Source: Gartner (September 2017) Source: Gartner (September 2017)

Security continues to be the most commonly cited reason for avoiding the use of public cloud, according to  Jay Heiser, research vice president at Gartner. However, as he adds: “Yet paradoxically, the organisations already using the public cloud consider security to be one of the primary benefits.”

Gartner has released its  Hype Cycle for Cloud Security aimed at helping security professionals understand which technologies are ready for mainstream use, and which are still years away from productive deployments for most organisations. 

This year the technologies at the peak include data loss protection for mobile devices, key management as-a-service and software-defined perimeter. Gartner expects all of these technologies will take at least five years to reach productive mainstream adoption.

Technologies in the trough are Disaster recovery as a service (DRaaS) and private cloud computing. Gartner expects these to achieve mainstream adoption in the next two years. Disaster recovery as a service (DRaaS) is in the early stages of maturity, with around 20-50 percent market penetration. Early adopters are typically smaller organisations with fewer than 100 employees, which lacked a recovery data centre, experienced IT staff and specialised skills needed to manage a DR program on their own. 

Private cloud computing is being used when organisations want to the benefits of public cloud — such as IT agility to drive business value and growth — but aren’t able to find cloud services that meet their needs in terms of regulatory requirements, functionality or intellectual property protection. The use of third-party specialists for building private clouds is growing rapidly because the cost and complexity of building a true private cloud can be high.

There are currently two technologies on the slope that Gartner expects to fully mature within the next two years:data loss protection(DLP) and infrastructure-as-a-service(IaaS).

Tokenisation, high-assurance hypervisors and application security as a service have all moved up to the plateau, joining identity-proofing services which was the only entrant remaining from last year’s plateau.