+

Gartner Hype Cycle for Application Security 2017

This month Gartner published their “hype cycles” for 2017. These reports provide a barometer for various technologies within a given market or area of discipline. They represent Gartner’s latest view on the maturity level, adoption rate, and the value of technologies within the particular hype cycle report.

I found the Hype Cycle for Application Security, 2017 particularly relevant to our work here at Axiomatics. Overall, we are also seeing changes in application design and deployment models, with an emphasis on cloud computing and mobile applications, and the potential  security vulnerabilities introduced with these models. In our work with customers, we’ve also seen other trends like IoT, APIs, and DevOps call for greater integration and automation of application security tools. As organizations strive to become digital enterprises, they require the latest innovations in application automation, orchestration and monitoring of security capabilities.

Two of the newer trends in this report are “Application Security Testing Orchestration” and “Application Monitoring and Protection”. According to Gartner, “Application security testing orchestration (ASTO) integrates security tooling across a software development life cycle (SDLC), typically as part of DevSecOps initiatives.” As stated in the report, “Application vulnerability correlation (AVC) tools are workflow and process management tools that streamline software development application vulnerability testing and remediation. They incorporate findings from various security-testing data sources into a centralized tool. AVC tools correlate vulnerability findings to centralize data, perform analysis, prioritize remediation and coordinate application security activities.”

At the peak of the hype cycle are technologies such as Bot Management, Mediated APIs, Format Preserving Encryption, Mobile Threat Defense, User and Entity Behavior Analytics and Privacy by Design. These technologies are enabling highly disruptive business models, giving organizations the ability to pursue digital business innovation. That said, they are still immature technologies with limited track records.  IT leaders should examine how these technologies could impact their industries, and decide which to pursue to create competitive advantage for their company.

Another technology noted in the report is “Dynamic Data Masking”, defined by Gartner as, “a technology that aims for real-time data masking of data. DDM changes the data stream so that the data requester does not get access to the sensitive data, while no changes to the original production data take place.” Axiomatics was named as a sample vendor in this category. With dynamic data masking, sensitive data is obscured or obfuscated in some way to render it ‘safe’. “Static” masking means that the data is changed in the database itself (and usually this means that the originally raw data cannot easily be retrieved, if at all); “Dynamic” data masking means that data is changed at the time it is requested. We’ve been developing our approach to dynamic data masking within our data-centric authorization tools for relational databases and Big Data. As part of a policy-based approach to protecting the contents of databases and data stores, dynamic data masking is invaluable to ensuring PII is obscured from view, and helping enterprises meet privacy laws globally and in unique jurisdictions.

In conclusion, the report states that application development is experiencing a new surge of technology and development practices as organizations adopt digital business initiatives. Application leaders modernizing application development must aggressively investigate maturing technologies and proactively assess the emerging wave. (Hype Cycle for Application Development, 2017, August, 2017)

To purchase Gartner’s Hype Cycle for Application Security 2017 Report, click here.

 

Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

 

Related Articles

You could build your own Authorization solution…but should you?
Dynamic Authorization
Having spoken with many customers about the challenges around authorization, one of the themes that has come up time and time again is whether an...
The one about ISO certifications | Dynamically Speaking
Dynamically Speaking
Recently, Axiomatics announced we’d achieved ISO 9001 and ISO 27001 certifications. But…what does that really mean? In this episode of Dynamically Speaking, Axiomatics COO Alexander...
What happened to Robinhood?
Business
Recently, Robinhood shared they experienced a data security incident whereby someone gained access to the personal information of some customers. The attack stemmed from a...