Predicts 2016: Security Solutions

The security market will continue to evolve alongside new requirements arising from the Internet of Things, cloud computing and sophisticated targeted attacks. Enterprise security providers can use these predictions to prepare for a market facing increasingly complex and focused assaults.

Key Findings

• Expect a shift in demand for IoT security-related spend toward new IoT initiatives, such as connected cars, smart cities, advanced metering infrastructures and, eventually, smart homes.
• DLP providers will be compelled to seek partnerships or integration with CASB platforms to remain competitive.
• Demand for SDP technology will grow over the next two years to isolate, securely segment and provide secure encrypted access to infrastructures, albeit at a moderate deployment penetration rate.
• A significant increase in demand for lightweight appliances and cloud-based offerings aggregating IGA, PAM, UEBA and adaptive access controls is expected over the next three years.
• The shift toward spending on outsourcing services will increase over the next four years, which will characterize a reshaping of global security budgeting.

Recommendations

• Strategic planners at established IT security vendors and IoT platform providers: Consider acquisitions/partnerships with niche vendors specializing in IoT security capabilities.
• Sales enablement leaders at security technology providers: Craft product bundles and technology partnerships that allow security outsourcing providers to build scalable and repeatable security processes that are not only attractive to end users, but also ensure the partner generates higher profit margins.
• Product managers: Plan to integrate (via partnerships) CASB capabilities into their solutions to support cloud applications and cloud storage; acquire these capabilities if need be.
• Product leaders at network security infrastructure and firewall providers: Examine SDP for how it may be used or integrated into their existing products to provide enhanced capabilities within edge devices, as well as the data center, with a focus on SDP gateway functionality.

Strategic Planning Assumptions

By 2019, 60% of IoT security spend will relate to OT initiatives, down from 90% in 2015.

By 2019, total enterprise spending on security outsourcing services will be 80% of the spending on security software and hardware products, up from 50% in 2015.

By 2018, 70% of large enterprises will identify IGA, PAM, UEBA and adaptive access as in-scope IAM requirements, resulting in new vendor platform offerings.

Through the end of 2017, at least 10% of enterprise organizations (up from less than 1% today) will leverage software-defined perimeter (SDP) technology to isolate sensitive environments.

By 2019, 45% of enterprises will manage data loss by leveraging CASBs and using encryption and enterprise digital rights management (EDRM) techniques.

Analysis

What You Need to Know

The predictions addressed in this research focus on five fundamental trends that will drive change.

It is expected that new IoT security demands will originate from new industry deployments, such as automotive, government and energy, shifting the balance gradually from well-established demand arising from operational technology (OT) security spend, which has been capturing the bulk of the market so far.

The rise in popularity of cloud access security broker (CASB) offerings will impact go-to-market approaches for a number of security controls. Data loss prevention (DLP) will be one such area influencing all players to seek a CASB partnership or an acquisition by 2017.

The challenges stemming from the need to appropriately segment and provide suitable access control to enterprise networks will drive the uptake of software-defined perimeter (SDP) technology, although at a moderate level, within the next two years.

New demand for integrated multifunction capabilities will drive the availability of new lightweight appliances and cloud-based platform offerings that integrate identity governance and administration (IGA), privileged access management (PAM), user and entity behavior analytics (UEBA), and adaptive access control security.

The popularity of outsourcing security functions is expected to continue, tipping the balance against spend made toward security software and hardware products.

Strategic Planning Assumptions

Strategic Planning Assumption: By 2019, 60% of IoT security spend will relate to OT initiatives, down from 90% in 2015.

Analysis by: Ruggero Contu

Key Findings:

With the expected increase of deployment of IoT devices across many sectors and industries, Gartner also expects new demand for IoT security products and services to accelerate. So far, the majority of spend on IoT security related to demand is coming from industries utilizing OT, such as industrial control systems. Sectors such as the automotive industry, utilities and government will drive new demands, although at different levels, as part of initiatives related to areas such as connected cars and smart cities.

With growing concerns relating to critical infrastructure protection aspects, there is the expectation that regulatory and compliance mandates will increase globally to provide improved security.

Market Implications:

The IoT security market is expected to continue to evolve and grow as a result of new demand being generated. The need for new capabilities and tools is growing as a result of new vulnerabilities being discovered. Enterprises are often unprepared to deal with the new dimension of the problems caused by companies embracing digital business models. This evolution is relevant to traditional security providers, which can reshape current offerings to cater for IoT security-related demands, but particularly for specialist players developing innovation that addresses specific IoT security needs.

Gartner estimates that a new architectural model will evolve, alongside such demands, in which security technology and services will be made available at the device and network layer, characterizing the emergence of security solutions made within endpoints, gateways and IoT platform providers. Capabilities will include software vulnerability assessment, application control, network security, access control and threat intelligence.

Recommendations:

• Strategic planners at established IT security vendors and IoT platform providers must consider acquisitions or partnerships with niche vendors specializing in IoT security capabilities.
• Product managers must consider new demands arising from new IoT initiatives and shape offerings that target specific industry use cases.
• Marketing executives should develop a well-defined go-to-market strategy that leverages the expertise and relationships developed by channel partners with industry-specific business models.
• Sales managers must take into consideration the varying levels of readiness, maturity and related business opportunities available from different IoT industry initiatives. Vertical sectors and regional variations require targeted approaches.

Strategic Planning Assumption: By 2019, total enterprise spending on security outsourcing services will be 80% of the spending on security software and hardware products, up from 50% in 2015.

Analysis by: Sid Deshpande

Key Findings:

The security outsourcing market (which includes managed security services and on-premises outsourcing) was $12.3 billion in 2015 and constituted approximately 50% of the total enterprise spending on security software and hardware products. Gartner expects this number to grow to 80% by 2019. This metric essentially indicates that outsourcing services for monitoring and management of security infrastructure are becoming as large a spending area as the spending on security infrastructure (hardware and software products). Security outsourcing consists of either remotely delivered managed security service (MSS) and/or on-premises staff augmentation services. As the numbers and complexity of available security technologies increase, relative to the skilled professionals available to deploy and manage them, enterprises will look to use security outsourcing services to augment their security program. Leveraging security outsourcing services, particularly for operational tasks like monitoring, will allow organizations to focus their limited in-house resources to ensure their organization can deliver digital business outcomes in a secure, timely and resilient manner.

Sales enablement leaders at security providers should note the following emerging trends in this space:

• Customer satisfaction with outsourced security projects and providers is fickle and directly affects customers' perception of underlying security technologies. This makes it important for technology providers to choose the right security outsourcing partners and enable their success.
• The decision on whether or not to leverage a security outsourcing provider often depends on an organization's culture and politics. For example, the security team might want to retain control over a majority of the security functions and ask for head count to grow the security team internally, whereas the business might be of the opinion that operationalizing some security functions is a better option.
• The most common security activity that is outsourced is monitoring/management, because it is the most cost- and labor-intensive part of the security program. Hybrid security monitoring models are becoming increasingly common to allow organizations to retain some level of control and customization over their monitoring operation.

Market Implications:

The increased demand for security outsourcing services will result in these providers increasingly wielding more influence on customers' security technology purchasing decisions. This trend will also mean that traditional security SIs and VARs are at risk of being disintermediated by security outsourcing providers. Security technology providers will need to redesign their product management and partner strategy with MSS provider (MSSP) requirements in mind. To successfully fulfill this demand for external security services, security outsourcing providers (particularly MSSPs, because they hold customer data off-site) will need to focus on better security and assurance measures to generate trust among their customer base.

Recommendations:

Sales enablement leaders at security technology providers should:

• Craft product bundles and technology partnerships that allow security outsourcing providers to build scalable and repeatable security processes that are not only attractive to end users, but also ensure the partner generates higher profit margins.
• Work with product management leaders to enable security outsourcing providers to engage in partnerships with other segments of your technology and channel partner ecosystem, thereby creating a joint business planning vision with them and establishing lasting relationships with their clients.
• Choose outsourcing partners based on the strength of their security practice "on paper," as well as feedback from customers actually using them for strategic engagements.

Strategic Planning Assumption: By 2018, 70% of large enterprises will identify IGA, PAM, UEBA and adaptive access as in-scope IAM requirements, resulting in new vendor platform offerings.

Analysis by: Perry Carpenter

Key Findings:

• Organizations are realizing that identity is a critical attack vector, and they desire to have increased end-to-end visibility and control over identity-based attack vectors.
• Implementation of traditional IGA components does a fair job of automating static identity-related policies and providing reports and processes for identity governance. Current identity toolsets, however, lack real-time capabilities for detecting and responding to misuse of credential sets.
• The combination of IGA, PAM, UEBA and adaptive access control tools as they exist today provides the basic building blocks for a powerful platform that can serve the basic fulfillment and governance needs of identity, while also providing visibility and automation for mitigating identity-related misuse.

Market Implications:

• A number of UEBA vendors will become either acquisition targets or partners of choice for IAM vendors.
• While many of the large-scale IAM vendors already have PAM products as part of their portfolio, more work will need to be done to integrate IGA and PAM and to have additional functionality (such as session monitoring). Stand-alone PAM vendors will become acquisition targets by IAM vendors still seeking to round out their functionality and remain competitive. Additional OEM partnerships may also be available.
• Stand-alone PAM vendors will still be valuable and sought by organizations needing to mitigate issues associated with privileged access. However, as IAM vendors increasingly add PAM to their platform solution or improve their existing offerings, stand-alone vendors will struggle to remain relevant and may be increasingly displaced as companies upgrade their current IAM stack to future identity platforms.

Recommendations:

• Strategic planners need to assess their corporate product portfolio and partner ecosystem to determine if their current organization possesses the components of the new IAM platform or if they need to build or create functionality or use an OEM approach.
• Product managers need to realize that while IAM suite vendors have spent several years working to simplify implementations and counter the understanding that IGA implementations are long, complex and costly, there is still more work to be done. Continue to focus on creating lightweight, easy-to-deploy technologies and repeatable implementation processes. If you create an end-to-end platform as discussed earlier – but sacrifice the implementation experience – the perception of your IAM offering(s) will suffer.
• Product marketing managers must position their products as more central to security, rather than a sister discipline. Discussing how identity management fits within the attack kill chain, and messaging explaining how weaknesses related to accounts were leveraged in a number of large-scale breaches, will help.

Strategic Planning Assumption: Through the end of 2017, at least 10% of enterprise organizations (up from less than 1% today) will leverage software defined perimeter (SDP) technology to isolate sensitive environments.

Analysis by: Lawrence Pingree

Key Findings:

• Organizations continue to struggle to properly segment and provide adequate access control over their sensitive networks, hosts and applications within their environments beyond the perimeter firewall or segmentation performed at network boundaries.
• Most organizations focus on a variety of technologies to achieve network segmentation, including network access control (NAC), device-to-device VPN technology and firewalls, to achieve segmentation.
• SDP technology enables organizations to provide people-centric, manageable, ubiquitous, secure and agile access to networked systems, services and applications. It does this by solving a core design flaw in the unsecure manner in which TCP/IP was developed (in other words, without authentication and encryption prior to packet processing).

Market Implications:

• SDP technology can be highly disruptive to network firewall providers and technology providers of VPN technologies because it enables organizations to reduce or eliminate costly appliance deployments and integration into networked environments.
• SDP technology is also disruptive to traditional network security technology deployments, such as NAC, switch-to-switch encryption and internal VPN capabilities. This is because SDP software agent technology can be deployed ubiquitously on any supported operating system and create an instantaneous and dynamic network perimeter.
• SDP disrupts current network spend because it is deployed by leveraging lightweight software agents. It is also easier and often less costly to deploy than firewalls, VPN concentrators, security-enabled network fabric, and other bolt-in network authentication and encryption technologies.
• SDP might also be disruptive to cloud-based VPN technologies, because its ubiquity can be easily extended to cloud deployments with the use of an externalized SDP controller or SaaS offering.

Recommendations:

• Strategic planners must take advantage of growing market opportunities created by SDP and satiating demand in their customer base to enhance security. They must also reduce network security spend and avoid costly network security maintenance, monitoring and additional energy costs associated with physical appliances and other network security infrastructure.
• Product leaders at network security infrastructure and firewall providers should examine SDP and how it might be used or integrated into their existing products to provide enhanced capabilities within edge devices, as well as the data center, with a focus on SDP gateway functionality.
• Larger security technology providers should consider internal development, acquisitions or OEM relationships to acquire SDP technology because of the disruptive nature of the value propositions this new technology promises to deliver to the security market.

Strategic Planning Assumption: By 2019, 45% of enterprises will manage data loss by leveraging CASBs and using encryption and EDRM techniques.

Analysis by: Deborah Kish

Key Findings:

• Integrated and enterprise DLP providers have been migrating their solutions to fit cloud and SaaS models. They are seeking to develop their own solutions in the CASB space to expand their customer base and visibility; they could also acquire the needed capabilities through partnerships.
• New processes that focus on privacy, data security governance and compliance with new regulations are becoming more widely adopted. These include the use of encryption and EDRM techniques that will minimize the level of risk and impact on organizations with respect to storing sensitive data in the cloud.
• The vendor landscape in the DLP market has been in a constant state of change for years. We are beginning to see consolidation between DLP vendors, divestitures and the end of life of products. Examples include RSA exiting the DLP market, Digital Guardian acquiring Code Green Networks and Microsoft announcing it was acquiring Secure Islands.

Market Implications:

• The use of data classification, EDRM and encryption tools will grow as organizations continue to store sensitive data in the cloud.
• As organizations continue storing information in the cloud, the need for adherence to regulatory mandates and to be in compliance with PII, PCI and HIPAA requirements will create further partnerships or acquisitions between DLP providers and CASBs.
• The need for intellectual property protection will be a driver in the adoption of DLP, EDRM and encryption tools as CISOs and IT leaders continually evolve their strategies.

Recommendations:

• Ensure marketing messages include capabilities for coverage for cloud applications, cloud storage and mobile data use to include organic vendors or partnering with, or acquiring, vendors in the CASB market.
• Strategic planners must take advantage of growing market opportunities arising from the demand to implement DLP solutions in reaction to regulatory compliance concerns. They must also focus on intellectual property protection as well as insider threats of data theft.
• Product managers will need to plan to integrate (via partnerships) CASB capabilities into their solutions to support cloud applications and cloud storage; they could acquire these capabilities if need be.

A Look Back

In response to your requests, we are taking a look back at some key predictions from previous years. We have intentionally selected predictions from opposite ends of the scale – one where we were wholly or largely on target, as well as one we missed.

On Target: 2011 Prediction – By 2015, 30% of consumer security product selection criteria will be based on requirements to secure new mobile computing platforms.

While security awareness arising from threats targeting mobile device platforms remains below that of traditional endpoints, such as desktops and laptops, selection criteria for consumer security products are increasingly influenced by the availability of capabilities for mobile devices.

Consumer security providers are also leveraging this demand by offering multidevice licenses as a way to maintain traction and competitiveness against increasing challenges arising from freeware consumer security products.

Missed: 2012 Prediction – By 2015, 20% of the VPN/firewall market will be deployed in a virtual switch on a hypervisor, rather than a physical security appliance.

Gartner has not seen the firewall features of virtualization platforms (such as those offered with VMware) as a major competitor to mainstream firewall vendors because the need for separation of duties drives clients to doubt the infrastructure's ability to protect itself. Gartner covers virtual-only firewall vendors, such as vArmour and Illumio, but has not seen significant adoption. Early VMware work with Palo Alto Networks, and now Check Point Software and Fortinet, has created some buzz for virtualizing data centers and networks and east-west segmentation, but few customers have adopted these, though adoption is growing quickly. As other virtualization platforms, such as XenServer and Hyper-V, gain traction, managing heterogeneous virtualized firewalls from existing physical firewall vendors, virtualization platform vendors and virtual-only firewalls will present a challenge. Performance remains a barrier to wider deployment: Almost all network firewalls today are delivered on purpose-built appliances because of the poorer performance of running firewalls on general-purpose servers. Almost all operating systems within firewall appliances are uniquely hardened, subject to stringent third-party security evaluations. Security-minded enterprises are also rightly skeptical of running firewalls within a hypervisor that is between the threat and the firewall.

Gartner market data indicates that, in 2014, the number of virtual versions of firewalls sold remained flat at less than 2%. Among the 95 reference customers surveyed for the related Magic Quadrant, 0% listed "virtual version available" as a top three reason they selected their current vendor, whereas 53% selected "throughput/speed" as a top three reason. Approximately 30% of respondents selected "price" (34%), "management console/reporting" (32%), "IPS" (32%), "application control" (29%) and "high availability/clustering" (27%).

No dynamic shift toward virtual appliances will occur until a fundamental change to the current network security virtualization market is made and demand drives vendor innovation.