In the next 2 years, 70% of users will choose cloud WAF protectionJune 1, 2022

WAF is the abbreviation of Web Application Firewall, which may be known to most readers. Then what is WAAP? This is a new word proposed by Gartner's WAF Magic Quadrant report released in September 2021. The report said that this is an upgraded product of WAF, which is the abbreviation of Web Application and API Protection, which added function for DDoS attack protection, crawler management and API protection based on the WAF functions.

Let's take a look at Gartner's 2021 report forecast data:

  • By 2024, 2 years from now, 70% of organizations implementing a multi-cloud strategy for web applications will favor cloud WAAP services over WAAP appliances or IaaS-native WAAP. IaaS, Infrastructure as a Service, means leasing WAAP equipment services. This data shows that 70% of customers will choose cloud WAF services, rather than buying WAF equipment or renting WAF equipment.
  • By 2026, 40% of organizations will choose a WAAP service provider based on the need for API protection and web application security protection, compared to less than 10% currently. This data shows that the cloud WAF market has not yet developed, but the development momentum is still very good.
  • By 2026, more than 40% of organizations with consumer-facing applications will seek additional bot threat support from WAAP providers, up from less than 10% today. This data shows that more and more big data collection crawlers have become a major security threat to websites and require the protection support of WAF services. Alibaba Cloud WAF has also provided this function. The following figure shows the Alibaba Cloud WAF crawler protection statistics on ZoTrus official website. It can be seen that the number of actual blocking is still very small, which proves that it is not a major threat yet.

The purpose of quoting these predicted data is to hope that everyone can fully recognize the importance of cloud WAF to protect the security of the website and its development trend. The first cloud service product - Website Security Cloud Service is a website security solution that integrates HTTPS encryption, cloud WAF protection, and website trusted identity validation service. Of course, we tested the products of several cloud WAF service providers when selecting cloud WAF partners. According to the official website of Alibaba Cloud WAF, "Alibaba Cloud WAF is the only product in China that has won the Web Application Firewall Grand Slam (Gartner, Forrester, IDC, Frost & Sullivan)". The author also searched for Gartner's WAF Magic Quadrant report, which is indeed as Alibaba's Cloud official website publicity - "Alibaba Cloud is selected in Gartner 2019 WAF Magic Quadrant, the only Asia-Pacific vendor". The author found the Magic Quadrant of the original report. The red line name Alibaba Cloud as shown in the figure below. Don't mind the definition of "Niche Players". Alibaba Cloud WAF in China is not a so-called "niche player", it is not surprising that Gartner puts Alibaba Cloud WAF in this category, because Gartner is not a Chinese company.


We have tested Alibaba Cloud WAF, Huawei Cloud WAF, Tencent Cloud WAF and JD Cloud WAF, and plan to test Microsoft Azure Cloud WAF and Amazon AWS Cloud WAF. In terms of simplicity and ease of use, China cloud WAF services are better than western cloud WAF services。 Although Azure and AWS also provides free tests, but we gave up because we didn’t know how to start, unlike China providers who basically do it with one click.

We focused on testing Alibaba Cloud WAF. Judging from the actual protection effect of CerSign official website online for more than two months, as a cloud WAF customer, we are very satisfied with the protection effect. In fact, the three protection functions that Gartner's 2021 report changed the name of WAF to WAAP are also provided by Alibaba Cloud WAF, this can see in WAF document on the official website of Alibaba Cloud WAF. Maybe Alibaba Cloud considers customers are already familiar with the product name as "WAF", and has not followed the new word "WAAP". The following figure shows the Alibaba Cloud WAF crawler protection statistics on ZoTrus official website. It can be seen that the number of actual blockings is still very small, which proves that it is not a major threat yet.


In summary, we can see from Gartner's forecast data that cloud WAF service has become the first choice and must-have for website security protection. Based on Alibaba Cloud WAF service, ZoTrus Website Security Cloud Service not only realizes automatic https encryption and WAF protection, but also enables cloud WAF popularization at affordable price for all websites, which will definitely accelerate the popularization and application of cloud WAF services. Therefore, the author prediction is more optimistic, and it is expected that cloud WAF services will be widely used by 2024.

Click here to download this blog post (PDF format, digital signed and timestamped with global trust and global legal effect, all rights reserved, plagiarism is prohibited! Reprint this article, please indicate: Reprinted from ZoTrus CEO Blog)