Top Actions From Gartner Hype Cycle for Cloud Security, 2020

Security leaders can evaluate the emerging technologies on this Hype Cycle to help their organizations make secure use of the public cloud.

Cloud computing has proven battle-ready. During COVID-19, cloud demonstrated it can support unplanned and unexpected needs. Organizations may no longer question its utility, but security remains a commonly cited reason for avoiding it.

In reality, the public cloud can be made secure enough for most uses.

“Even for the most reluctant organizations, there are now techniques such as confidential computing that can address lingering concerns,” says Steve Riley, Senior Director Analyst, Gartner. “You can stop worrying about whether you can trust your cloud provider.”

Learn more: About the Gartner Hype Cycle Methodology

Rethink the Security & Risk Strategy

Why leaders must embrace modern cybersecurity practices

Download eBook

Confidential computing — one of 33 technologies on the Gartner Hype Cycle for Cloud Security, 2020 — is a security mechanism that protects code and data from the host system. By making critical information invisible to third parties, including the host, it potentially removes the remaining barrier to cloud adoption for highly regulated businesses in the financial services, insurance and healthcare sectors.

For example, a retailer and a bank could cross-check customer transaction data for potential fraud without giving the other party access to the original data.

While confidential computing is highly useful in theory, it isn’t plug-and-play. Gartner anticipates a five- to 10-year wait before it is in regular use.

Here are three technologies from the Gartner Hype Cycle for Cloud Security, 2020, to action right now.

Gartner Hype Cycle for Cloud Security, 2020 show s three technologies to take action now.

Secure access service edge 

Secure access service edge (SASE), pronounced “sassy,”  supports secure branch office and remote worker access. SASE’s cloud-delivered set of services, including zero trust network access and software-defined WAN, is driving rapid adoption.

Gartner predicts that by 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at the end of 2018.

Watch out for slideware, especially from incumbent vendors

COVID-19 has highlighted the need for business continuity plans that include flexible, anywhere, anytime, secure remote access at scale, even from untrusted devices. SASE enables security teams to deliver secure networking and security services in a consistent way, to support digital business transformation and workforce mobility.

SASE is in the early stages of market development but is being actively marketed by the vendor community, with more than a dozen SASE announcements over the past 12 months.

User advice: “Watch out for slideware, especially from incumbent vendors that are ill-prepared for cloud-based delivery as a service model,” says Riley. “This is a case in which software architecture and implementation matters. True SASE services are cloud-native.”

Read more: Gartner Top 9 Security and Risk Trends for 2020

Cloud security posture management 

It is becoming increasingly complex and time-consuming to answer the critical question “are my public cloud applications and services configured securely?” Even simple misconfiguration issues represent significant risk, as evidenced by several public data disclosures last year.

For enterprises that have a multicloud strategy, cloud security posture management (CSPM) assures business and security leaders that their services are implemented in a secure and compliant way across multiple cloud infrastructure as a service (IaaS) providers.

User advice: “First, investigate your cloud provider’s own risk posture assessment capabilities to see if they will satisfy the requirement, even if they fall short of commercial offerings,” Riley says. “Also check if any products you already have include CSPM capabilities.”

Cloud access security brokers  

Unlike traditional security products, cloud access security brokers (CASBs) are designed to protect data that’s stored in someone else’s systems. They enable organizations to achieve consistent security policies and governance across many cloud services and demonstrate that cloud use is well-governed.

We recommend seeking one-year contract terms over lengthier ones

Rethink the Security & Risk Strategy

Why leaders must embrace modern cybersecurity practices

Download eBook

The pace of Gartner client inquiry indicates that CASBs are a popular choice for cloud-using organizations. Although Gartner’s latest spending forecast shows slowing growth for all security markets, CASBs’ expected growth remains higher than any other information security market at 33% in 2020. This high-benefit technology has entered the mainstream and the number of vendors has stabilized.

User advice: “Differentiation among vendors is becoming difficult, and several have branched beyond SaaS governance and protection to include other features such as CSPM and user and entity behavior analysis (UEBA). Given continued feature expansion and relative ease of switching, we recommend seeking one-year contract terms over lengthier ones,” says Riley.

Explore now: 5 Trends Drive the Gartner Hype Cycle for Emerging Technologies, 2020

Some Gartner clients can read more in Hype Cycle for Cloud Security, 2020 by Steve Riley et al.


This research is part of the 2020 Hype Cycle Special Report: Innovation as Strategy, a research collection that helps organizations identify opportunities that enable the creation of new business and operating models

Get Smarter

Follow #Gartner

Attend a Gartner event

Explore Gartner Conferences

Gartner IT Roadmap for Cybersecurity: A Resilient Strategy

Gartner IT roadmap for cybersecurity based on unbiased research and...

Learn More


Get actionable advice in 60 minutes from the world's most respected experts. Keep pace with the latest issues that impact business.

Start Watching