Published 17 December 2020 – ID G00739647 – 37 min read By Christian Canales, Tim Zimmerman, and 4 more
Communications technologies must continually evolve to match transformations across digital business landscapes. Product leaders must address evolving demand posed by evolving cloud, networking, security, cellular connectivity and infrastructure business models.
- 5G network slicing, 5G security, Wi-Fi 6 (802.11ax), function accelerator cards and 6G will have the highest impact on industries, business functions, and markets, replacing legacy product capabilities.
- Enterprise demand for multiprovider (private and public) cloud connectivity will drive adoption of technologies, such as multicloud networking and software-defined cloud interconnect, with a high impact. Multiple use cases apply, including consistent configuration management, better visibility, and compliance.
- Enterprise 5G and Wi-Fi connectivity will largely continue to coexist. While the features and timetable for 6G are not yet clearly defined and commercialization is expected in 2028, delivery of 802.11be (Wi-Fi 7) is expected around 2024, with adoption crossing the early adopter chasm by 2026.
Product leaders seeking to develop or expand their portfolio of communications technology solutions via emerging technologies should:
- Leverage artificial intelligence technology advancements intelligently. “We have AI/ML” will not give you a head start or separate you from the crowd, unless you have real products and value behind that and you can articulate your differentiation.
- Orient workload-centric networking solutions to the cloud, where the practice of deploying multiple cloud providers is on the rise. Prioritize targeting organizations with a distributed user footprint.
- Prioritize greater agility by developing network automation tools that enable an orchestration, policy-based and intent-based networking systems (IBNS)-oriented approach, rather than operationally focused network configuration and change management tools.
- Develop a strategy for 5G private enterprise indoor services by identifying the key capabilities and enterprise use cases that will find market demand and create service delivery differentiation.
Overview of Emerging Technology Horizon
The following Emerging Technology Horizon profiles technology advancements or net new trends that will significantly impact the communications markets within the next three year horizon. Many of these technologies and trends are emerging to address new demands created from other areas of IT adoption or transformation. These include technologies that are evolving to address multiple cloud provider environments, the Internet of Things (IoT) and 5G connectivity, edge computing, and beyond (see Figure 1).Figure 1: Emerging Technology Horizon — Communications
The communications markets are in a constant state of flux. New vendors are frequently emerging and market leaders are continually acquiring. Growing adoption of SaaS and other public cloud services, as well as the need for near-local processing of data to ensure excellent user experience of application services, has changed the way traffic flows in networks. The traditional-data-center-focused, hub-and-spoke model, optimal for data residing in a single location, is no longer relevant. Data resides in multiple locations, decentralizing data traffic flows, and impacting security implications. A similar disaggregation of public cloud services is emerging, pushing a greater variety of client-impact functions from the cloud node to the edge.The growing use of public cloud services brings growing connectivity complexity for enterprises. Most enterprises access public cloud services on an ad hoc basis via internet connections, and increasingly to a growing number of different providers. While multicloud networking products are nascent, they will become increasingly relevant as vendors expand their capabilities in the next two years. Software-defined cloud interconnect (SDCI) technology serves as a hub to connect an enterprise to a wide variety of cloud, network and internet service providers. By the end of 2023, we estimate that approximately 30% of medium and large enterprises will employ SDCI services, up from less than 2% today. Another driver is the demands of edge computing. As more intelligence gets pushed to the edge, the need for on-device processing and more distributed architectures rises, creating shifts and new challenges for WAN connectivity. Edge applications will increasingly rely on a mesh of connections, balancing the need of mission-critical traffic processed locally and access to cloud services. As requirements for accessibility of real-time data increase, so does the need to process more data locally, while leveraging access to applications hosted in public cloud providers’ networks and ecosystems.Mobile service provider marketing hype about 5G often includes contentions that the technology can replace the IEEE 802.11-based corporate Wi-Fi network. While both 5G and Wi-Fi will largely continue to coexist, private 5G will predominantly be driven by organizations that cannot wait for reliable indoor public 5G coverage, with opportunities for industrial and manufacturing use cases. Outdoor private 5G opportunities will arise from edge computing and mission-critical IoT applications, and in the support of large-scale installations, more effectively served by cellular than Wi-Fi connectivity. The arrival of Wi-Fi 7 (802.11be) is expected around the 2024 time frame. While we have so far historically seen each new IEEE standard displacing its predecessor in a three to four year time frame (and currently also holding true for Wi-Fi 6), Wi-Fi 7’s higher performance lacks offering a realistic value proposition and its impact is expected to be more limited.There are many factors that make 5G security more complex. The rise of diversified services, cloud architecture and potentially massive numbers of IoT connections to 5G networks expose new security concerns and challenges. However, from a standards point of view, 5G provides enhanced security features compared with 4G — introducing unified authentication, a more flexible security policy for diverse use cases, secure service-based architecture and slice isolation, for example. Although 5G security has not been particularly highlighted in many early communication service provider (CSP) deployments, Gartner expects that industrial users will demand that private networks leverage standards for security and privacy.Automation is a key capability that spans across many technology profiles in this research document. This embraces NetOps, as a networking approach that incorporates the use of DevOps tools to improve the operational experience, enabling a more nimble, agile and easier to manage network. Infrastructure and operations leaders are gradually transforming network operations by investing in analytics and automation, while improving integration with DevOps and security to support their digital business. This remains a bumpy road though, partly because network vendors largely need to continue improving tooling and automation solutions. Also, enterprises often have a strong culture of risk aversion, limiting adoption of automation initiatives. Gartner nonetheless expects the use of NetOps 2.0 principles to grow by 40% by 2023, with organizations embracing these principles reducing application delivery times by 25% (for more information see NetOps 2.0: Embrace Network Automation and Analytics to Win in the Era of ContinuousNext).In the campus networking space, “Wi-Fi Network Assurance” solutions enable simplified operations through automation capabilities, and the use of artificial intelligence/machine learning (AI/ML) functionality has also begun to extend to wired switching connectivity. Intent-based networking systems (IBNS) takes automation to a wider portion of the network, including the WAN, data center, colocation facilities and cloud provider infrastructures. For software-defined cloud interconnect (SDCI) technology, Gartner advises organizations to prioritize providers that employ high levels of automation and orchestration in their hubs. For multicloud networking products a distinct capability includes configuration/provisioning, automation, management and troubleshooting functionality. Gartner expects that by 2023, 20% of enterprises will use public cloud operational tools to manage and control at least 15% of their on-premises data center resources.
How to Use the Emerging Technology Horizon
This Emerging Technology Horizon content analyzes and illustrates two significant aspects of impact:
- When we expect it to have a significant impact on the market (specifically, range).
- How much of an impact it will have on relevant markets (namely, mass).
Each emerging technology or trend profile analysis is composed of these two aspects. The profiles are organized by range starting with the center and moving to the outer rings of the Horizon, see Figure 1. (See Research and Methodology for the Emerging Technology Horizon in Note 1 for a more complete description of our approach to this research.)Time to impact or “range” is measured in the years to early majority adoption. (Fans of Geoffrey A. Moore can think of it as time to cross the chasm.) This is when technology adoption is “ready for prime time.” It is important to point out that the time to technology impact or “range” is not the same as time to act on the technology. When and how a technology product or service leader should act depends on the company’s business strategy. Providers that want to be “first movers” with an emerging technology or trend will need to act far sooner than those that are comfortable waiting for their competition to compel them into action.The “mass” component examines the extent of the impact on existing products and markets. To assess how massive the impact we explore two main aspects — breadth and depth. The breadth of impact concerns how many sectors are affected (products, services, markets, business functions, industries and geographies). The depth of the impact includes an analysis of the potential disruption to existing products, services and markets.
Communications Emerging Technologies and Trend Technology Horizon Profiles
Use Table 1 to jump to specific profiles. Each profile name is linked to the full technology profile to enable easier navigation.Table 1. Emerging Technologies in Communications Based on Time to AdoptionEnlarge Table
|Now||1 to 3 Years|
|Wi-Fi 6 (802.11ax)||5G Network Slicing|
|Wi-Fi Network Assurance||5G Security|
|AI for Traffic Management|
|Nonvolatile memory express over fabrics (NVMe-oF)|
|Secure Access Service Edge (SASE)|
|Zero Trust Networking|
Now Range Impact
Wi-Fi 6 (802.11ax)
Back to TopAnalysis by: Tim Zimmerman and Bill RayDescription: Wi-Fi 6 (802.11ax) is the latest iteration of the IEEE 802.11 WLAN technology standards. Its main enhancements are allowing the network to control device connectivity for the first time and to improve the efficiency of existing 2.4 GHz and 5 GHz spectrum. The new standard also increases the theoretical throughput of the wireless medium to 10 Gigabits for densely populated areas. As such, its goal is to assure a larger number of devices with varying requirements are properly connected to the enterprise infrastructure.Wi-Fi 6 also adds the ability to allocate bandwidth between endpoints, using orthogonal frequency-division multiple access (OFDMA) so low-speed applications (such as a Wi-Fi light switch) receive a smaller allocation than those which require high speeds (such as a television). However, this functionality is dependent on the endpoints also supporting Wi-Fi 6, and this will take some time as the latest standard still carries a price premium. While the 802.11ax standard provides backward compatibility for legacy .11b/g/n/ac clients, these cannot benefit from the enhanced features of Wi-Fi 6, including the higher data rates, the improved multiuser multiple input/multiple output (MU-MIMO) capabilities and Basic Service Set (BSS) coloring.Wi-Fi 6 can also be extended into the 6 GHz band. In this form, it is branded “Wi-Fi 6E” and will deliver significantly more speed and capacity, depending on the spectrum available. Wi-Fi 6E will be available in the U.S. early in 2021, with the U.K. and Europe hoping to follow (with half the 6 GHz frequency allocation later the same year). Other countries will follow, but are unlikely to allocate quite as much additional radio spectrum so speeds will be commensurately slower.Sample Providers: Cisco, CommScope (RUCKUS), Extreme Networks, H3C, Hewlett Packard Enterprise [HPE] (Aruba), Huawei, Juniper Networks (Mist Systems), Ruijie NetworksRange: Now (0 to 1 Year)Gartner rates the range of Wi-Fi 6 as 0-1 year because:
- We expect 802.11ax to become an IEEE ratified standard within the next six months. Prestandards chips are already available and the Wi-Fi Alliance has already created a test bed for certification for the standard which is being marketed as “Wi-Fi 6.”
- All leading Wi-Fi providers have already released Wi-Fi 6 APs for enterprises to purchase, with the ability to update them to the ratified version of the standard.
- Mobile device vendors (e.g., smartphones, tablets, laptops) have already committed to creating products with the new standard. Wi-Fi 6 APs additionally guarantee backward compatibility to support .11b/g/n/ac clients.
802.11ax WLAN (Wi-Fi) access points (APs), as a percentage of overall APs shipped to enterprises, have grown from 0.8% in 1Q19, to 16.4% in 4Q19 and 18.8% in 1Q20, according to our market share data. We expect this share to exceed 35% by year-end 2020 and 55% by year-end 2021.Mass: Very HighThe impact of Wi-Fi 6 is expected to be very high, with more than 30% of WLAN upgrades for large enterprises based on 802.11ax in the next 12 months. In the light of the current COVID-19 pandemic crisis, even though we are seeing many WLAN upgrade projects getting delayed, the economic downturn does not seem to be visibly altering the shift from 802.11ac to 802.11ax that we forecast late in 2019. While the price premium of .11ax over .11ac (for the enterprise market, excluding small-business APs) remained relatively high at 53% in 1Q20 ($295 revenue per AP for .11ax, versus $193 for .11ac), it continues to decline (from 58% in 4Q19 and 90% in 1Q19). Also, this calculation does not take into account the different penetration levels across vendors. For the two leading providers in terms of revenue share, Cisco and HPE (Aruba), the price premium of .11ax dropped below 25% in 1Q20. We are seeing Wi-Fi 6 getting increasingly proposed in price contracts by default, matched by end-user demand driven by future-proofing aspirations.While previous generations of Wi-Fi have focused on improving speed, Wi-Fi 6 introduces several innovations which make it applicable across a wider range of applications. Specific use cases include remote collaboration using higher resolution (4K) video and augmented reality (AR) and virtual reality (VR) applications (e.g., remote field services, training and simulation, product design and visualization and AR commerce). In the IoT world, bandwidth needs can largely vary, from very low requirements for data collection devices to very high needs for AR/VR devices. In the past, both devices resided in the same domain as all solutions determined where they wanted to associate and how they wanted to communicate to the infrastructure. Wi-Fi 6 changes the control mechanism for the wireless medium from the device to the network, allowing APs to intelligently segment devices and making Wi-Fi more competitive with Bluetooth in low-power/low speed applications such as sensors and automation systems. Improvements in the communication scheduling also helps IoT devices to achieve higher battery life, again pushing Wi-Fi into the IoT market.As highlighted in Market Trends: Will the Advent of 5G Make Enterprise Wi-Fi Connectivity Less Relevant?, 5G communication service providers’ (CSPs’) marketing hype has sparked questions among enterprises and tech vendors about 5G potentially displacing Wi-Fi connectivity. This can confuse enterprises regarding the availability and capabilities of 5G. Countering that requires product marketers to create a differentiated position that emphasizes how Wi-Fi can outperform and outsell 5G. For more information see How to Promote Enterprise Wi-Fi Connectivity Against the Advent of 5G.Recommended Actions:
- Support of operational technology (OT) connectivity should be an important part of your Wi-Fi 6 value proposition, taking product differentiation, such as IoT onboarding and security capabilities, beyond a Wi-Fi-centric focus. The progressive convergence of the “traditional” IT and building automation networks continues to increase the number of IoT devices that organizations have to manage.
- Highlight differentiation with latency monitoring, including response times with encrypted applications. Other metrics should include jitter, packet loss, mean opinion score (MOS) scores and even location, to address business-criticality by application.
- Provide support for Wi-Fi Alliance Certified Location (802.11mc), which can already provide an accurate location using Wi-Fi 6 access points and round-trip timing (RTT).
Wi-Fi Network Assurance
Back to TopAnalysis by: Tim Zimmerman and Christian CanalesDescription: The term Wi-Fi Network Assurance refers to collecting data into a data lake and, combined with the use of artificial intelligence/machine learning (AI/ML) algorithms, to train, baseline, monitor, react, proactively resolve and report Wi-Fi network performance issues. The ability to baseline the quality of Wi-Fi connectivity and collect the right data to resolve simple and advanced issues such as time correction problems provides the basis for the system to be able to guarantee that certain quality levels are met as enterprises move to eliminate campus network administrators. The use cases behind AI/ML span from optimizing and analyzing network performance over time and user density, service quality management to meet SLAs, and self-healing capabilities to maximize reliability and better security. Basic solutions in the market provide suggestions for network administrators to tune up Wi-Fi settings based on inferences, while others have gone a step further and can eliminate some human intervention even for advanced issues.Sample Providers: Cisco, CommScope (RUCKUS), Extreme Networks, H3C, Hewlett Packard Enterprise (Aruba), Huawei, Juniper Networks (Mist Systems)Range: Now (0 to 1 Year)Gartner rates the range of Wi-Fi Network Assurance as 0-1 year level for several reasons:
- Most of the leading Wi-Fi providers serving the enterprise market already have solutions, and adoption is expected to cross the early adopter chasm within the next 12 months as enterprises continue to seek cost optimization opportunities. However, it is important to acknowledge that AI/ML is a very hyped topic today, as the variation in the data collected and the difference in algorithms (interference, supervised ML, unsupervised ML) determines the types of problems that can be resolved. Most Wi-Fi providers have a sales pitch on AI/ML technology, yet only a handful provide differentiated functionality.
- NetOps (see Note 2) is an emerging use case, driven by recent advances in analytics, AI and ML. At the access layer, NetOps today applies predominantly to Wi-Fi, although it has begun to extend to wired networking. For too long Wi-Fi has been one of the “pain points” for organizations, as it comes with inherent challenges associated with interference, distance and is a shared medium.
- A strategic planning assumption by Gartner estimates that by 2022, 65% of enterprises will deploy network automation (NA) in the access layer (up from less than 15% in 2017). We also anticipate growing use of artificial intelligence for operations (AIOps) platforms that will improve Wi-Fi performance, based on the use of automated root cause analysis in conjunction with network datasets and the increased confidence in problem resolution. Any Wi-Fi vendor not investing in NetOps functionality and understanding the data that must be collected to resolve advanced issues therefore will be left behind.
Mass: MediumThe impact of Wi-Fi Network Assurance is believed to be high for the higher end of the enterprise market (for organizations with more than 500 employees, especially those with complex network needs), but moderate overall due to a more limited impact for small and midsize organizations. The majority of providers targeting the midmarket today lag the required capabilities typically due to lack of investment and knowledge.Improperly implemented Wi-Fi installations continue to result in a poor end-user experience. For too long, Wi-Fi has been one of the pain points for organizations, as it comes with inherent challenges associated with interference and distance and is a shared medium. We have seen the integration of sensors into Wi-Fi APs to improve monitoring if SLAs are being met. This would provide network administrators the ability to run frequent tests to ensure network performance continued to meet SLAs. Wi-Fi service assurance takes this to a higher dimension, with the ability to eliminate error-prone and tedious manual intervention. As such, it lowers the burden on network administrators, giving enterprises flexibility in reallocating network administration resources. Organizations have the issue that IT personnel staffing levels will likely remain flat or decline in years to come. This is a problem that Wi-Fi product marketers can flip to their advantage to communicate product differentiation.Recommended Actions:
- Develop differentiation related to AI/ML technology by focusing on the data that is collected and the algorithms used which target radio frequency (RF) management as the ability to adapt to changing conditions in the RF environment (e.g., gaps in coverage or changes in capacity or performance) while providing insightful analytics such as meeting SLAs.
- Target delivering simplified operations through automation capabilities that document time savings for improved ROI. Key aspects should include automation workflows that help eliminate error-prone and tedious manual intervention, or the ability to orchestrate multiple device configurations at network scale.
- Include integration with third-party provisioning/configuration management software in your roadmap. For instance, this should embrace the ability to leverage tools for continuous configuration automation (e.g., Red Hat Ansible, Puppet) to automate multiple aspects of the configuration life cycle, as well as reporting or ticketing tools (e.g., ServiceNow) to record changes made to the network.
5G Network Slicing
Back to TopAnalysis by: Peter LiuDescription: 5G network slicing is a form of virtual network technology. It allows a network-based CSP to create multiple independent end-to-end logical networks in the form of a “network slice” on top of a common shared physical infrastructure at the provider’s network domain. Each slice can be customized to have its own network architecture, engineering mechanism, network provisioning methodology, configuration and service quality profile based on the requirements that it serves.Sample Providers: Ciena, Cisco, Ericsson, Huawei, Mavenir, Nokia, ZTE, Zeetta NetworksRange: Short (1 to 3 Years)Network slicing adoption for 5G is still in its early stage, with many concerns and issues remaining unsolved. To succeed, network slicing requires new business models to be developed that drive innovative partnerships, standards for alone and virtualized network infrastructure, demanding SLAs need to be agreed between operators and vertical markets, as well as collaboration by standardization bodies among other details. All of these elements are not fully ready at this moment.While many technology and standards-based obstacles remain, network slicing for 5G will become a key differentiating feature in the next one to three years. The main drivers as below:
- 5G commercial rollout has begun in various countries; network slicing has become a key differentiating feature in the next one to three years. CSPs are eager to use network slicing to move beyond selling simple connectivity to offering enterprise customers more advanced connectivity options — specifically, guaranteed levels of network performance on a given network slice. More CSPs have started evaluations and trials of network slicing. They include BT, China Mobile, Deutsche Telekom (DT), SK Telecom (SKT) and Vodafone U.K.
- The latest freeze of 5G standard R16 enhances the network slicing and 5G core features which enable more vertical industry use cases. In addition, CSPs in China and Korea will start deploying the commercial stand-alone 5G and multiaccess edge computing (MEC) in large scale in 2020, which we believe will accelerate the network slicing adoption maturity and enable more innovation opportunities
- Although network slicing has been positioned as a 5G technology differentiator, it can be applied to 4G LTE. As such, there are already many promising use cases quickly and easily supported by 4G that will improve through the evolution to the hybrid 4G/5G networks and emerge as fully automated experience in the coming years.
- Most of the leading network equipment and service providers serving the CSP market already have network slicing solutions ready. Adoption is expected to cross the early adopter chasm within the next 12 months as CSPs continue to seek to monetize the opportunity.
Mass: Very HighThe impact of network slicing is believed to be very high for the communication industry and is widely believed to have the potential to redefine how CSPs conduct their business. The slicing with appropriate resources and optimization is expected to broaden the horizon of CSPs in many vertical segments, such as automotive, energy, finance, healthcare, manufacturing and public sector. By being able to individually service particular communication and connectivity needs of specific industries, CSPs could transform from a “dumb pipe” provider to an infrastructure partner in variety of industries’ digitization initiatives.In addition, given that multiple slices can run on a common shared infrastructure, including costly components (i.e., nodes, base stations, fiber), operators enjoy the economies of scale that any shared infrastructure provides.However, a number of challenges lie ahead, which also provide opportunities for vendors to differentiate themselves:
- Network slicing adds complexity to CSP network management and orchestration, which are already complex and operationally disruptive. It requires significant operational transformation, particularly for the large-scale deployments involved.
- Security becomes critical and challenging. Different infrastructures will have different security levels and policies since those are managed and administered by both telecom and non-telecom players.
- Business models require development on a per slice/service basis to meet the dynamic demands and traffic variations.
- Standardization of services and handovers across various industry players have to be renegotiated in much more detail than before.
- Take a phased approach when developing your network slicing product offering. Do not wait for full readiness of network slicing capabilities. Lower the entry point. Start with static slicing for industry verticals that have clear and common requirements on the network, such as mission-critical communication, entertainment (ultrahigh-definition live broadcast and augmented reality/virtual reality [AR/VR]), gaming, and manufacturing.
- Reduce the complexity of network slicing management and orchestration. Enhance network slicing creation and deployment automation capabilities in your products through leverage AI and data analytics. Offer a business customer the capability to manage their own services or slices (e.g., dimensioning, configuration) by means of application programming interfaces (APIs).
- Enhance security features in your network slicing offering while allowing resource sharing among multiple tenants, as such networks must also ensure the security requirements needed for each slice scenario that is employed.
- Adopt common, open architectures that demonstrate how network slicing can be applied in multivendor, multidomain, multioperator contexts for a range of candidate use cases and services.
Back to TopAnalysis by: Sylvain FabreDescription: 5G security is enabled by a set of 5G network mechanisms, and improves 4G security with:
- Unified authentication (4G authentication is access dependent).
- Flexible security policy for diverse use cases (versus single 4G policy).
- Encrypted transmission Subscription Permanent Identifier (SUPI) prevents International Mobile Subscriber Identity (IMSI) leakage for user privacy.
All 5G network infrastructure vendors implement the same 3GPP standards for 5G security. However development processes may vary; concerns about specific vendors, as well as geopolitical tensions, have increased procurement scrutiny around 5G infrastructure.Sample Providers: Ericsson, Huawei, Intel, Mobileum, Netcracker, Nokia, VIAVI SolutionsRange: Short (1 to 3 Years)Despite all the current market hype around 5G, Gartner rates the range of 5G security is one to three years for two main reasons:
- There is not a single security standard. The main standardization organization is 3GPP, where 5G security involves security solutions from different standardization organizations. 5G security embraces several security protocols, such as IPsec, EAP, and TLS, and others under development, such as security for network function virtualization (NFV).
- Standardization does not guarantee 5G security, as there are many factors that make 5G security more complex. The rise of diversified services, cloud architecture, and massive IoT connections in 5G expose new security concerns and challenges. Protection involves implementing security in the configuration and operation of the 5G network to ensure cybersecurity hygiene.
While organizations opting for private 5G will likely put more attention to securing these networks, we don’t see security as being a priority in many public 5G rollouts. This is also due to the immaturity of some 5G capabilities, such as slicing, which will mature from today’s 3GPP release 15 (R15) to R16 in 2021 and R17 from 2022. Growing adoption of 5G security, including broader use of more sophisticated security mechanisms, is nonetheless long term unavoidable. Ensuring protection of identity and privacy is no longer an option. We estimate that by 2023 65% of the world’s population will have their personal data covered under modern privacy regulations, up from 10% today.Mass: Very HighThe impact of 5G security is believed to be very high overall. It will impact a multitude of sectors, namely all organizations using 5G services, and 5G security will largely replace current 4G product capabilities. All 5G network infrastructure vendors implement the same 3GPP standards for 5G security. However, development processes may vary. Concerns about specific vendors, as well as geopolitical tensions, have increased procurement scrutiny around 5G infrastructure, including security implications. There are a number of security challenges lying ahead, which also provide opportunities for vendors to differentiate themselves:
- 5G will increase the number and diversity of connected objects, potential distributed denial of service (DDoS) attack vectors and entry points. This also provides more telemetry for anomaly detection.
- 5G infrastructure virtualization, automation and orchestration of a service-based architecture increase exposure.
- Slicing virtual networks across shared infrastructure will impact security due to lateral movement risk, and cross-slice permeability issues.
- A wider ecosystem delivering industrial 5G use cases, with varying security competencies and credentials, makes SLAs and service assurance, including end-to-end (E2E) security, challenging.
- Backward compatibility with 4G/Long Term Evolution (LTE) means some legacy security issues will persist in 5G.
- Cross-network layer security will need to be managed between 5G macro and small cell layers and strength of different algorithms.
- Prioritize DDoS mitigation capabilities, cloud web application and API protection (WAAP), such as cloud web application firewalling, bot mitigation, DNS protection and intrusion prevention system (IPS) in your roadmap. Include leveraging integration with on-premises DDoS appliances.
- Offer 5G security services that include time-sensitive reporting to clients due to maturing data protection regulations. Establish a strategy to minimize the impact of zero-day vulnerabilities through regular updates to software patches.
- Stress your multivendor (or multiprovider) security capabilities. The key is the ability to detect a potential security threat in shared 5G infrastructure (between different CSPs or utility providers, or multitenant scenarios). IoT segmentation, anomaly detection and authentication with Wi-Fi networks will complement the end-to-end value proposition.
AI for Traffic Management
Back to TopAnalysis by: Alan PriestleyDescription: AI for traffic management is the use of deep neural network (DNN)-based AI algorithms to manage the flow of data through 5G network infrastructure to maintain service quality and data throughput. High-speed 5G deployments have a significant increase in data traffic flowing through the network — through both base stations and back-end core infrastructure — this places challenges on network capacity and availability. Data types are also rapidly expanding ranging from user centric data (such as video streaming) to a wide range of machine related data (high-speed data traffic to IoT sensor data). At the same time data security and protection is now paramount.To ensure consistent security and meet contractual quality of service (QoS) and experience for all users, 5G systems need to implement sophisticated traffic management algorithms that can dynamically manage and analyze data traffic through the network.Sample Providers: Nokia, Ericsson, NECRange: Short (1 to 3 Years)Traffic management models used in existing 4G LTE networks have been rules based. However, with rapid growth in deployment of 5G networks with increasing complexity of data and network topologies, machine learning techniques are being utilized, with a rapid transition over the next three years to the use of deep neural network (DNN) based (often referred to as artificial intelligence) solutions underway.Mass: HighMass is high as traffic management algorithms are deployed across the network infrastructure with some “simpler” elements in base stations and other more complex tasks within the core network data centers. Many implementations will leverage standard CPUs to execute these DNN-based algorithms, and many of the latest generation CPUs utilized within the network core have extensions to their instruction sets to enable them to more efficiently execute these workloads. Dedicated workload accelerator chips, such as application-specific integrated circuits (ASICs), graphics processing units (GPUs) and field-programmable gate arrays (FPGAs) are also being deployed in core data centers to support these new AI-based traffic management workloads. Base station designs typically have a more constrained form factor than the core data centers and will utilize dedicated chips to support the CPU in executing DNN-based traffic management algorithms.Recommended Actions:
- Evaluate the use of DNN-based AI algorithms to enhance traffic management and analysis.
- Integrate dedicated accelerator chips into base station designs to support DNN-based workloads.
- Ensure core infrastructure designs are capable of supporting workload accelerators.
Nonvolatile memory express over fabrics (NVMe-oF)
Back to TopAnalysis by: Julia PalmerDescription: Nonvolatile memory express over fabrics (NVMe-oF) is a network protocol that takes advantage of the parallel-access and low-latency features of NVMe Peripheral Component Interconnect Express (PCIe) devices. NVMe-oF enables tunneling the NVMe command set and data over additional transports beyond PCIe over various networked interfaces to the remote subsystems across a data center network. The specification defines a common protocol interface and is designed to work with high-performance fabric technology including RDMA over Fibre Channel, InfiniBand or Ethernet with RoCEv2, iWARP or TCP.Sample Providers: Dell Technologies, Excelero, Hitachi Vantara, IBM, Silk, Lightbits, NetApp, Pavilion Data Systems, Pure Storage, StorCentric.Range: Short (1 to 3 Years)Gartner believes the range for this profile is from one to three years because even though NVMe is today broadly deployed, NVMe-oF still lacks wide adoption as a data center protocol because end to end NVMe-oF support is nascent. Gartner rates this technology profile impact as high from an end-user perspective, as NVMe-oF has the potential to significantly lower storage latency for shared storage arrays. End-to-end NVMe-oF implementations balance the performance and simplicity of direct-attached storage (DAS) with the scalability and manageability of shared storage.Today, many NVMe-oF offerings that use fifth-generation and/or sixth-generation Fibre Channel (FC-NVMe) are available, but adoption of NVMe-oF within 25/50/100 Gigabit Ethernet is slower. In the future, it is likely that TCP will evolve to be an important data center transport for NVMe-oF. Unlike server-attached flash storage, shared accelerated NVMe and NVMe-oF can scale out to high capacity with high-availability features and be managed from a central location, serving dozens of compute clients.Mass: MediumThe adoption of NVMe-oF is moderate overall. NVMe-oF complexity and costs will be barriers to broad adoption in the near future. While a variety of highly performant workloads (such as AI/ML, high-performance computing [HPC], in-memory databases or transaction processing), can leverage NVMe-oF today, most of the mainstream workloads are not planning quick transitioning to end-to-end NVMe architecture. NVMe-oF upgrades might require uplifts and updates to storage networks that encompass switches, host bus adapters (HBAs), as well as OS kernel drivers. This barrier will be removed with introduction and maturity of NVMe-oF over TCP, which will not require drastic infrastructure changes. However, this technology is still missing broad ecosystem support.Most storage arrays vendors already offer solid-state arrays with internal NVMe storage. During the next 12 months, an increasing number of infrastructure vendors will offer support of NVMe-oF connectivity to the compute hosts. Integrated, converged and hyperconverged integrated system (HCIS) systems will be able to hide complexity and shorten the learning curve for the adoption of NVMe-oF elements, and deliver those products in an integrated, turnkey format during the next 12 to 24 months. NVMe-oF delivered as software-defined storage (SDS) solutions is most appealing to hyperscale vendors, which are leading the adoption curve of this nascent technology.Recommended Actions:
- Develop NVMe-oF offerings that support integration with RDMA over converged Ethernet v2 (RDMA RoCEv2) or NVMe-oF over TCP-based products.
- Build a ROI value proposition for the customers with business-critical applications that can leverage high throughput and low latency of end-to-end NVMe-oF capabilities.
Secure Access Service Edge (SASE)
Back to TopAnalysis by: Nat SmithDescription: Secure access service edge (SASE, pronounced “sassy”) combines comprehensive networking and security functions to support the dynamic secure access needs of the workforce. It connects people to services. SASE mandates cloud edge for networking and security services provided, though some SASE use cases still require a portion of the service to be delivered on-premises.SASE is evolving from five contributing security segments: software-defined WAN (SD-WAN), firewall as a service (FWaaS), secure web gateway (SWG), cloud access security brokers (CASB) and zero trust network access (ZTNA). The consolidation of markets into a single SASE market will happen over time. Today, there are still five separate buyers and five separate security segments. As the evolution unfolds, vendors in each of these contributing segments that embrace the SASE framework should be considered SASE vendors — or at least less mature SASE vendors.While the list of individual capabilities continues to evolve and will likely initially differ between products in the contributing segments, serving those capabilities from the cloud edge is non-negotiable and fundamental to SASE. Core capabilities of a completely consolidated SASE are the aggregation of the functionality from these individual segments. However, in the short term, best-of-breed capabilities in each of the contributing segments that are served from cloud edge are considered a SASE solution.Sample Providers: Akamai; Broadcom-Symantec; Cato Networks; Fortinet; iboss; Netskope; Palo Alto Networks; Versa Networks; VMware, ZscalerRange: Short (1 to 3 Years)Even though some vendors are not implementing all portions of this framework today, Gartner estimates SASE is about one to three years away from early majority adoption. Additionally, there is already some consolidation among the segments, with both SD-WAN and FWaaS vendors offering similar capabilities and are often found on the same shortlist from buyers. Similarly, SWG, CASB and ZTNA vendors are consolidating, as this aggregate feature set is often sought for remote worker security. The largest ZTNA vendors are also some of the larger SWG vendors.Mass: HighSASE extends to five of the larger security markets in security, predicting that they will ultimately consolidate into a single market with a single buyer. The influence of this evolution is large and the extensibility of the framework, allowing new features and capabilities to easily be incorporated ensures that SASE will grow beyond these five contributing segments today.Although SASE represents an evolution versus a transformation, the changes required to evolve to a SASE framework will be significant and this adds to the mass of the technology and merits a medium level impact. Appliance-based vendors will need to rearchitect their solution for the cloud, implementing cloud-delivered network security services. However, the services alone will not be sufficient — vendors will also need points of presence (POPs) or cloud edge presence as well, which may require substantial investment or partnerships.Recommended Actions:
- Adopt a flexible service-based architecture that gives buyers the flexibility to easily adapt their network security capabilities to changing end-user environments and use cases.
- Develop cloud-based components as scalable microservices that can all process packets in a single pass.
- Build a network of distributed points of presence (POPs) through colocation facilities, service provider POPs and infrastructure as a service (IaaS) to reduce latency and improve performance for network security services.
Recommended Reading:Forecast Analysis: Gartner’s Initial Secure Access Service Edge ForecastMarket Trends: How to Win as WAN Edge and Security Converge Into the Secure Access Service EdgeGeneral Manager Update: How to Win as WAN Edge and Security Converge Into the Secure Access Service EdgeProduct Manager Insight: China Presents Growing Opportunities for SASE ProvidersThe Future of Network Security Is in the Cloud
Zero Trust Networking
Back to TopAnalysis by: Nat SmithDescription: Zero trust networking, or identity-based networking, is the use of identities to establish sessions and control traffic in the network. In zero trust networking, connectivity policies are created in terms of the actual users, devices and services — not Internet Protocol (IP) addresses. It simplifies connectivity and actually makes it scale. It is also a call for network security vendors to invest and take a much more active role in identity systems and architectures as a function of all traffic passing through their offerings.For example, VPN tunnels are created as an encrypted path between two sets of IP addresses. Network segmentation is often accomplished with subnets or a range of related IP addresses. Firewall rules are often written using only IP addresses. Policies are made artificially complex and large as users, devices and services move around. This is one of the reasons why we see firewalls with thousands of rules. Not only do we need more rules to accommodate moving users, data and services, but also the intent of the rules and why they were added are easily forgotten. When we do not know why a rule was put in place or what it is supposed to do (e.g., just an IP address in the rule with no other context), we just leave it in so as not to interrupt connectivity. Leaving a rule in place because no one knows what it does is a perfect example of things getting too complicated.Zero trust network access (ZTNA) is one of the best examples of zero trust networking in action. Instead of setting up static and contextless rules as had been the practice with VPNs, policies are simple, logical and easily overlay on the existing low-level network infrastructure. As services increasingly move to environments where organizations do not control the network infrastructure (e.g., IaaS), the forced use of IP addresses to specify connectivity policies will increasingly be a burden.Sample Providers: Akamai; Appgate; Cisco; Citrix; Proofpoint Meta; Netskope; Odo; Okta; Palo Alto Networks; Perimeter 81; ZscalerRange: Short (1 to 3 Years)The recent global pandemic has accelerated adoption of this technology, particularly as part of ZTNA solutions. That alone dictates a short range for this technology. However, the overhead and conversion of existing firewall rules alone will make this transition slow and IP-based rules will perpetuate for many years to come.Mass: MediumZero trust networking is already underway, firmly a part of connecting remote workers to private services (ZTNA). However, the conversion of other network security and connectivity solutions away from IP addresses and to users or services will take some time. In addition, the requirement to reassess trust of identity will require some new technology and new architecture for many vendors. As a result, Gartner rates this technology trend as medium in mass.Recommended Actions:
- Study ZTNA as a template for access control under zero trust networking.
- Use existing object technology in rules and configuration to prove the concept of policies solely by user and service, learning market preferences and workflow optimizations.
- Expand product integrations with identity services and vendors, not to log into products, but to verify path and permission before traffic is allowed to pass. Constant reassessment of identity (trust) should be part of the packet path.
Recommended Reading:Market Guide for Zero Trust Network Access
Note 1: Research and Methodology for the Emerging Technology Horizon
The Emerging Technology Horizon content analyzes and illustrates two significant aspects of impact:
- When we expect it to have a significant impact on the market (specifically, range).
- How big an impact it will have on relevant markets (namely, mass).
Analysts evaluate range and mass independently and score them each on a one-to-five Likert-type scale:
- For range, this scoring determines in which Horizon ring the Emerging Technologies and Trends will appear.
- For mass, the score determines the size of the Horizon point.
In the Emerging Technology Horizon, the range estimates the distance (in years) that the technology, technique or trend is from crossing over from early-adopter status to early majority adoption. This indicates that the technology is prepared for and progressing toward mass adoption. So at its core, range is an estimation of the rate at which successful customer implementations will accelerate. That acceleration is scored on a five-point scale with one being very distant (beyond eight years) and five being very near (within a year). Each of the five scoring points corresponds to a ring of the Emerging Technology Horizon graphic (see Figure 1). Those Emerging Technologies and Trends with a score of one (beyond eight years) do not qualify for inclusion on the Horizon. When formulating scores for range, Gartner analysts consider many factors, including:
- The volume of current successful implementations
- The rate of new successful implementations
- The number of implementations required to move from early adopter to early majority
- The growth of the vendor community
- The growth in venture investment
Mass in the Emerging Technology Horizon estimates how substantial an impact the technology or trend will have on existing products and markets. Mass is also scored on a five-point scale — with one being very low impact and five being very high impact. Emerging Technologies and Trends with a score of one are not included in the Horizon. When evaluating mass, Gartner analysts examine the breadth of impact across existing products (specifically, sectors affected) and the extent of the disruption to existing product capabilities. It should be noted that an emerging technology or trend may be expressed in different positions on different Emerging Technology Horizons. This occurs when the maturity of Emerging Technologies and Trends varies based on the scope of Horizon coverage.
Note 2: NetOps
NetOps is a networking approach that incorporates the use of DevOps tools and methods to improve the operational experience, with a more scalable and programmable network infrastructure approach. The primary driver is to reduce the operational burden and costs associated with managing network infrastructure.