Securing a hybrid cloud is not the same thing as deploying hybrid security products.
Securing a hybrid cloud describes the process by which IT employs a host of products to manage the security parameters of your hybrid cloud installation. Hybrid cloud security products can be delivered in a box that gets deployed on premise at a customer's site. But increasingly security vendors are offering a hybrid approach to their product portfolios whereby customers can buy a physical box or buy the security capability as a service.
The traditional delivery model still far outweighs the cloud-based one. In fact, Gartner estimates that in 2011, only 13% of all security products sold were purchased via a Security as a Service (SECaaS) model. That said, Gartner adds that preliminary sales data shows that for in 2012 that number was closer to 35%.
IDC says the SECaaS market should hit a value of $3.3 billion this year and continue to rise to more than $5 billion by 2016.
IDC analyst Phil Hochmuth says there is generally not a big difference between the functionality of a product offered as a service and its on-premise counterpart. "It's more of a function of giving customers more latitude in terms of where and how they can deploy these products in different parts of the enterprise," he says.
Vendors are also quick to point out that given the common root functionality of both deliverables, being able to manage both products from a common interface.
Industry analysts, security practitioner and customers interviewed for this package of stories supplied four areas of security (secure web gateways, virtualization security, security information and event management [SIEM], and identity and access governance [IAG]) in which they are looking to deploy security products in their hybrid cloud in the future regardless of whether they run them on premise or in the cloud or a little bit of both. And they have named names in terms of which vendors they are watching most closely in each category.
Secure Web Gateways
These products filter malware from user initiated Web traffic with processes such as URL filtering, malicious code detection and filtering, Web-application controls and data loss prevention. Right now, Gartner contends that 87% of the products in this market were sold in on-premise bundles in 2011, with the remaining sold as a service. The consultancy estimates the SaaS segment rose to 35% last year.
Company name: Cisco
Product Names: IronPort S-Series appliances and ScanSafe service
Why we are watching: Cisco bought IronPort in 2007 and ScanSafe in 2009 and has been steadily building links between the appliance and the service across its networking and security gear so that both are easier to implement in Cisco-focuses enterprises.
Company name: BlueCoat
Product Name: Proxy SG and BlueCoat Cloud Service
Why we are watching: The on-premises Proxy SG product is well-tested in large enterprise environments for scalability and performance and the list of protocols, authentication options, back-end databases and antivirus platforms it supports are long across the board. The service option is based on the ProxySG boxes.
Company name: Websense
Product Name: Security Gateway and Security Gateway Anywhere
Why we are watching: The company has a focus on data leak prevention as its main differentiator and it's got an acclaimed Triton management console that helps enterprises manage both appliances and the service (which has the same name as the appliance with the addition of "Anywhere") from the same pane of glass should they want to run with a hybrid security strategy.
Company name: Zscaler
Product Name: Zscaler Web Security
Why we are watching: Zscaler is a fast growing start-up that offers its product only as a service. Gartner has said this is the fastest growing company in this market segment driven by its very strong reporting capabilities, client redirection functions, granular security controls, and flexible, policy-based controls for social media applications.
This segment of cloud security homes in on locking down both the hypervisor that enables virtualization in the first place and seeks to thwart ill-intentioned communications between the virtual machines running on it.
Company name: Bromium
Product Name: vSentry
Why we are watching: Led by a team of security and virtualization experts who had worked at Citrix, Bromium developed an approach to desktop security that virtualizes end-user activities when they pose a threat of bringing in outside agents or malware. VSentry is built on a "microvisor," a security-focused hypervisor that automatically, instantly and invisibly hardware-isolates each vulnerable Windows task in a micro-VM that cannot modify Windows or gain access to enterprise data or network infrastructure.
Company name: Catbird
Product Name: vSecurity
Why we are watching: The recently released vSecurity 5.0 product provides access control, intrusion detection, secure auditing, automated protection, visibility, and efficiency for all virtualized machine because it taps into the hypervisor. It can enforce FISMA, NIST, HIPAA standards so that users can virtualize more assets, more quickly.
The problems of keeping up with the gobs of data generated by security focused equipment under your control only gets compounded when you bring a public cloud service into the enterprise mix. The leaders in this space - as determined by the 2012 Gartner Magic Quadrant -- are all the big traditional network and security management guys (HP, IBM and McAfee) who all purchased niche players (ArcSight, Q1Labs and NitroSecurity, respectively).
Company name: HP
Product Name: ArcSight
Why we are watching: HP placed ArcSight (which always seems to score very well in public, competitive tests of SIEM products) in the Enterprise Security Product group, sharing office space with HP TippingPoint (an IPS) and HP Fortify and has been working to build close reporting ties between those products to make them collectively easier to use in large companies.
Company name: Q1 Labs, an IBM company
Product Name: QRadar
Why we are watching: IBM bought Q1Labs in 2011 and threw it into a newly formed security systems division, which kind of marked the end of IBM's own Tivoli SIEM. IBM has since added indexing and query improvements to support keyword search; improvements in event storage scalability; integration with IBM DAM and support for endpoint management, IPS firewall, and governance, risk and compliance technologies. IBM has announced a co-managed service option for QRadar for customers that want to combine an SIEM technology deployment with monitoring services from IBM.
Company name: McAfee
Product Name: McAfee Enterprise Security Manager
Why we are watching: Nitro Security was known for its advanced correlation engine which augments rule-based correlation with risk-based activity profiling. This product also gets really good performance grades in larger deployments. Late last year, McAfee rolled out a new version that allows it to pull in data from McAfee Global Threat Intelligence, risk data from McAfee Risk Advisor, and asset data from McAfee Vulnerability Manager and McAfee ePolicy Orchestrator.
Identity and access governance is the fasted growing segment of the identity management market. Sales in 2011 came in around $300 million. Analysts have not published the 2012 sales numbers yet, but they are expecting 35% to 40% growth. Specifically, IAG is the class of products that request, approve, certify and audit access to applications, data and other IT services.
Company name: Aveksa
Product Name: Access Governance Software Suite
Why we are watching: When the company reported its 2012 financials in January, it announced that 45% of its revenue was coming from brand new customers. In December, Aveksa launched Identity and Access Management 6.0, designed specifically to help enterprises fully scale their IAM initiatives and manage the Big Data that is now typically associated with IAM deployments. Shortly thereafter, Aveksa introduced MyAccess Live, a new Software-as-a-Service (SaaS) Identity and Access Management solution which provides integrated visibility and control of both cloud and on-premise applications in a single cloud-based solution.
Company name: Courion
Product Name: Access Assurance Suite and CourionLive
Why we are watching: The unique aspect of this product is that it was designed using a structured process so that it can integrate with other vendors' administration, analytics, workflow and reporting tools where its competitors and a redesigned connector architecture that lets customers easily integrate with other vendors' analytics, workflow and reporting tools.
Company name: Sailpoint
Product Name: Identity IQ
Why we are watching: Sailpoint is a fast-growing firm that takes a risk-based approach to identity management. Identity combines ID information and log data in the same repository for report intelligence.