The KuppingerCole Market Compass provides an overview of the broad market of cybersecurity solutions delivered from the cloud, focusing primarily on Zero Trust and Secure Access Service Edge (SASE) functional capabilities and user experiences targeted towards employees and other end users.
1 Management Summary
The KuppingerCole Market Compass provides an overview of a market segment and the vendors in that segment. It covers the trends that are influencing that market segment, how it is further divided, and the essential capabilities required of solutions. It also provides ratings of how well these solutions meet our expectations. This Market Compass covers a variety of security solutions that help organizations protect their users from a broad range of cybersecurity threats without the need to deploy additional on-prem appliances or software agents, greatly reducing the cost and complexity of corporate security infrastructures.
As businesses embrace the Digital Transformation and become increasingly cloud-native, mobile, and interconnected, the corporate network perimeter is gradually disappearing, exposing users to malware, ransomware, and other cyber threats. Traditional perimeter security tools no longer provide adequate visibility, threat protection, and scalability, nor can they offer convenience and productivity for users on the go.
Protecting sensitive resources of an increasingly distributed company with a large mobile workforce is becoming a challenge that traditional security tools are no longer able to address. The most obvious challenge is the growing number of potential threat vectors, so a simple firewall is no longer sufficient: a proper security gateway has to combine a large number of specialized technologies to cover just the most dangerous ones.
However, an even more crucial problem is the general lack of full visibility across disjointed heterogeneous environments that makes the daily job of a security expert painfully complicated. Beyond the usual security challenges, this leads to a massive compliance problem: the “Shadow IT”. As soon as employees start using their personal devices and unsanctioned cloud services to perform their jobs, this introduces massive potential impacts not just on compliance but may directly lead to a data breach.
An increasingly popular alternative to traditional on-premises security gateways, which are costly, complicated to operate, and create a performance and productivity bottleneck for mobile users, is a security gateway operating directly in the cloud or rather a whole “security cloud” consisting of multiple breakout points across different geographical regions.
With such a solution, every user or device outside of the corporate perimeter can continue using the Internet without any performance penalties and changes in user experience, yet constantly remain protected from the latest cyber threats the same way they used to feel at their office workplace. This way, a secure cloud gateway can be considered the first line of defense in a multilayered “defense in depth” security infrastructure, providing visibility into all internet activities, enforcement of the most important security and compliance policies, and identifying and mitigating cyber-attacks.
The market now offers a substantial number of cloud-based security solutions that vary in their functional scope, platform coverage, and operational complexity. One crucial distinction among these solutions is the range of network protocols and services that they can intercept, analyzing and mitigating threats in real-time – some solutions may only focus on web traffic, others only on e-mail security, and so on. Relying on a specific interception technology may further limit a solution’s ability to protect against specific threats.
In this report, we are looking at available managed cloud-delivered security platforms and ranking them by their protection scope and reliability, coverage and scalability, and, of course, their impact on user productivity. The only key requirement for inclusion in this Market Compass is that the service does not require customers to deploy any hardware on-premises or to make any changes in their existing network infrastructures.