Skip links

Gartner Confirms the Hype about Blue Lava

Blog Post

Gartner Confirms the Hype about Blue Lava

As Gartner continued to release new Hype Cycles throughout July, Blue Lava was proud to be included in a total of three different reports with four total mentions. In particular, Blue Lava was repeatedly listed as a key vendor for both cybersecurity maturity assessments and cybersecurity performance management.

It’s always an honor to appear in these Hype Cycles. However, these specific appearances are particularly meaningful to Blue Lava. From the beginning, we have set out to change the industry by both innovating on the approach to security assessments and providing a new way for CISOs and security leaders to optimize and manage their security programs. With the release of these Hype Cycles, Gartner has validated this approach and the work we have done to date.

Built with, by, and for the security community, Blue Lava is on a mission to empower security leaders to manage the business of security. For too long, we have been left without a solution to strategically manage security programs; instead, we rely on a combination of spreadsheets, outdated data, and tribal knowledge to put out fires as they arise. Fortunately, we have a better way forward. Through security program management, security leaders can now measure, optimize, and communicate their current security program as well as their future program roadmap – one that is tailored to their organization’s unique business objectives.

We are seeing these concepts resonate with Gartner, and they are reflected predominantly in the Hype Cycle for IT and Risk Management. Within this report, not only do we see how cybersecurity maturity assessments and cybersecurity performance management live within the Hype Cycle but also how Blue Lava speaks directly to each of their core aspects to create effective security program management.

Cybersecurity Maturity Assessments is the more advanced of the two, sitting within the upper portion of the Slope of Enlightenment and tagged as reaching the Plateau in under two years. Representing the foundational ‘measure’ phase of managing your security program, this core competency has been a focus of Blue Lava since its founding. The ability to effectively and efficiently measure the current state of your program – and then use that critical data to determine potential under and over investments – is essential to building a successful security program.

On the other side of the Hype Cycle, we find Cybersecurity Performance Management; it is the only category listed early within the Innovation Trigger phase that is tagged to reach the Plateau within two to five years. These technologies are not only among the earliest adopted but those moving fastest towards becoming commonplace in the future.

Being listed on both sides of the Hype Cycle offers further significance as it represents both innovation and persistent growth: Blue Lava has been proven to solve today’s problems while setting users up for future success. With that in mind, let’s look at each category individually.

Cybersecurity Maturity Assessments

Along the Cybersecurity Maturity Assessments portion of the cycle, Gartner tells us that this is the evaluation of an organization’s cybersecurity program, and its underlying people, processes, and technologies against a defined model, with distinct levels of maturity. As Gartner points out, “Organizations find it challenging to articulate the benefits of cybersecurity and maintain support for further investment. Justification for further investment is usually constructed around persistent negative themes. Cybersecurity maturity assessments allow security and risk management (SRM) leaders to measure the capability of their cybersecurity program against a set of predefined outcomes and desired capabilities. As a result, their use and adoption continue to increase.”

Blue Lava is identified as an example of a vendor recommended to perform a cybersecurity maturity assessment. Additionally, Gartner identifies that a common obstacle is that maturity assessments only measure the implementation of tech and controls.

Blue Lava specifically has built our maturity model around people, process, and tech. Gartner also recommends assessing regularly to “guide priorities and inform strategic plans” – Blue Lava has made it easy to do this both at the enterprise level or tailored to the specific business units, applications, regions, products, etc. Ultimately, Blue Lava was listed among the major players in the traditional assessment space.

Cybersecurity Performance Management

Gartner goes on to list drivers of Cybersecurity Performance Management in three key areas:

  • Pressure from boards for improved, ongoing reporting on the ROI in the cybersecurity program.
  • Greater focus on the cost optimization of cybersecurity programs and the failure of rigorous, inflexible security programs to cope with the impact of the COVID-19 pandemic.
  • Over-reliance on negative themes (scare tactics, inflated risk exposures, and impending disasters) as the basis for security investment.

In each of these three areas, Blue Lava offers an innovative approach to guide and support CISOs. As we work with our customers and the larger community, finding a common language with the board is consistently an issue and was at top of our list to address. By working with security leaders to present their existing program and future needs in the language of the business, they can better articulate where to make investments and why. We further help identify possible over and underinvestments and tie future security investments to business needs – and all done through CISO and organizational empowerment, rather than relying on scare tactics.

Optimizing your security program

Bringing together Cybersecurity Maturity Assessments with Cybersecurity Performance Management empowers CISOs and security leaders with the data and metrics needed to effectively and strategically manage their security program.

More importantly, our transparent, comprehensive data empowers CISOs; Blue Lava further guides CISOs to better communicate with the team, C-Suite, and board about their existing program, maturity roadmap, and what investments are needed. This alignment of the security program needs, now in tune with those of the business, helps elevate the conversation from strictly technical risks to that of a strategic and integral business partner.

As we continue to grow and evolve, the guidance and input of the security community will remain critical to Blue Lava. We are again honored and humbled to see our hard work and vision reflected back to us, and we look forward to continuing to make a positive impact for the security industry at large. To learn more about Blue Lava and how we can impact your organization, visit