Gartner, Inc. - Experts & Thought Leaders

Abnormal AI, the pioneer in AI-native human behaviour security, announced it has been recognised as a Leader in the 2025 Gartner® Magic Quadrant™ for Email Security, marking the company’s second consecutive year in the Leaders Quadrant. Gartner evaluated vendors based on their Completeness of Vision and Ability to Execute. Among 14 vendors evaluated, Abnormal was placed furthest right on the Vision axis. API-based approach In the report, Gartner highlights that “the high volume of sophisticated, email-enabled social engineering attacks, combined with the difficulty in consistently quantifying true detection efficacy across the market, justifies organisations utilising multiple vendors for comprehensive protection.” To better combat these sophisticated threats, there is growing potential in solutions that utilise behavioural AI and natural language processing to analyse user behaviour and help detect anomalies. The Abnormal Behaviour Platform analyses identity, behaviour, and contextual signals in order to baseline normal activity and help identify deviations indicative of malicious activity. This API-based approach is designed to enable autonomous protection against a wide range of attacks—including business email compromise, credential phishing, and account takeover—without requiring cumbersome mail routing changes or complex configurations. AI-native approach “Being named a Leader in the Gartner Magic Quadrant for the second year in a row—while maintaining the furthest placement on Vision—is an incredible milestone for us,” said Evan Reiser, chief executive officer of Abnormal AI. “We’re proud to see our AI-native approach continuing to drive innovation and impact as we build toward a future where understanding human behaviour is the cornerstone of keeping people and organisations safe.” AI Phishing Coach and AI Data Analyst This recognition follows a year of exceptional growth and innovation for Abnormal AI. In 2025, Abnormal launched its first autonomous AI agents—AI Phishing Coach and AI Data Analyst—to help organisations detect, remediate, and train themselves against threats in real time. The company also achieved FedRAMP Moderate Authorisation and earned the ISO/IEC 42001 AI governance certification, underscoring its commitment to both security and responsible AI. Abnormal now protects more than 25% of the Fortune 500 and continues its global expansion, recently entering new markets in Germany, Japan, and France. The year also brought strong industry and customer validation — from featuring on the CNBC Disruptor 50, to the Forbes Cloud 100, and the Fortune Cyber 60. Abnormal was also named a Gartner Peer Insights™ Customers’ Choice for Email Security Platforms in July 2025, earning a 99% “Would Recommend” rating and, in our opinion, reaffirming the trust placed in Abnormal’s AI-native approach.

Alibaba Cloud, the digital technology and intelligence backbone of Alibaba Group, announced that it has been named a pioneer in Gartner 2025 Magic Quadrant for Container Management and the 2025 Magic Quadrant for Cloud-Native Application Platforms. Alibaba Cloud believes these recognitions underscore Alibaba Cloud’s continued commitment to pioneering innovations that empowers global enterprises and drives digital transformation. Focus on delivering solutions  “We believe being recognised by Gartner as a Leader in both Container Management and Cloud-Native Application Platforms reflects our unwavering focus on delivering solutions that meet the rapidly evolving technology needs of today’s businesses.” “With digital competency quickly becoming a non-negotiable, we’re fully committed to making the adoption of digital tools as easy and effective as possible while pushing the boundaries of what’s possible in these technologies,” said Jiangwei Jiang, Senior Researcher and General Manager of Infrastructure Products, Alibaba Cloud Intelligence. According to Gartner, “Leaders distinguish themselves by offering a service suitable for strategic adoption and having an ambitious roadmap.” Comprehensive container service portfolio For Container Management, Alibaba Cloud has a comprehensive container service portfolio, which delivers strategic flexibility across public, hybrid, and multi-cloud environments. The container management market reached over USD2.5 billion in value in 2024, and by 2028, 95% of new AI deployments will use Kubernetes, up from less than 30% today, according to the Gartner report. For Cloud-Native Application Platforms, Alibaba Cloud’s dominant position is attributed to its full-featured modern development environment, which integrates developer productivity, AI, and serverless compute. Its Serverless App Engine (SAE), Function Compute, and Container Compute Service (ACS) enable organisations to rapidly build, deploy, and scale AI-enabled applications with ease. Cloud-native application platform The cloud-native application platform market exceeded $3.5 billion revenue in 2024, with worldwide spending growing at a double-digit, year-over-year rate of 16.4%. This market is projected to exceed the $7 billion revenue mark by 2029, at a five-year CAGR of 15.1% from 2024 through 2029 in constant currency, according to Gartner.  Alibaba Cloud believes it is well positioned to capture the resulting opportunities as its key strengths include empowering developers with advanced toolchains and serverless orchestration; driving AI innovation through offerings such as AI models, AI gateways, and one click AI application templates; and strong market awareness underpinned by a product strategy designed to meet growing demand for scalable, flexible, and secure solutions. Auto-scaling capabilities During this year’s Apsara conference, Alibaba Cloud’s annual flagship technology conference, Alibaba Cloud has upgraded its ACS to enhance its auto-scaling capabilities through optimised scheduling and container image cache acceleration technologies. This enables elasticity, supporting the scaling of up to 15,000 pods per minute to handle massive, highly concurrent agent requests.

Cybersecurity experts are warning that too many organisations are treating resilience as a compliance requirement rather than embedding it into core business strategy, leaving them dangerously exposed to cyber attacks. According to Gartner, resilience is too often viewed as a “tick-box” exercise focused narrowly on metrics or recovery documentation. Instead, experts stress the need for cross-department collaboration, regular testing through simulations, and executive-level involvement to ensure organisations can withstand and recover from inevitable cyber incidents. Cyber threat landscape New research also shows growing concern among security pioneers about the UK’s preparedness This warning comes as the cyber threat landscape continues to intensify. Attack frequency and sophistication show no signs of slowing, while the regulatory environment is tightening under frameworks such as the EU’s NIS2 Directive and the Digital Operational Resilience Act (DORA). Both require businesses to demonstrate operational resilience, with potential penalties for those who fall short. New research also shows growing concern among security pioneers about the UK’s preparedness. Nearly half (48%) of UK CISOs believe the country lacks an effective cyber resilience strategy, underscoring how urgent this issue has become. High stakes The stakes are high: downtime, reputational damage, and financial loss from attacks can cripple operations and undermine customer trust. Experts agree that genuine resilience must go beyond prevention, ensuring organisations can anticipate, withstand, and rapidly recover from disruptions while minimising impact on essential services. Embedded cyber resilience Andy Ward, SVP International at Absolute Security commented:  “Our research shows that 48% of UK CISOs believe the country has a poor cyber resilience strategy, highlighting just how urgent this issue has become. As the cyber threat landscape shows no sign of slowing down, resilience cannot be reduced to a compliance exercise.” “True resilience is about more than prevention, it’s about ensuring organisations can protect against, withstand, and rapidly recover from cyber attacks, while minimising disruption and reducing the impact of downtime. That means embedding cyber resilience into every layer of the business, so leaders are prepared for the inevitable.”  With rising attacks and new regulations coming into force, the message from experts is clear: businesses must move beyond compliance paperwork and start building resilience into the fabric of their operations. 

Who needs cards when everyone has a smartphone? That’s the key question underlying the access control industry’s transition to mobile credentials. But the transition is easier said than done, and mobile credentialing, for all its advantages, also has limitations, which further innovation continues to address. Wider acceptance comes next, driven by use cases in various vertical markets. We asked this week’s Expert Panel Roundtable: What are the latest developments in mobile access control?

In my coverage of China Tariffs impacting the security industry over four recent articles, products on the tariff schedules routinely integrated into security solutions included burglar and fire alarm control and transmission panels, video surveillance lenses, HDTV cameras used for broadcast use cases and fiber optic media converters. The general ‘callout’ of ADP (Automatic Data Processing) devices and peripherals technically includes servers, workstations and microcomputers, all of which are commonly used to support security solutions. The underperformance, from June 15 to August 24, of U.S. stocks with high revenue-exposure to China, and that of Chinese stocks with high revenue-exposure to the United States was significant and almost identical at 3.2%, significant losses to some investors already involved in security industry M&A activity. Significant public safety Facial Recognition (FR) vendors leveraging AI expanded their market focus to retail and public safety While it was not apparent that practitioners’ security program budgets kept pace with the growth of the more popular solution providers like video surveillance and cyber security, the ICT industries supporting the security economy continued to expand, especially in wireless and wired infrastructure, including preparations for 5G wireless rollouts. These omnipresent technologies drove significant public safety, smart city and public venue projects in 2018. Facial Recognition (FR) vendors leveraging AI expanded their market focus to retail and public safety. In 2018, virtually every public presentation, webinar and published Q&A on social media monitoring and facial recognition technologies I worked on, involved significant pushback from privacy advocates, almost to the point of alarmism. Massive risk reduction Several solution providers in these areas have made significant strides on data protection, accuracy, powered by AI and documented crime reduction cases; however, this real news is quickly shadowed by privacy advocates, seemingly ignoring massive risk reduction, especially in the case of active assailants and gang-related crime. Will FR become mainstream? The cautious security industry may take a cue from the maverick retail industry, sports venue and VIP verification solution providers that grew in 2018. 2019 trends: presupposition or repudiation; winners and losers. Chinese tariffs have had a huge impact on the security industry, which can be seen from changes to U.S and Chinese stocks  Although technology adoption forecasting is inexact, there are definitive opportunities in the security industry born on necessity. With the widespread problem of false alarm transmission and inability for first responders to ‘be everywhere,’ developers of solutions that provide automated verification and alternative security incident detection are expected to become mainstream. Promising detection systems The use of AI, NLP, LiDAR, UAS (Unmanned Aerial Vehicles aka drones) with surveillance and thermal imaging will grow, mostly due to higher acceptance in other industries like autonomous vehicles, rail safety, terrain and post devastation mapping/rescue. However, legacy ‘listing’ or certification organisations will be forced to make an important decision for their own survival: work toward integrating these promising detection systems into acceptance by insurance, licensing and standards development organisations. 2019’s ‘true’ Industrial Philanthropists will be needed to fund early warning tech for firefighters and the presence of active assailants 2019’s ‘true’ industrial philanthropists will be needed to fund early warning tech for firefighters and the presence of active assailants. For these use cases, 5G infrastructure rollouts, FR acceptance, lower cost perimeter detection and long range object and fire recognition by LiDAR and Thermal imaging will all be watched closely by investors. Should public agencies and philanthropical solution providers in the security industry cross paths, we may just yet see a successful, lifesaving impact. Cyber risk profile The ‘Digital twin’ refers to a digital replica of physical assets (physical twin), processes, people, places, systems and devices that can be used for various purposes. Your ‘Security Digital Twin’ has a similar physical and cyber risk profile, either through common threats, similar assets or both. Good news: managing your risk, protecting assets and securing your facilities in 2019 will get easier as security digital twin profiles will grow in maturity, while keeping their data sources private. This will be accelerated by the maturity of AI-based, auto-generated visualisations and image recognition, that happens to also drive the FR solutions. The 5G wireless infrastructure market is emerging as far more of a quantum leap in connectivity, like ‘wireless fiber optics’ performance, than an upgrade to 4G LTE. The 5G infrastructure market will be worth $2.86 billion by 2020 and $33.72 billion by 2026, growing at a compound annual growth rate (CAGR) of 50.9%. Intelligent applications The explosion of ingested voice, video, and meta-data, the interconnectivity of devices, people and places, and the integration of intelligent applications into expanding ecosystems all require faster communications. To be more accurate, 5G rollouts will accelerate in 2019; however, current project funding will include and be impacted by future enterprise security connectivity: 5G and FWA (Fixed Wireless Access). 5G rollouts will accelerate in 2019; however, current project funding will include and be impacted by future enterprise security connectivity Quite simply put, larger solution providers are gently coaxing practitioners into seemingly ‘open systems;’ the negative discovery during an M&A process, audit or integration with a smart city’s public/private partnerships will continue to be revealed, and related industries will force reform. Autonomous things will be enabled by AI and image recognition. With few affordable rollouts of security robots and outdoor unmanned ground vehicles (UGV) that leveraged platforms popular with research and even NASA, the autonomous security robot was mostly MIA from a security practitioner’s program in 2018. Perimeter intrusion detection One platform was even accused of intimidating homeless people in a public place, at a major city. Industries mutually beneficial are often unaware of each other; this will change gradually: one major domestic airport is currently evaluating a UGV platform performing perimeter intrusion detection, runway weather conditions and potential aircraft taxiing dangers. The platform is being used largely in transportation research, yet offers significant opportunities to the security industry. Research firm Gartner estimates that 70% of today’s technology products and services can be enhanced with ‘multi-experience’-based VR/AR/MR The ‘immersive experience’ of virtually any security or threat detection is a twist on virtual/augmented/mixed reality (VR/AR/MR) with additional sensory features. Although VR/AR/MR is well underway in other industries, there are several companies with solutions like VR-based active assailant training that could provide a fighting chance for practitioners, employees, visitors, faculty and children. Research firm Gartner estimates that 70% of today’s technology products and services can be enhanced with ‘multi-experience’-based VR/AR/MR. Security ecosystem members Not necessarily MIA, but of special mention is the need of security and safety practitioners to prioritise communications systems over ‘nice to have’ expansive video surveillance systems for mass casualty threats. This will eventually improve with 5G for Enterprise solution rollouts. At the past GSX and upcoming CES Technology trade shows, a new roundup of technologies is discovered: a wider diversity of protection promise to save ASIS members on their technical security program is realised. With each of the ‘winners,’ (5G, AI, NLP, LiDAR, UAS [Unmanned Aerial Vehicles aka drones], thermal imaging, digital security twins and smart-city-friendly technologies) it is both exciting and challenging work for both security practitioners and solution providers. All things equal and with the necessary technology acceptance testing processes, this is a truly great time for security ecosystem members.

Video surveillance as a service (VSaaS) is not just for commercial organisations. Federal, state and local governments can also realise benefits from the technology—and use it to deliver an integrated video surveillance system that addresses some of their unique security needs. Video Surveillance as a Service (VSaaS) What is VSaaS? Simply stated, it’s a cloud-based video surveillance solution that is packaged and delivered as a service over the internet. The price varies depending on the features of your plan (i.e. number of cameras, amount of storage, software features, etc.), and you pay a monthly subscription price to use it. How does it work? Internet Protocol (IP) cameras are installed at site locations, and the video is captured and streamed to a service provider’s data center via an internet connection. The video management software (VMS) runs on backend infrastructure provided by the service provider’s cloud. All video processing is done in the cloud, and all that is required to view the footage is an internet-connected device and a web browser. Retail, health care, education, and transportation all benefit from the flexibility and architecture of VSaas Growing VSaaS providers Solution providers such as Axis Communications, Genetec, and G4S among many others offer VSaaS solutions, and the market is growing. According to IHS Markit, the market is expected to reach $2.3 billion in 2021. VSaaS is a solution with cross-industry appeal. Retail, health care, education, and transportation all benefit from the flexibility and architecture of the solution. But how does VSaaS address the surveillance needs of government institutions? Geographic coverage and access To protect cities and towns, law enforcement must watch over widespread geographic areas. Their work involves monitoring and policing many different neighborhoods, buildings, garages, parks, and walking paths—basically anywhere there is property or people to protect. They rely on video surveillance to help them keep these environments safe. But it’s more than local law enforcement officers who use video footage. From local city officials to federal and state law enforcement agencies, many other people, at times, need access to video footage captured by city surveillance cameras. Centralised remote monitoring How does VSaaS help? VSaaS enables the installation of cameras throughout cities and communities and stream footage to a central location via the Internet. Because the system is centralised, it eliminates the need to manage a lot of different standalone DVRs or NVRs, which enables organisations to monitor a large area from a remote command center. VSaaS enables the installation of cameras throughout cities and communities and stream footage to a central location via the Internet Plus, anyone with proper credentials can access the footage from an Internet-connected device—whether that be a smartphone, laptop, desktop, or tablet. That makes it easier for multiple agencies to work together, which in turn can improve communication and response time to incidents. Budget concerns and flexibility Tight budgets are normal in government. As a result, it’s often a challenge to procure capital for new technology purchases—and that sometimes leads to underfunded projects and difficulty upgrading old technology. VSaaS changes the expense model. It allows you to shift from a capital expenditure (CapEx) model, where large capital funding is required to purchase equipment, to an operational expenditure (OpEx) model, where the costs of the solution become an operating expense. Since the cameras, installation, storage, and software are packaged into a service, you don’t need a large capital outlay up front—you simply pay a predictable expense every month. VSaaS provides the capability for you to increase storage capacity when you need it Feature and storage capacity upgrade features VSaaS also makes it easier to upgrade old technology. When new technology becomes available, you can upgrade to it as part of the service. You no longer have to stick with old technology because of capital budget restrictions. Instead, you can upgrade to better cameras and management software features as they become available. The same is true for storage capacity. As camera resolution increases, the amount of data captured also increases. In addition, with the evolution of smart city technology and big data analytics, video data has become more valuable. As a result, there is a need not only to store more data but also to keep that data accessible for a longer period of time. VSaaS provides the capability for you to increase storage capacity when you need it. You can scale to accommodate growth, and since the storage is delivered as part of the service, you can leverage the “pay for use” model to manage your costs. On-premise storage or hybrid Where should surveillance video be stored? It’s an important question. After all, government entities must always comply with data privacy laws and handle data properly to ensure it can be used as evidence if needed. As a result, officials may prefer to be selective about where they store video data. In fact, the concern over regulatory requirements and security and privacy issues, according to Gartner, will lead governments to implement private cloud at twice the rate of public cloud through 2021. The provider’s ability to store large amounts of data cost-effectively makes VSaaS possible That’s not necessarily a show-stopper when it comes to video surveillance. Some VSaaS providers offer hybrid options. Plus, one of the things that makes VSaaS possible is the provider’s ability to store large amounts of data cost-effectively. Because service providers can manage their storage infrastructures economically, they can offer their service at an attractive price. Multi-tier storage infrastructure In a way, government institutions (as well as commercial organisations) can do the same thing. If a government entity—for example, a small municipality—wanted to store their data on-premise or implement a hybrid configuration, they could solve some of their video storage challenges by implementing a multi-tier storage infrastructure similar to what a VSaaS provider might use to provide the actual service. A multi-tier storage infrastructure uses different storage media—disk, object storage, tape, and cloud—and combines them to deliver the total capacity needed while balancing performance and cost. The diagram below is an illustration of a multi-tier infrastructure: As the diagram shows, storage capacity grows using lower cost forms of media as volume and long-term retention requirements change. Files are moved between tiers based on user-defined policies. When the policies are met, the files are moved to a lower cost tier. Some file systems allow for multiple copies be written at ingest which not only minimises the traffic of moving files across the network, but also provides much needed data protection through a second copy on a lower-cost tier. This scenario enables you to optimise the amount of high-performance media in your infrastructure and lower the long-term cost of retaining files. VSaaS offers many benefits for government institutions and commercial organisations alike Choice of implementations VSaaS offers many benefits for government institutions and commercial organisations alike. But not every implementation has the same needs or requirements. The good news is, when it comes to video surveillance solutions, you have options. You can leverage the benefits of VSaaS, in either a public cloud or hybrid scenario, depending on the service provider. Or if your needs dictate, you can achieve some of the same capacity and cost-saving benefits you would get from a VSaaS solution by implementing an on-premise solution based on a centralised VMS system and multi-tier storage. The choice is yours.