Cloud

9/8/2017
12:32 PM
50%
50%

Cloud Security Hype Fails to Match Deployments

Technologies like software-defined perimeter and key management as-a-service generate enthusiasm but will take years to reach mainstream adoption.

Businesses have taken greater interest in securing data, applications, and workloads as they move information to the cloud. However, many top-of-mind security technologies are still years away from deployment at most organizations, as indicated in Gartner's Hype Cycle for Cloud Security.

This year, technologies generating the most enthusiasm include key management as-a-service, data loss protection (DLP) for mobile devices, and software-defined perimeter. Despite the hype, Gartner estimates all will take at least five years to reach mainstream adoption.

On the bottom part of the curve, or "trough of disillusionment," are technologies that failed to meet high expectations. Gartner buckets disaster recovery as-a-service and private cloud computing into this section and anticipates mainstream adoption within two years.

DLP and infrastructure-as-a-service fall on the "slope of enlightenment," meaning experimentation and development of the two technologies are beginning to pay off at more businesses. Researchers anticipate full maturity within the next two years.

Four tools have hit a plateau at which they have broadly demonstrated their benefits in the enterprise. New entrants tokenization, high-assurance hypervisors, and application security as-a-service have joined identity-proofing services in this section.

Read more details about the technologies here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
9/13/2017 | 7:16:19 AM
Cost
A major reason for this comes down to cost, not just direct but operational as well. As ideal as some cloud deployments may sound they typically are more costly. Similar to new purchasing new technologies, once the price is driven down after a few years, they will become more frequently integrated.
What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR Institute,  7/11/2018
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
Jai Vijayan, Freelance writer,  7/10/2018
7 Ways to Keep DNS Safe
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Locked device, Ha! I knew there was another way in.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-15137
PUBLISHED: 2018-07-16
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.
CVE-2017-17541
PUBLISHED: 2018-07-16
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.
CVE-2018-1046
PUBLISHED: 2018-07-16
pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow ...
CVE-2018-10840
PUBLISHED: 2018-07-16
Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.
CVE-2018-10857
PUBLISHED: 2018-07-16
git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN.