The Gartner ® Hype Cycle™ report represents the maturity, adoption, and social application of emerging technologies in a simple and graphical way. For the uninformed, there are five phases of the maturity cycle which include technology trigger, peak of inflated expectations, trough of disillusionment, slope of enlightenment, and plateau of productivity. The Hype Cycle helps technology buyers determine whether or not new products and solutions are serving up value or disillusionment.
DoControl was included in both the 2022 Hype Cycles for Workload and for Network Security* and Application Security.** Last year, we were represented in the Hype Cycle for Cloud Security. Separately, we were recognized in the 2022 Gartner® Market Guide for Insider Risk Management Solutions as a representative vendor. As an emerging Software as a Service (SaaS) security vendor, we are tickled pink by our inclusion in all of these publications.
When you look at the SaaS security market, it is a greenfield opportunity to say the least. There are a multitude of different technologies – both old and new – trying to solve an array of different challenges that exist within SaaS applications. SaaS adoption and utilization continues to increase, and experienced explosive growth during and after the pandemic. Both workloads and workforces are now decentralized in nature, and security leaders need to be able to support this model.
From the Hype Cycle for Workload and Network Security, 2022:
“Business-critical applications are commonly being delivered from SaaS platforms, requiring consideration of both the data being stored in these applications and how they are configured and interconnected.”
Let’s dissect the two considerations in this sentence. First, misconfiguration. The risk imposed by misconfigurations in the cloud is one of the main causes for a data breach in the modern IT estate. Configuration drift and misconfigurations in general are a huge problem for organizations of all sizes and types leveraging all things ‘as a Service.’ The lesser known consideration is the “data stored in these applications.”
Think about the number of identities – both internal and external – that are accessing SaaS applications. Some of these apps are sanctioned and within the jurisdiction of the IT/Security team. Others are rogue and unsanctioned. Now consider the sheer number of data and files that exist within this environment. As the business grows and scales, more data is generated (some of which is surely to be sensitive!), and there are now more places to steal it from.
From the Hype Cycle for Application Security, 2022:
“Security and risk management leaders need to adopt a composable view of application security. They should focus on orchestrating multiple application security innovations to serve as a coherent defense, rather than relying on a set of stand-alone products.”
Composability is an important factor for security and risk management leaders in today’s threat landscape. It’s the wild west out there. Using appropriate technologies to protect assets and users in any location needs to be centralized. If the aforementioned workflows and workloads are now decentralized, security needs to be centralized. Point solutions that work in isolation is folly. Security needs to be a team game. Composability cannot take place if harmonies are not present throughout the security stack. Value-add integrations that deliver defense-in-depth need to exist in order to establish and maintain a strong security posture.
Gartner certainly alludes to the fact that some of the transformative technologies included in the Hype Cycles will likely merge. This is unsurprising as we’re talking about emerging technologies here – survival is certainly not a birthright in this environment! Markets will consolidate. Vendors will either merge or expand their portfolio otherwise they won’t even make it through the “trough of disillusionment.”
When you review the Hype Cycle for general technology graphic above, we here at DoContol are of the opinion that we’re already setting our sails for the “plateau of productivity.” In just two short years, we’ve checked the boxes across initial funding, first-generation of product (DoControl’s Policies), early adoption, second round of venture capital funding, second-generation of product (DoControl’s Security Workflows), methodologies and best practices developing, among others.
At DoControl, we always talk about the “shared responsibility” model in the cloud; and the same principles apply to SaaS. The provider has an obligation to deliver a secure product or service to its customers. The consumer then has the obligation to ensure the security of how that product or service is used. DoControl is committed to serving up value; providing a centralized approach to securing our customer’s SaaS environments so they can move their business forward in a secure way.
The next step in the Hype Cycle for DoControl is to take on “third generation products, out of the box, product suites.” Naturally overtime we will evolve. Over the next couple of quarters we will converge multiple SaaS threat models into a single, unified offering to help security teams protect SaaS data and consolidate vendors all at once. Gartner’s Hype Cycles are a great resource in shaping our messaging and positioning, as we innovate and build on behalf of customers. Request a personalized solution demonstration to see how DoControl can move security closer to what drives your business forward.
--
*Gartner, Hype Cycle for Workload and Network Security, Charlie Winckless, 18 July 2022.
**Gartner, Hype Cycle for Application Security, Joerg Fritsch, 11 July 2022.
GARTNER and HYPE CYCLE are registered trademarks and service marks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.