A deep dive into the GigaOm Radar Report, Greymatterโ€™s leadership, and where the service mesh market is headed.

Setting the Scene

Greymatter.io was recognized as a Leader and Outperformer in the 2025 GigaOm Radar for Service Meshโ€”our fourth consecutive year of top recognition, with the highest combined scores among 15 commercial vendors.

Download Your Courtesy Copy of the Report

Service mesh has moved from โ€œnice-to-haveโ€ to essential infrastructure for modern application deliveryโ€”but the real differentiator isnโ€™t whether you have a mesh. Itโ€™s whether you can run securely, efficiently, and at scale across hybrid and multicloud environments.

In this discussion, Jon Collins (GigaOm) and Jim Gaspari (Greymatter.io) unpacked what GigaOm evaluates, why the market is evolving, and what IT leaders should prioritize now to stay aheadโ€”especially across the three pillars that repeatedly define enterprise outcomes: Zero Trust, Observability, and Control Plane Architecture.

What the GigaOm Radar is (and How to Read it)

The GigaOm Radar is built to help teams choose the right solution for their scenarioโ€”not to crown a universal winner. It’s a decision tool. The value is in the frameworkโ€”how you map capabilities to your real-world constraints (hybrid, compliance, team size, app maturity).

โ€œIt gives more or less suitable for different kinds of scenariosโ€ฆ itโ€™s a tool. It isnโ€™t a beauty contest.โ€โ€” Jon Collins

Itโ€™s easy to over-index on features that look great in a demo. The Radar pulls you back to what wins in production: reducing operational overhead, improving security posture, and making distributed systems easier to manage.

What youโ€™ll find in the report:

  • A scenario-driven view of the market (not one-size-fits-all rankings)
  • Evaluation across the criteria that matter most in enterprise environments
  • A comparative lens on maturity, innovation, and platform execution
Download a Copy of the Report

Why This Report Matters Now: 3 Pillars Shaping Real Outcomes

1) Zero Trust: security without the overhead tax

Jon made the point bluntly: the goal isnโ€™t โ€œzero trustโ€ in theoryโ€”itโ€™s zero trust thatโ€™s achievable in production. The winning approach is security that scales down as well as upโ€”so smaller teams can enforce strong policy without drowning in manual configuration, exceptions, and constant firefighting.

โ€œItโ€™s about zero trust with minimal overheadโ€ฆ how can you deliver on zero trust without having a team of 20 people?โ€ โ€” Jon Collins

Jim grounded this in how service-to-service policy should work at runtime:

โ€œThis application can only talk to this databaseโ€ฆ and thatโ€™s how the zero trust actually should play out in the real world.โ€ โ€” Jim Gaspari

This is the difference between security posture and security theater. Least-privilege policy isnโ€™t a PowerPoint conceptโ€”itโ€™s a runtime behavior that reduces blast radius and helps meet compliance requirements with provable controls.

What to prioritize:

  • Faster time-to-value through configuration + automation
  • Standards alignment and proof for regulated environments
  • Least-privilege policies that reflect how systems should actually behave

2) Observability: visibility that drives efficiency, cost control, and security

Observability is โ€œtable stakes,โ€ but the right observability is what prevents runaway spend and blame-driven firefighting. If you canโ€™t explain cost and performance in distributed systems, you canโ€™t manage them. And when you canโ€™t manage them, you start paying for uncertaintyโ€”extra infrastructure, slower delivery, and longer outages.

โ€œItโ€™s mission critical, costing far more than we thoughtโ€ฆ and we donโ€™t know whyโ€ฆ can we have some more money please?โ€โ€” Jon Collins

Jim connected observability to business decisions (not just dashboards):

โ€œWe layer on top of that user informationโ€ฆ whoโ€™s doing it, what theyโ€™re accessing, when theyโ€™re accessing. Greymatter can collect all of those metrics.โ€ โ€” Jim Gaspari

Context turns โ€œdataโ€ into action. Knowing what happened is good. Knowing who/what initiated it, what they touched, and how it propagated is what shortens outages, strengthens audits, and supports confident optimization.

What that enables:

  • Faster troubleshooting across distributed services
  • Usage-based decisions (what to scale, optimize, or retire)
  • Earlier detection of risky patterns and misconfigurations

3) Control Plane Architecture: the difference between โ€œhaving meshโ€ and running it at scale

Control planes arenโ€™t optionalโ€”but flexibility and visibility are where enterprise-grade execution shows up. The control plane isnโ€™t just โ€œmanagement UI.โ€ Itโ€™s your ability to operateโ€”to make fast, safe traffic decisions across environments as conditions change.

โ€œItโ€™s not about having a control planeโ€ฆ itโ€™s about having flexibilityโ€ฆ and the visibility so you can make these rapid decisions.โ€ โ€” Jon Collins

Jim illustrated what โ€œoperationalizedโ€ looks like:

โ€œIf Iโ€™m running three versions of an app, weโ€™ll kick it out, focus on the other two, so the customer does not deal with the problem.” โ€” Jim Gaspari

This is resilience that customers actually feel. The goal isnโ€™t to avoid every incident; itโ€™s to contain impact and keep experiences stable even when systems degrade.

What this unlocks in practice:

  • Rapid response decisions based on real runtime visibility
  • Resilience through health-aware routing and automated failover
  • Hybrid/multicloud traffic control when regions or DCs degrade

Where the Market and Greymatter are Headed

Jonโ€™s thesis: services will get easier to createโ€”but integration, policy, and managed trust become the hard part. The next era of service mesh is less about โ€œgetting services to talkโ€ and more about governing interactionsโ€”identity, policy, routing, observability, and trustโ€”across an increasingly mixed estate (Kubernetes + VMs + managed services + APIs).

โ€œItโ€™s all about the glue in between. Services commoditizeโ€ฆ integration becomes the most important thingโ€ฆโ€ โ€” Jon Collins

Teams need platforms that reduce drift and keep systems โ€œin the safe zoneโ€ with less manual workโ€”because complexity expands faster than headcount.

Jim previewed where Greymatter is investing to stay aheadโ€”supporting what teams actually run (modern + legacy) and whatโ€™s coming next:

  • Building toward quantum safe encryption visibility and enforcement
  • Plans to support HTTP3
  • Expanded VM support (including VMware and Azure VMs)

Download Your Copy of the GigaOm Radar for Service Mesh

If youโ€™re responsible for any of the following, the Radar will help you benchmark what matters most:

  • Teams modernizing legacy apps while securing east-west traffic
  • Platform engineering and SRE leaders operating distributed systems
  • Security leaders implementing Zero Trust at the service layer
  • Architects standardizing on Kubernetes + hybrid/multicloud

Get the evaluation framework, vendor comparisons, and the criteria that matter most for enterprise deployments.

Download the Report