This month Gartner published their “hype cycles” for 2017. These reports provide a barometer for various technologies within a given market or area of discipline. They represent Gartner’s latest view on the maturity level, adoption rate, and the value of technologies within the particular hype cycle report.
I found the Hype Cycle for Application Security, 2017 particularly relevant to our work here at Axiomatics. Overall, we are also seeing changes in application design and deployment models, with an emphasis on cloud computing and mobile applications, and the potential security vulnerabilities introduced with these models. In our work with customers, we’ve also seen other trends like IoT, APIs, and DevOps call for greater integration and automation of application security tools. As organizations strive to become digital enterprises, they require the latest innovations in application automation, orchestration and monitoring of security capabilities.
Two of the newer trends in this report are “Application Security Testing Orchestration” and “Application Monitoring and Protection”. According to Gartner, “Application security testing orchestration (ASTO) integrates security tooling across a software development life cycle (SDLC), typically as part of DevSecOps initiatives.” As stated in the report, “Application vulnerability correlation (AVC) tools are workflow and process management tools that streamline software development application vulnerability testing and remediation. They incorporate findings from various security-testing data sources into a centralized tool. AVC tools correlate vulnerability findings to centralize data, perform analysis, prioritize remediation and coordinate application security activities.”
At the peak of the hype cycle are technologies such as Bot Management, Mediated APIs, Format Preserving Encryption, Mobile Threat Defense, User and Entity Behavior Analytics and Privacy by Design. These technologies are enabling highly disruptive business models, giving organizations the ability to pursue digital business innovation. That said, they are still immature technologies with limited track records. IT leaders should examine how these technologies could impact their industries, and decide which to pursue to create competitive advantage for their company.
Another technology noted in the report is “Dynamic Data Masking”, defined by Gartner as, “a technology that aims for real-time data masking of data. DDM changes the data stream so that the data requester does not get access to the sensitive data, while no changes to the original production data take place.” Axiomatics was named as a sample vendor in this category. With dynamic data masking, sensitive data is obscured or obfuscated in some way to render it ‘safe’. “Static” masking means that the data is changed in the database itself (and usually this means that the originally raw data cannot easily be retrieved, if at all); “Dynamic” data masking means that data is changed at the time it is requested. We’ve been developing our approach to dynamic data masking within our data-centric authorization tools for relational databases and Big Data. As part of a policy-based approach to protecting the contents of databases and data stores, dynamic data masking is invaluable to ensuring PII is obscured from view, and helping enterprises meet privacy laws globally and in unique jurisdictions.
In conclusion, the report states that application development is experiencing a new surge of technology and development practices as organizations adopt digital business initiatives. Application leaders modernizing application development must aggressively investigate maturing technologies and proactively assess the emerging wave. (Hype Cycle for Application Development, 2017, August, 2017)
To purchase Gartner’s Hype Cycle for Application Security 2017 Report, click here.
Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.