government cloud

When to purchase cloud security services

With new cloud security technologies coming to market every day, it can be challenging for agencies to figure out when invest in these services.  Gartner's  cloud security hype cycle can help agencies determine when particular cloud solutions are mature and stable enough for investment.

"Understanding the relative maturity and effectiveness of new cloud security technologies and services will help … an organization’s IT users to procure, access and manage cloud services for their own needs in a secure and efficient way." Gartner's VP of Research Jay Heiser said.

In the first five years of a technology's development there is peak interest, but the hype for these innovative solutions doesn’t match adoption.  In 2017, Gartner sees data loss protection for mobile devices, key management-as-a-service and software-defined perimeter technologies as falling into this category.

When technology doesn’t live up to the hype of inflated expectations, it becomes unpopular with buyers, but may still be relevant for some organizations.  Identity as a service in the "trough of disillusionment" phase and is two to five years away from mainstream adoption. Disaster recovery as a service and private cloud computing, which agencies use to primarily to meet security and regulatory requirements, will reach mainstream adoption within the next two years, Gartner says. 

Two technologies that are beginning to pay off: data loss protection and Infrastructure-as-a-service.

DLP technologies can help prevent accidental disclosure of information and identify undocumented or broken business processes that lead to accidental disclosures.  Although it can reduce unintentional leakage, it is still relatively easy for a determined insider or motivated outsider to circumvent.

IaaS container encryption, which allows data owners to protect their data hosted by cloud providers, is expected to be fully mature within two years. Major cloud providers already offer this feature:  Amazon already provides its own free offering, while Microsoft supports free BitLocker and DMcrypt tools for Linux, Gartner said.  

Real-world benefits also have been seen from tokenization, high-assurance hypervisors, application security as a service and identity services.  These technologies have demonstrated real world benefits in the market and are widely accepted as part of the cloud security landscape.

More information on Gartner’s 2017 hype cycle for cloud security can be found here.

About the Author

Sara Friedman is a reporter/producer for GCN, covering cloud, cybersecurity and a wide range of other public-sector IT topics.

Before joining GCN, Friedman was a reporter for Gambling Compliance, where she covered state issues related to casinos, lotteries and fantasy sports. She has also written for Communications Daily and Washington Internet Daily on state telecom and cloud computing. Friedman is a graduate of Ithaca College, where she studied journalism, politics and international communications.

Friedman can be contacted at [email protected] or follow her on Twitter @SaraEFriedman.

Click here for previous articles by Friedman.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.