Year: 2025

Posted on

Introducing Trusted AI Safety Expert (TAISE)

As AI transforms every industry, we need a new kind of professional who is trained in governance, risk management, and AI security. To fill this gap, the Cloud Security Alliance (CSA) and Northeastern University have partnered to build the Trusted AI Safety Expert (TAISE) certificate.

This certificate equips professionals with the skills to develop, deploy, and govern AI responsibly, closing the critical workforce gap and setting a new standard for AI leadership. Your support accelerates global access, supports nonprofit upskilling, and helps launch the full TAISE certification. Get TAISE now at 50% off pre-release pricing, and we will donate an additional TAISE course to a deserving individual in your name.

Access to TAISE now: https://cloudsecurityalliance.org/education/taise-support/

Posted on

2025 Gartner Magic Quadrant for Security Service Edge (SSE)

Security service edge is a dynamic market that consolidates multiple access-related point offerings into a single cloud-centric converged offering. This Magic Quadrant will help buyers evaluate key vendors ideally in the context of a SASE strategy.

Market Definition/Description

Gartner defines security service edge (SSE) as an offering that secures access to the web, cloud services and private applications regardless of the location of the user, the device they are using or where that application is hosted. SSE protects users from malicious and inappropriate content on the web and provides enhanced security and visibility for the SaaS and private applications accessed by end users.

Security service edge provides a primarily cloud-delivered solution to control access from end users and devices to applications, as well as websites and the internet. It provides a range of security capabilities, including adaptive access based on identity and context, malware protection, data security and threat prevention, as well as the associated analytics and visibility. It enables more direct connectivity for hybrid users by reducing latency and providing the potential for improved user experience. Capabilities that are integrated across multiple traffic types and destinations allow a more seamless experience for both users and administrators while maintaining a consistent security stance.

Mandatory Features

The mandatory features of this market include:

– Management and data planes that are primarily cloud-delivered
– Identity-aware forward proxy with decryption and protection capabilities
– In-line protection of data in SaaS and private apps
– Out of band protection of data in SaaS apps via API integration
– Adaptive and granular access control supporting both devices with an SSE agent (or similar traffic steering method) and devices with no local SSE software or configurations
– Integration with external identity providers

    Common Features

    The common features of this market include:

    – Single integrated console supporting all features and functions of the platform
    – Ability to apply controls consistently across multiple network and application destinations
    – Support for managing and securing traffic from all common endpoints (such as Windows, macOS, iOS and Android devices)
    – Integration with key enterprise technologies such as security information and event management (SIEM), extended detection and response (XDR), SD-WAN and other adjacent technologies
    – Support for published and documented APIs that are accessible to the customer and that allow automation of common tasks and integration with other security platforms
    – Curated, managed and risk-scored catalogs of SaaS applications
    – Control of traffic on all ports and protocols
    – Remote browser isolation (RBI) to enhance security across all network destinations and channels
    – SaaS security posture management for visibility and remediation of SaaS configurations and visibility into SaaS plug-in applications
    – Continuous adaptive access controls across all channels based on initial connection status and any change in state during connection
    – Read, write and act upon labels from common data classification platforms
    – Embedded user entity behavior analytics (UEBA) to provide automated detection and response for anomalous and risky device and user behaviors
    – Ability to apply advanced data protection capabilities

    Read the full report: https://www.gartner.com/doc/reprints?id=1-2L1V48AF&ct=250521&st=sb

    Posted on

    2025 Gartner Magic Quadrant for SASE Platforms

    The SASE platform market is evolving as more vendors enter the market and offerings mature. Still, there is differentiation in vendor capabilities and strategies. I&O leaders responsible for networking and cybersecurity should use this research to help determine the right vendor for their needs.

    Strategic Planning Assumption

    By 2028, 70% of SD-WAN purchases will be part of a single-vendor SASE Platform offering, up from 25% in 2025.

    By 2028, 50% of new SASE deployments will be based on a single-vendor SASE Platform offering, up from 30% in 2025.

    Market Definition/Description

    Gartner defines single-vendor secure access service edge (SASE) offerings as those that deliver multiple converged-network and security-as-a-service capabilities, such as software-defined wide-area network (SD-WAN), secure web gateway (SWG), cloud access security broker (CASB), network firewalling and zero trust network access (ZTNA). These offerings use a cloud-centric architecture and are delivered by one vendor.

    SASE securely connects users and devices with applications. It supports branch office, remote worker and on-premises general internet security, private application access and cloud service consumption use cases.

    Must-Have Capabilities

    The must-have capabilities for this market include the following functionalities, primarily delivered as a cloud service:

    • Secure web access via proxy
    • In-line SaaS visibility and access controls
    • Identity-, context- and policy-based secure remote access to private applications
    • A branch appliance that supports dynamic traffic steering out of multiple physical, locally attached WAN interfaces, with steering based on applications (not just IPs/ports)
    • Firewalling to secure traffic bidirectionally across networks
    • Centralized management that covers all of the above capabilities of the offering (with both GUI and API) enabling visibility, troubleshooting, reporting and enables granular configuration and policy changes

    Standard Capabilities

    The standard capabilities for this market include:

    • Unified management delivered by a single console covering all capabilities of the offering (with GUI and API) enabling visibility, troubleshooting, reporting, and enabling granular configuration and policy changes
    • The ability to secure end-user browsing via RBI or a secure enterprise browser
    • Sensitive data visibility and control

    Optional Capabilities

    The optional capabilities for this market include:

    Advanced network functionality, including enhanced internet, private backbone transport, content delivery networks, external DNS services, cloud onramps (simplified and automated integration with public cloud networking services), or advanced branch networking features

    Security capabilities, such as network sandboxing, DNS protection, SaaS security posture management (SSPM), API-based access to SaaS for data context and configuration information, application layer visibility and protection, and continuous adaptive risk scoring.

    Read the report: https://www.gartner.com/doc/reprints?id=1-2LEQDK91&ct=250708&st=sb

    Posted on

    The Forrester Wave™: Zero Trust Platforms, Q3 2025

    Unified Platforms Streamline Zero Trust Adoption

    Forrester introduced the Zero Trust Model of information security almost two decades ago. Since its inception, Zero Trust has moved from being a concept to a legitimized security approach, resulting in its global acceptance and the practical application of its principles across multiple industries — private and public. Some security pros, however, were reluctant to adopt Zero Trust due to limited knowledge or lack of organizational alignment, or they were stymied by their existing infrastructures and mounting technical debt. These challenges were never about accepting the concept of Zero Trust; they were about gaining organizational buy-in, effectively and efficiently operationalizing it with existing and emerging technologies, and making the strategic (and mental) shift to embrace a different way of doing things. Over time, the vendor community recognized that Zero Trust was the de facto security model of the future, built Zero Trust features into their products, and, subsequently, integrated those discrete products and capabilities into platforms.

    Zero Trust platform customers using this evaluation to inform a purchase decision should consider:

    1. The need to balance best-of-breed tools with platform solutions. Balancing best-of-breed tools and platform solutions is key to an effective security stack. Best-of-breed tools offer specialized capabilities, while platforms provide integration and centralized management. Overreliance on either can cause issues — complexity and cost from best-of-breed tools or vendor lock-in and, potentially, reduced innovation from platforms. The ideal approach uses platforms for core controls, enhanced by best-of-breed tools to address specific risks, to support a more resilient Zero Trust architecture.

    2. The criticality of data correlation for effective security orchestration. Zero Trust platforms enable better insights through streamlined management and visibility to support better data correlation across multiple security functions. But this depends on the breadth and depth of the platform’s native and third-party integrations for a holistic view of core security technologies within the stack. Key integrations and interoperability lead to successful deployments. These can have a profound impact on security tasks, including policy creation and optimization, threat detection, remediation, and improved incident response accuracy.

    3. The difference between AI-enhanced and AI-driven value. Most Zero Trust platforms now offer AI-powered capabilities across the security stack. However, the line between marketing and meaningful innovation is often blurred. AI-enhanced platforms improve existing controls, helping analysts detect threats faster or optimize policies. AI-driven platforms go further. They proactively orchestrate policy changes, manage access, and verify identities in real time, often with minimal human input. Organizations must identify the right fit for their individual Zero Trust journey by considering current skill sets, risk tolerance, and operational maturity.

    Evaluation Summary

    The Forrester Wave™ evaluation highlights Leaders, Strong Performers, and Contenders (see Figures 1 and 2). We intend this evaluation to be a starting point only and encourage clients to view product evaluations and adapt the findings based on their priorities using Forrester’s interactive provider comparison experience.

    Read the report: https://reprint.forrester.com/reports/the-forrester-wavetm-zero-trust-platforms-q3-2025-43d86381/index.html

    English
    English
    Exit mobile version