important. Data is created, accessed, and manipulated by a wide range of different identities – both human and machine – which quickly introduces an overexposure problem and consequently increases the likelihood of a breach. Data protection platforms should support a unified strategy across all disparate SaaS applications, with functionality that goes far beyond what each individual application provider delivers – most SaaS apps are more focused on being business enablement tools vs. offering native (and robust) security controls.
Security teams should shift their focus to placing controls closer to the critical data within their organization, rather than solely concentrating on fortifying the perimeter of their technology estate. In both theory and in practice, controls that can be circumvented pose a greater risk than having no controls at all. From an attacker's standpoint, data represents a prime target due to its potential value, as it can be exploited for ransom or other malicious purposes.
Protecting data throughout its entire lifecycle, including creation, access, sharing, and editing, is crucial. However, achieving this level of protection at scale presents a significant challenge that drives the need for security automation, which most traditional data protection tools do not provide. A modern approach to data security is needed in order to effectively address this pain point.
To establish security measures that work in modern cloud and SaaS environments, it is essential to adopt an ‘identity-centric’ approach; recognizing that securing data is a natural extension of protecting the wide range of individuals accessing data (i.e. internal users, 3rd party vendors, partners, contractors, etc.). Instead of solely focusing on data, it is imperative to gain a deep understanding of the identities operating within the environment.
This requires considering the extent to which data should be labeled and classified, as well as implementing controls based on human behaviors. Know the business-context is table stakes, and you can better achieve the full business-context of what is actually taking place in your environment by taking an identity-centric approach.
Modern businesses must prioritize data-driven decision making – with the business context in hand – and implement security controls in close proximity to their business-critical data. Security controls need to be closer to the actual data. By adopting this approach, organizations can enhance their security posture, mitigate risks, and ensure the confidentiality, integrity, and availability of their valuable data assets.
If you have an existing Gartner subscription, we urge you to download the full 2023 Gartner® 2023 Hype Cycle™ for Data Security report to better understand the next generation of data security platforms. If you’re interested in learning more about partnering with DoControl, request a solution demonstration to get started.
–
*Gartner, Hype Cycle for Data Security, Brian Lowans, 14 July 2023.
GARTNER and HYPE CYCLE are registered trademarks and service marks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.