Chest thumping aside, the strategic planning assumption in the report is that: “By year-end 2020, more than 70% of public web applications protected by a web application firewall (WAF) will use WAFs delivered as a cloud service or internet-hosted virtual appliance — up from less than 25% today.”1
This is a trend that we at Imperva have seen reflected in our business in two ways over the past six to nine months.
First, our Imperva Incapsula Cloud based WAF is experiencing very strong growth and we’re seeing more and more enterprise customers with joint deployments of Imperva SecureSphere appliance (not necessarily on-prem) and cloud-based Incapsula WAF. The most common variants of this are SecureSphere for “core” applications that are tightly controlled by the enterprise and Incapsula for “satellite” applications that aren’t as tightly controlled (usually either partner owned applications or highly distributed applications owned by the business) and SecureSphere for WAF and Incapsula for DDoS prevention. As we continue to innovate on both fronts, you are likely to see us cater joint management, administration and provisioning solutions that help our hybrid customers get the most possible value from both platforms.
Second, demand for our solutions to protect applications deployed in IaaS environments is also expanding rapidly. We’ve had Imperva Incapsula customers in AWS nearly since inception of the services (and current customers there number in the thousands). We delivered our first SecureSphere solution for IaaS environments (SecureSphere WAF for AWS) in 2014 and have continued to add capability, most recently announcing integration with Azure Security Center just last week. IaaS is a highly dynamic market, so expect us to continue to innovate on this front as well.
But, it’s not actually only about the cloud. Our vision for WAF is that the customer should get to choose how and where to deploy it. After all, if the solution won’t fit the protected environment, it can’t protect that environment. So as we bring new joint solutions to market, expect us to unbind the security policy from security enforcement points, making it possible to manage your application security from a centralized console and choose the right kind of enforcement mechanism for your problem set. We feel we’re leading the pack on making this vision a reality and look forward to helping customers on their transition to cloud computing. A transition that will not only provide critical agility and innovation for the business, but also an opportunity to increase the security for critical business data and applications.
If you’d like to read more about the WAF market or dig into the details, download the complete Gartner MQ for WAF here.
 Gartner Magic Quadrant for Web Application Firewalls, Jeremy D’Hoinne, Adam Hils, Claudio Neiva, 19 July 2016
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.