With the Gartner Security & Risk Management Summit kicking off in National Harbor, Maryland June 23-26, we asked Andrew Walls, research vice president at Gartner and conference chair, to share his views on the outlook for the security market and the key trends that will be discussed at the Summit this year.
Q: In advance of the Gartner Security & Risk Management Summit, what are some of the key issues you see facing the industry this year?
A: Threats and vulnerabilities ebb and flow over the decades, but in the last two years we have seen a sharp increase in the sophistication of and motivation for attacks against commercial and governmental infrastructure across the globe.
Much of what the security team does remains the same: defend the infrastructure, filter content, detect attacks, and catch errors. However, we are now dealing with government-sponsored espionage and infrastructure attacks, ideologically driven insider threats, and globally coordinated fraud. All of these threats, new and old, play out across infrastructure that is an assemblage of legacy infrastructure – both obsolete and up-to-date – and new, Internet of Things, operational technology, cloud and mobile infrastructure and services.
The fundamental complexity of the digital environment has exploded, creating myriad vulnerabilities in infrastructure, process and skill sets. Security managers are working hard and fast to build new capabilities while maintaining the security of core infrastructure, while the technology leveraged by the enterprise grows daily in complexity and novelty.
The objective remains the same – defend the enterprise – but the battle field is constantly shifting and new opponents arrive daily.
Q: With the Nexus of Forces (the convergence of social, mobile, cloud and information), what social, business and technology trends are leading to the increased threat to businesses?
A: The pressure on enterprises to deliver against organizational objectives motivates executive leaders to explore new business models and new service delivery channels and to embrace new technology to reinvigorate established channels.
Innovation in business drives an expansion in cybersecurity threats. Innovation might manifest as more use of mobile devices, service delivery through Internet of Things devices, and greater support for employees working outside of the traditional office. However, all of these innovations arrive with technological vulnerabilities and create more opportunities for employee errors that lead to major security issues. Security teams have been under pressure to deliver more services while budgets and staffing remain static. With the rise of the digital business, the challenges for the security team jump exponentially.
Q: Cybersecurity breaches have increased in scope and frequency in the last 12 months. What should security and risk leaders be looking at in regards to long term strategic planning?
A: New attacks and vulnerabilities are a fact of life. They will never go away. Security strategists must focus on enterprise resiliency. This means designing infrastructure, processes and vendor relationships for flexibility, agility and rapid recovery. Failure, at some level, is inevitable in security. The important issue is the speed of recovery and minimization of negative impact.
Although security strategy must focus on prevention and detection, it must also enable business growth and innovation, which inherently means embracing risk. Security strategists must work with enterprise leaders to define priorities for enterprise operations and enable the enterprise to progress despite attacks and breaches.
More analysis on top security trends will be provided at the Gartner Security & Risk Management Summit taking place June 10-13 in National Harbor, Maryland.
www.gartner.com
