Take-aways from Gartner’s 2021 Hype Cycle for Cloud Security Report

All Transform 2021 sessions are now available on demand. Watch now.

Gartner predicts global public cloud services will grow by 26.2% in 2021, according to the latest Forecast: Public Cloud Services, Global, 2019-2025, 2Q21 Update.

In 2020, the cloud kept IT roadmaps and initiatives moving, while supporting a growing virtual workforce and a record-breaking pace of digital transformation. A McKinsey survey of executives worldwide found that: the pace of digital transformation has accelerated by seven years in 2020.

In addition, 61% of enterprises that have integrated the cloud as part of their digital transformation efforts, revenue grew by 25% or more. The cloud infrastructure also allowed IT to meet tight time-to-market schedules for new applications and systems. However, IT skeptics were convinced as cloud infrastructure was scaling up and down in response to unpredictable workloads with no previous forecasting data to rely on.

Gartner cites the accelerated adoption of cloud in enterprises after the pandemic, which is expected to lead to a compound annual growth rate (CAGR) of 21.5% over five years. As a result, global public cloud services are predicted to grow from $387.7 billion in 2021 to $805.5 billion in 2025. By 2023, 70% of all enterprise workloads will be deployed in cloud infrastructure and platform services, up from 40% in 2020.

Complexity equals risk

The bigger the complexity of the cloud in an enterprise, the greater the cybersecurity risks. The dominance of the cloud brings with it more sophisticated, complex cybersecurity risks and breach attempts that require corresponding, higher-level security techniques. The more complex an enterprise’s cloud infrastructure is, the more difficult it becomes to secure. Gartner predicts that by 2025, more than 99% of cloud breaches can be traced back to avoidable misconfigurations or end-user errors. Gartner’s latest Hype Cycle for Cloud Security report reflects the progress companies are making in adopting cloud-first strategies across industries and at the infrastructure level.

The latest Hype Cycle profiles 29 technologies, down from 33 last year. Gartner has removed cloud security assessments, cloud testing tools and services, disaster recovery-as-a-service (DRaaS) document-centric authentication, OAuth 2.0, and OpenID Connect. Multicloud managed services (MCMS) is a new category on this year’s Hype Cycle and was previously called cloud service brokerage (CSB). Gartner defines CSB as an IT role and business activity in which a company or internal entity adds value to one or more (public or private) cloud services.

Key learning points

  • Cloud Native Application Protection Platforms (CNAPP) are new to this year’s Hype Cycle. CNAPPs help secure cloud-native applications by consolidating multiple cloud-native tools and data sources, including infrastructure-as-code (IaC) scanning. Public cloud deployments continue to outpace and eventually overtake private data center workloads as nearly all organizations migrate to a multicloud strategy. Gartner’s logic for creating a new category is to consider how the dominance of multicloud deployments is forcing companies to combine intelligent automation, including cloud security attitude management (CSPM) and cloud workload protection platforms (CWPPs), to deploy their IaaS-enabled protect applications.
  • Security Services Edge (SSE) is also new to this year’s Hype Cycle. Virtual workforce, digital-first selling, service and customer experience are driving the adoption of edge technologies (Security Services Edge). SSE technologies and solutions have proven effective in reducing the complexity of protecting endpoints and improving the security of cloud services at an enterprise scale. SSE provides enhanced endpoint security with access control, threat protection, data security, security monitoring and acceptable usage management, enforced by network-based and API-based integration, SSE is growing rapidly and delivered as a cloud-based service with a few vendors also offering on-premises and agent-based components as part of their architectures. According to Gartner, zero-trust, least privileged access based on identity and context is a core capability of leading SSE offerings. SSE also appears on this year’s Hype Cycles for Network Security and Application Security.
  • The challenges of supporting virtual workforces are driving innovation gains in cloud security. In addition, organizations’ increased reliance on their virtual workforce creates opportunities for cloud cybersecurity providers to increase the intensity and pace of new product development. Gartner sees this dynamic demand for enhanced tooling and innovation in SaaS Security Posture Management (SSPM), enhanced identity protection tools (cloud-delivered IAM), and zero-trust network access (ZTNA) to replace legacy VPN technologies.
  • This year, IT, security and risk management leaders prioritize enterprise digital asset management (EDRM) and cloud tools that can eliminate misconfigurations. Gartner believes that EDRM, also known as Information Rights Management (IRM), provides ongoing protection for sensitive data, with intellectual property being the primary concern of business leaders. EDRM is also used to maintain control over unstructured data transferred through partnerships in secure collaboration workflows. Additionally, IT leaders are looking for new tools to reduce and potentially eliminate cloud misconfiguration errors as many find new areas for improvement based on their internal security audits.
  • The number of Gartner investigations at CIEM has more than doubled in the past year. According to Gartner, Cloud Infrastructure Entitlement Management (CIEM) tools help enterprises manage cloud access risks through management time controls to manage entitlements in hybrid and multicloud IaaS. CIEM platforms also rely on analytics, machine learning, and AI to identify anomalies in account definitions and privileges. CIEM is indispensable for a zero trust network access (ZTNA) strategy because it ensures enforcement and restoration of least privileged access.


Gartner’s latest Hype Cycle for Cloud Security reflects how quickly the pandemic is reshaping the cybersecurity landscape. IT, risk and management professionals are most concerned with keeping their intellectual property (IP) secure and reducing the chance of misconfiguration of their cloud infrastructures. Internal audits provide invaluable insights into how misconfigurations can lead to cloud infrastructure security gaps, especially in hybrid cloud configurations.

There are now many opportunities to secure virtual workforces while protecting hybrid and multicloud infrastructure that are critical to the success of digital transformation strategies. This push brings a new level of innovation intensity for cybersecurity vendors. That intensity is reflected in the critical role that cloud-native application protection platforms (CNAPP) and security services edge (SSE) play in this year’s Hype Cycle for Cloud Security.


VentureBeat’s mission is to be a digital city square for tech decision makers to learn about transformative technology and transactions. Our site provides essential information on data technologies and strategies to guide you in leading your organizations. We invite you to join our community to access:

  • up-to-date information on the topics that interest you
  • our newsletters
  • gated thought-leader content and discounted entry to our valued events, such as: Transform 2021: Learn more
  • network features and more


Leave a Comment