Gartner: 2015’s 3 ‘Cool Vendors’ In Security Audit and Compliance

Gartner-Cool-VendorsLate last month, the information technology research and advisory firm Gartner released the latest iteration of its yearly Cool Vendors series of reports. I’ve already covered Gartner’s picks for cool vendors in identity and access management (read here), but there’s another report that caught my attention: Cool Vendors in Audit and Compliance Innovate Controls Validation Techniques, 2015.

For those of you unfamiliar with Audit and Compliance vendors, these are the vendors who audit an organization to ensure compliance with regulatory guidelines, such as HIPAA, SOX, and PCI, as well as requirements set by the Securities and Exchange Commission (SEC). During a compliance audit, auditors review user access controls, risk management procedures, and organizational security policies.

In their five-page report, priced at $495 USD, Gartner’s analysts name three ‘cool vendors’ in the field.

A ‘cool vendor,’ according to Gartner, is one whose “offerings and business models point to new directions in the market.” For compliance and auditing, that means vendors who help validate controls for “top-of-mind” concerns and business risks such as cloud security, third-party risk, and operational fraud.


Widget not in any sidebars

In the report, Gartner identifies several key findings from their research in the security auditing and compliance field. One important, albeit unsurprising, finding: “Cloud security concerns related to IT applications and services rank as the top audit deficiency that requires the most remedial effort,” according the 2015 Gartner IT and Security Auditor survey.

Gartner’s analysts recommend that professionals worried about cloud security utilize a cloud access security broker (CASB) to place security policy enforcement points between cloud service providers and cloud service consumers, in order to “combine and interject” security policies as cloud-based resources are accessed.

The following three vendors are deemed ‘cool vendors’ in Gartner’s report:

Bitglass

Bitglass is an emerging vendor in the cloud access security broker market with a focus on compliance and auditing in cloud and mobile environments, and more specifically, evaluating risks related to access management and data protection. Bitglass product functionalities include security of data in transit, logging, auditing, alerting, and cloud-based, file-level and field-level encryption, along with enterprise mobility management (EMM) functions. Bitglass is “cool.. and differentiated in the market,” according to Gartner, due to their “adapting these functionalities for a mobile environment and combining them in a single solution.”

Brightline

Brightline is a vendor of security audit and assessment services specializing in evaluating third party risk. Brightline’s team brings “combined information security experience on five fronts,” says Gartner. At trait which Gartner says is “not usually found with third–party audit shops.” The ‘five fronts’ listed by Gartner are: 1) an accredited certification body, 2) authorized assessor for government cloud service providers, 3) commercial/industry compliance assessor, 4) licensed third-party attestation provider, and 5) authorized assessor for cloud implementations.

NetGuardians

Netguardians is a vendor of transaction controls monitoring solutions specializing in monitoring transactions and behavioral analysis with an emphasis on evaluating operational risk and fraud. Gartner considers NetGuardians a ‘cool vendor’ because of an approach that “combines the data capture capability of a security incidents and events management (SIEM) solution into an operation risk assessment application, and layer it with the capability to associate user behaviors to core business transactions.”

Gartner does not endorse any specific vendor and disclaims that Gartner’s ‘Cool Vendors’ “will not be appropriate for every organization.

And watch this for the 10 Best Resources for Evaluating IAM solutions:

Follow Jeff

Jeff Edwards

Editor, Cybersecurity at Solutions Review
Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large.He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
Jeff Edwards
Follow Jeff