SBN

Understanding Gartner’s Vision for Format-Preserving Encryption

Global organizations are increasingly outsourcing computing capabilities to drive innovation and growth. Some 92% were estimated to have a multi-cloud strategy last year, while 80% confirmed they were wedded to the hybrid cloud. Applications like cloud-based analytics can unlock insight and customer and market trends to deliver phenomenal enterprise value. And as inflation bites and economic headwinds gather, the same investments can add much-needed agility and resilience to businesses.

But at the same time, distributed architectures create additional risk, when data is stored and accessed across multiple locations and providers. That’s bad news as regulatory requirements tighten and non-compliance penalties surge. With so many data security technologies and approaches available to choose from today, it can be difficult for IT buyers to know where to start.

This is where Gartner’s Hype Cycle for Data Security 2022 report comes in. Naming comforte as a sample vendor in the format-preserving encryption (FPE) space, it offers a useful snapshot of current market trends and suggests recommendations on next steps.

Why FPE?

FPE is a key enabler of what comforte calls data-centric security: an approach to security focused on protecting what matters most, the data itself. As Gartner explains in its report:

“It provides a strong, agile method to prevent unauthorized user access to data on-premises and in public CSPs. This helps meet data protection and privacy regulations and data residency requirements to protect personal, health, credit card and financial data, and to adhere to data breach disclosure regulations.”

So what’s driving uptake of FPE and related technologies? Among the trends highlighted by Gartner are:

  • A fast-growing number of privacy laws around the world, adding regulatory complexity and raising the stakes for non-compliance
  • A growing business requirement to analyze enterprise data whilst keeping it anonymized and protected. Cloud-based data analytics is a good example
  • Testing and development scenarios, which could benefit from a combination of FPE and data masking

Accessibility-Description-(Required)content (1)

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document.

Digging deeper

Over the past 25 years or more, the Hype Cycle has been helping IT buyers to better understand how the perceived value of specific technologies evolves over their lifecycle. With it, they can make more accurate decisions about when the right time to adopt might be. In the most recent report, Gartner claims FPE is around five years away from the so-called “plateau of productivity” – when the technology becomes widely implemented and well understood.

Yet one thing the cycle doesn’t do is dig deep into the difference in capability between vendors. At comforte, we always caution that data-centric security solutions like FPE are not all created equal. Organizations should consider questions such as whether their intended product purchase can:

Continuously discover and classify all sensitive data wherever it resides, both on premises and in the cloud, including data in systems that they may not know existed.

Deliver multiple protection methods for pseudonymization and anonymization (eg FPE and tokenization), while preserving data utility for processing and analytics.

Offer deep integration into Kubernetes and VMware combined with Data-Security-As-Code for enhanced DevOps and automation.

Feature transparent integration with data flows and applications for faster time-to-value.

That’s the value comforte’s data-centric capabilities delivers. 

Gartner and Hype Cycle are registered trademarks and service marks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation.
Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact.
Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Gartner, Hype Cycle for Data Security, 2022, By Brian Lowans, Published 4 August 2022


*** This is a Security Bloggers Network syndicated blog from comforte Blog authored by Mirza Salihagic. Read the original post at: https://insights.comforte.com/understanding-gartners-vision-for-format-preserving-encryption