Security Market Segment LS
Wednesday, 06 March 2019 10:42

Seven top security and risk management trends identified by Gartner

By
Seven top security and risk management trends identified by Gartner Image courtesy of IndypendenZ at FreeDigitalPhotos.net

External factors and security-specific threats are converging to influence the overall security and risk landscape, and leaders in the space must properly prepare to improve resilience and support business objectives, according to analyst firm Gartner.

Peter Firstbrook, research vice-president at Gartner, says the company has identified emerging security and risk management trends that will impact security, privacy and risk leaders in the longer term.

Here’s the list of seven security and risk management trends for 2019 and beyond identified by Gartner:

Trend 1: Risk appetite statements are becoming linked to business outcomes

As IT strategies become more closely aligned with business goals, the ability for security and risk management leaders to effectively present security matters to key business decision makers gains importance. “To avoid exclusively focusing on issues related to IT-decision making, create simple, practical and pragmatic risk appetite statements that are linked to business goals and relevant to board-level decisions,” said Firstbrook. “This leaves no room for business leaders to be confused as to why security leaders were even present at strategic meetings.”

Trend 2: Security operations centres are being implemented with a focus on threat detection and tesponse

The shift in security investments from threat prevention to threat detection requires an investment in security operations centres as the complexity and frequency of security alerts grow. According to Gartner, by 2022, 50% of all SOCs will transform into modern SOCs with integrated incident response, threat intelligence and threat-hunting capabilities, up from less than 10% in 2015. “The need for SRM leaders to build or outsource an SOC that integrates threat intelligence, consolidates security alerts and automates response cannot be overstated,” Firstbrook said.

Trend 3: Data security governance frameworks will prioritise data security investments

Data security is a complex issue that cannot be solved without a strong understanding of the data itself, the context in which the data is created and used, and how it is subject to regulation. Rather than acquiring data protection products and trying to adapt them to suit the business need, leading organisations are starting to address data security through a data security governance framework. “DSGF provides a data-centric blueprint that identifies and classifies data assets and defines data security policies. This then is used to select technologies to minimise risk,” said Firstbrook. “The key in addressing data security is to start from the business risk it addresses, rather than from acquiring technology first, as too many companies do.”

Trend 4: Passwordless authentication Is achieving market traction

Passwordless authentication, such as Touch ID on smartphones, is starting to achieve real market traction. The technology is being increasingly deployed in enterprise applications for consumers and employees, as there is ample supply and demand for it. “In an effort to combat hackers who target passwords to access cloud-based applications, passwordless methods that associate users to their devices offer increased security and usability, which is a rare win/win for security,” said Firstbrook.

Trend 5: Security product vendors are increasingly offering premium skills and training services

The number of unfilled cyber security roles is expected to grow from 1 million in 2018 to 1.5 million by the end of 2020, according to Gartner. While advancements in artificial intelligence and automation certainly reduce the need for humans to analyse standard security alerts, sensitive and complex alerts require the human eye. “We are starting to see vendors offer solutions that are a fusion of products and operational services to accelerate product adoption. Services range from full management to partial support aimed at improving administrators’ skill levels and reducing the daily workload,” said Firstbrook.

Trend 6: Investments being made in cloud security competencies as a mainstream computing platform

The shift to cloud means stretching security teams thin, as talent may be unavailable and organisations are simply not prepared for it. Gartner estimates that the majority of cloud security failures will be the fault of the customers through 2023. “Public cloud is a secure and viable option for many organisations, but keeping it secure is a shared responsibility,” said Firstbrook. “Organisations must invest in security skills and governance tools that build the necessary knowledge base to keep up with the rapid pace of cloud development and innovation.”

Trend 7: Increasing presence of Gartner’s continuous adaptive risk and trust assessment in traditional security markets

Gartner’s continuous adaptive risk and trust assessment (CARTA) is a strategy for dealing with the ambiguity of digital business trust assessments. “Even though it’s a multi-year journey, the idea behind CARTA is a strategic approach to security that balances security friction with transaction risk. A key component to CARTA is to continuously assess risk and trust even after access is extended,” said Firstbrook. “Email and network security are two examples of security domains that are moving toward a CARTA approach as solutions increasingly focus on detecting anomalies even after users and devices are authenticated.”

The full security report can be click here to register with Gartner.

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Peter Dinham

Peter Dinham is a co-founder of iTWire and a 35-year veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments