Gartner Identifies the Top Seven Security and Risk Management Trends for 2019
Announcement posted by Gartner 06 Mar 2019
6 March 2019 — Gartner, Inc. has identified seven emerging security and risk management trends that will impact security, privacy and risk leaders in the longer term.
Gartner defines “top” trends as ongoing strategic shifts in the security ecosystem that are not yet widely recognised, but are expected to have broad industry impact and significant potential for disruption.
“External factors and security-specific threats are converging to influence the overall security and risk landscape, so leaders in the space must properly prepare to improve resilience and support business objectives,” said Peter Firstbrook, research vice president at Gartner.
The top seven security and risk management trends for 2019 and beyond are:
Trend No. 1: Risk Appetite Statements Are Becoming Linked to Business Outcomes
As IT strategies become more closely aligned with business goals, the ability for security and risk management (SRM) leaders to effectively present security matters to key business decision makers gains importance. “To avoid exclusively focusing on issues related to IT-decision making, create simple, practical and pragmatic risk appetite statements that are linked to business goals and relevant to board-level decisions,” said Mr. Firstbrook. “This leaves no room for business leaders to be confused as to why security leaders were even present at strategic meetings.”
Trend No. 2: Security Operations Centres Are Being Implemented With a Focus on Threat Detection and Response
The shift in security investments from threat prevention to threat detection requires an investment in security operations centres (SOCs) as the complexity and frequency of security alerts grow. According to Gartner, by 2022, 50 percent of all SOCs will transform into modern SOCs with integrated incident response, threat intelligence and threat-hunting capabilities, up from less than 10 percent in 2015. “The need for SRM leaders to build or outsource a SOC that integrates threat intelligence, consolidates security alerts and automates response cannot be overstated,” said Mr. Firstbrook.
Trend No. 3: Data
Security Governance Frameworks Will Prioritise Data Security Investments
Data security
is a complex issue that cannot be solved without a strong understanding of the
data itself, the context in which the data is created and used, and how it is subject
to regulation. Rather than acquiring data protection products and trying to
adapt them to suit the business need, leading organisations are starting to
address data security through a data security governance framework (DSGF).
“DSGF provides a data-centric blueprint that identifies and classifies data
assets and defines data security policies. This then is used to select
technologies to minimise risk,” said Mr. Firstbrook. “The key in addressing
data security is to start from the business risk it addresses, rather than from
acquiring technology first, as too many companies do.”
Trend No. 4: Passwordless Authentication Is Achieving Market Traction
Passwordless authentication, such as Touch ID on smartphones, is starting to achieve real market traction. The technology is being increasingly deployed in enterprise applications for consumers and employees, as there is ample supply and demand for it. “In an effort to combat hackers who target passwords to access cloud-based applications, passwordless methods that associate users to their devices offer increased security and usability, which is a rare win/win for security,” said Mr. Firstbrook.
Trend No. 5:
Security Product Vendors Are Increasingly Offering Premium Skills and Training
Services
The
number of unfilled cybersecurity roles
is expected to grow from 1 million in 2018 to 1.5 million by the end of 2020,
according to Gartner. While advancements in artificial
intelligence and automation certainly reduce the need
for humans to analyse standard security alerts, sensitive and complex alerts
require the human eye. “We are starting to see vendors offer solutions that are
a fusion of products and operational services to accelerate product adoption.
Services range from full management to partial support aimed at improving
administrators’ skill levels and reducing the daily workload,” said Mr.
Firstbrook.
Trend No. 6:
Investments Being Made in Cloud Security Competencies as a Mainstream Computing
Platform
The
shift to cloud
means stretching security teams thin, as talent may be unavailable and
organisations are simply not prepared for it. Gartner estimates that the
majority of cloud security failures will be the fault of the customers through
2023. “Public cloud is a secure and viable option for many organisations, but
keeping it secure is a shared responsibility,” said Mr. Firstbrook.
“Organisations must invest in security skills and governance tools that build
the necessary knowledge base to keep up with the rapid pace of cloud development
and innovation.”
Trend No. 7: Increasing Presence of Gartner’s CARTA in Traditional Security Markets
Gartner’s continuous adaptive risk and trust assessment (CARTA) is a strategy for dealing with the ambiguity of digital business trust assessments. “Even though it’s a multiyear journey, the idea behind CARTA is a strategic approach to security that balances security friction with transaction risk. A key component to CARTA is to continuously assess risk and trust even after access is extended,” said Mr. Firstbrook. “Email and network security are two examples of security domains that are moving toward a CARTA approach as solutions increasingly focus on detecting anomalies even after users and devices are authenticated.”
Gartner clients can learn more in “Top Security & Risk Management Trends.” Visit the Gartner Digital Risk & Security hub for complimentary research and webinars.
About Gartner
Security & Risk Management Summits
Gartner
analysts will provide additional analysis on IT security trends at the Gartner
Security & Risk Management Summit 2019 taking place in Sydney.
Follow news and updates from the events on Twitter at #GartnerSEC.
Upcoming dates and locations for the 2019 Gartner Security & Risk Management Summits include:
About Gartner
Gartner, Inc. (NYSE: IT) is the world’s leading research and advisory company and a member of the S&P 500. We equip business leaders with indispensable insights, advice and tools to achieve their mission-critical priorities and build the successful organisations of tomorrow.
Our unmatched combination of expert-led, practitioner-sourced and data-driven research steers clients toward the right decisions on the issues that matter most. We are a trusted advisor and objective resource for more than 15,000 organisations in more than 100 countries — across all major functions, in every industry and organisation size.
To learn more about how we help decision makers fuel the future of business, visit www.gartner.com.