By Anthony Frum
Product Specialist, Skyhigh Security

Just a couple weeks ago, Skyhigh Security attended Gartner’s Security & Risk Management Summit at the beautiful Gaylord National Resort & Convention Center in National Harbor, MD. Over 2,500 leaders and technical professionals in the security industry, many of them CISOs, came together to learn, share, and collaborate on the latest trends in security at this critical event. Gartner analysts and the attending security vendors hosted over 175 sessions divided into eight tracks including topics such as Infrastructure Security, Application and Data Security, Competitive Security Market Dynamics and Product Leaders, and CISO Circle. With such a broad range of topics, vendors, and attendees, it was quite a lot to digest, but several key trends were quickly apparent.

Perhaps the most pervasive theme was, not surprisingly, Zero Trust. All aspects of an organization’s security posture are subject to this paradigm shift in the way we approach security. The shift to zero trust has been in full swing for a few years, but it enjoys a renewed focus in the wake of President Biden’s executive order on improving the nation’s cybersecurity. The new world of work from home makes device posture and identity top-of-mind concerns for everyone. Organizations are looking for new ways to ensure that identity is secure and to ensure that only properly secured devices are allowed to access critical resources and data. This was the focus of quite a few sessions at the conference, but it could also be clearly seen by the vendor presence in the exhibit showcase. A quick glance around at the booths on the show floor made it evident that identity & access management (IAM) and device posture assessment were key challenges the security market is trying to tackle today. In many of the sessions, the reliability of traditional multi-factor authentication (MFA) was called into question, and new, passwordless methodologies were discussed. To support work from personal devices, technologies such as remote browser isolation (RBI) and ephemeral clients can be used to insulate company resources from untrusted devices while still enabling job functions. These are just a few examples of the very apparent momentum in the security market to address the need to implement zero trust pervasively.

While traditional data loss prevention (DLP) could be considered “old hat,” it was clear from the conference that there is renewed interest in data security today. This is partially driven by the move to the cloud which introduces new risks to data in the form of sharing, collaboration, and unmanaged device access. However, data privacy legislation such as GDPR and CCPA are also tremendous factors. One Gartner analyst shared a prediction that “by the end of 2023, 75% of the world’s population will have its personal data covered under modern privacy regulations, up from 25% today.” GDPR’s impact to the security industry cannot be easily overstated, and similar policies being applied in the majority of the world will put an additional burden on security organizations requiring new tools and capabilities to adhere to these crucial regulations. This puts a spotlight on cloud-oriented data security technology such as cloud access security brokers (CASB) and a potentially emerging collection of technologies called data security posture management (DSPM) which includes elements of cloud security posture management (CSPM), database security, database activity monitoring (DAM), and CASB. These newer capabilities when combined with traditional DLP could help pave the way for organizations to successfully adhere to a wave of new data privacy regulations.

A hot topic related to data security was the new Security Service Edge (SSE) market which Gartner defined last year as a component of Secure Access Service Edge (SASE). SASE was defined by Gartner in 2019 as a convergence of network and security technologies, and now they have defined the security components of SASE as SSE. SSE has three pillars – cloud access security broker (CASB), secure web gateway (SWG), and zero-trust network access (ZTNA). Tangential technologies such as firewall as a service (FWaaS) and digital experience monitoring (DEM) are loosely included in this new market definition from Gartner. There were several heavily attended sessions on SSE as this year’s conference was the first time many were exposed to this new idea. Gartner analysts Charlie Winckless and Dennis Xu each hosted sessions explaining the new SSE market, its component technologies, and the future of the market as they see it. Charlie Winckless presented the results of the most recent Gartner Magic Quadrant in which Skyhigh Security was named one of three leaders in the space. He also touched on the recent Critical Capabilities for Security Service Edge in which Skyhigh Security received the highest scores in all four of the areas evaluated. Dennis Xu focused on the value of the consolidation of these technologies versus a “mesh” approach integrating these technologies from different vendors. He also discussed the more common option of a 2-vendor approach to SASE in which the SD-WAN solution integrates with a consolidated SSE solution from a separate vendor in contrast to the 1-vendor approach in which SD-WAN and SSE are purchased from the same vendor.

Both sessions regarding the new SSE market were precursors for the Gartner Show Floor Showdown for SSE in which Skyhigh Security and five other vendors presented a 12-minute demonstration of their solution’s capabilities. Gartner outlined a set of four key use cases for each vendor including protecting managed devices accessing the public web, protecting sensitive data in sanctioned cloud applications, security access to private apps, and unified data protection. As Skyhigh’s product specialist, I presented first followed by competitors Netskope and Zscaler. You can review my demo here. A second session included presentations from vendors iboss, Lookout, and Palo Alto Networks. Attendance was strong at all of these sessions as the market is clearly interested in the promise of SSE to address today’s challenges in cloud security, data security, and a work from home world. After the presentations were complete in each session, vendors fielded questions from the audience ranging from deployment timelines to the robustness of the vendor’s cloud infrastructures. The sessions were extremely enlightening for everyone involved.

The Gartner Security & Risk Management conference was a fantastic experience where tons of new ideas, capabilities, experience, and lessons learned were shared among some of the best minds in the security space. Skyhigh Security was proud to be recognized as a leader in the new SSE market and to show off our latest capabilities in the Show Floor Showdown. If you were unable to attend this year, we would highly recommend that you consider carving some time out on your calendar in 2023!