Published: 06 July 2022
云安全资源池可提供一整套集成的安全能力,但采购集成解决方案虽然便利,却带来了供应商锁定的风险。安全和风险管理者在做出采购决策前,须对选择单一解决方案供应商的收益和风险进行全面评估。
传统的安全保护手段注重外围防护,多数安全工具均独立工作,无法满足当今企业的安全需要。随着数字化程度的日益提高和云采用的不断增多,企业机构正在寻求以更加灵活、敏捷的方式部署安全能力。
目前,尚无私有云或公有云技术提供商能够完全满足企业机构对安全能力的所有需求;因此,安全和风险管理(SRM)领导者在保护企业机构云环境的安全时,面临巨大的风险和挑战。
由单一提供商提供集成解决方案的做法,给引进多供应商的方案带来挑战,因为很少有供应商会承认其他供应商的安全工具也能在自己的云安全资源池中集成并正常运行。即使供应商自己工具之间的集成也可能出现问题——尤其是当这些工具由不同的团队开发,或者是通过并购获得时。
负责在中国实施安全和风险管理的SRM领导者,应:
在甄选供应商时,应首先询问其是否支持贵公司所使用的云技术,以及其产品是否能够与贵公司已使用的安全工具集成,之后仅向符合这一条件的厂商发出征求建议书,以节约时间。
对入围厂商的产品进行概念验证,确认其产品是否与在第一轮问询中提及的贵公司所使用的云技术和安全工具兼容。除了评估所需的安全能力之外,还应仔细验证产品的可扩展性、自动化和编排、统一监控和管理等。
评估应用编程接口(API)效力,审查标准的支持情况,尤其需要针对供应商不具备的安全能力进行测试,以避免供应商锁定。
提前协商并明确在未来停用或加购某个特定组件时可获得的折扣或应承担的责任。应留意第一眼看上去非常诱人的捆绑折扣——它可能会使贵公司长期受制于一个缺乏灵活性的消费模式。
Clients can log in to view the entire document.
Analysts:
Gartner research, which includes in-depth proprietary studies, peer and industry best practices, trend analysis and quantitative modeling, enables us to offer innovative approaches that can help you drive stronger, more sustainable business performance.
Our independence as a research firm enables our experts to provide unbiased advice you can trust.
Not only is Gartner research unbiased, it also contains key take-aways and recommendations for impactful next steps.
Our research practices and procedures distill large volumes of data into clear, precise recommendations.
We provide actionable, objective insight to help organizations make smarter, faster decisions to stay ahead of disruption and accelerate growth.
We offer one-on-one guidance tailored to your mission-critical priorities.
We work with you to select the best-fit providers and tools, so you avoid the costly repercussions of a poor decision.
Connect directly with peers to discuss common issues and initiatives and accelerate, validate and solidify your strategy.
Gartner clients can log in to access the full library.
Join your peers for the unveiling of the latest insights at Gartner conferences.
©2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.
