Security and risk management trends
Gartner has identified seven emerging security and risk management trends that will affect security, privacy and risk leaders in the long run.
Gartner defines "top" trends as ongoing strategic changes in the security ecosystem that are not yet widely recognized, but are expected to have a broad impact on the industry and significant potential for disruption.
"External factors and specific security threats are converging to influence the overall security and risk scenario so that area leaders must properly prepare themselves to improve resilience and support business objectives," said Peter Firstbrook, vice president from Gartner.
The seven major security and risk management trends for 2019 and beyond are:
Trend 1: Risk appetite and business areas
As IT strategies align more closely with business goals, the ability of risk and safety management (SRM) leaders to effectively present security issues to key business decision makers is important.
"To avoid focusing exclusively on IT decision-making, create simple, practical and pragmatic risk appetite statements that are tied to business goals and relevant to board-level decisions," said Mr. Firstbrook. "This leaves no room for business leaders to get confused about why security leaders were present at strategic meetings."
Trend 2: Security operations center are implemented with a focus on threat detection and response
Changing security investments from threat prevention to threat detection requires investment in Security Operations Centers (SOCs) as the complexity and frequency of security alerts increases.
According to Gartner, in 2022, 50% of all SOCs will be transformed into modern SOCs with integrated incident response, threat intelligence and threat-hunting capabilities, starting from less than 10% by 2015. "The need to SRM leaders build or outsource a SOC, which integrates intelligence against threats, consolidates security alerts and automates the response, can not be overstated, "said Firstbrook.
Trend 3: data security governance frameworks will prioritize investments in data security
Data security is a complex issue that can not be resolved without a strong understanding of the data itself, the context in which data is created and used, and how they are subject to regulation. Instead of acquiring data protection products and trying to adapt them to meet business needs, leading organizations are beginning to address data security through a Data Security Governance Framework (DSGF).
"The DSGF provides a data-centric schema that identifies and classifies data assets and defines data security policies. This, then, is used to select technologies to minimize risk, "said Mr. Firstbrook. "The key in addressing data security is to start with the business risk that it addresses, rather than acquiring the technology first, as many companies do."
Trend 4: Passwordless authentication is reaching market traction
Password-less authentication, such as the Touch ID on smartphones, is beginning to gain true traction in the marketplace. Technology is increasingly being implemented in enterprise applications for consumers and employees, as there is ample supply and demand for it. "In an effort to combat hackers targeting passwords to access cloud-based applications, passwordless methods that associate users with their devices offer greater security and usability, which is a rare good for both parties in security," said Firstbrook.
Trend 5: Security product vendors are increasingly offering premium qualification and training services
The number of unsatisfied cyber security roles is expected to grow from 1 million in 2018 to 1.5 million by the end of 2020, according to Gartner. While advances in artificial intelligence and automation certainly reduce the need for humans to analyze standard security alerts, sensitive and complex alerts require the human eye.
"We are starting to see vendors offering solutions that are a fusion of operational products and services to accelerate product adoption. Services range from full management to partial support, with the goal of improving managerial skill levels and reducing the daily workload, "said Mr. Firstbrook.