Story image

Gartner’s top security and risk management trends

07 Mar 2019

Gartner has identified seven emerging security and risk management trends that will impact security, privacy and risk leaders in the longer term.

Gartner defines “top” trends as ongoing strategic shifts in the security ecosystem that are not yet widely recognised, but are expected to have broad industry impact and significant potential for disruption.

Gartner research vice president Peter Firstbrook says, “External factors and security-specific threats are converging to influence the overall security and risk landscape, so leaders in the space must properly prepare to improve resilience and support business objectives.”

The top security and risk management trends for 2019 and beyond are:

Risk appetite statements are becoming linked to business outcomes

As IT strategies become more closely aligned with business goals, the ability for security and risk management (SRM) leaders to effectively present security matters to key business decision makers gains importance.

“To avoid exclusively focusing on issues related to IT-decision making, create simple, practical and pragmatic risk appetite statements that are linked to business goals and relevant to board-level decisions,” says Firstbrook.

“This leaves no room for business leaders to be confused as to why security leaders were even present at strategic meetings.”

Security operations centres are being implemented with a focus on threat detection and response

The shift in security investments from threat prevention to threat detection requires an investment in security operations centres (SOCs) as the complexity and frequency of security alerts grow.

According to Gartner, by 2022, 50% of all SOCs will transform into modern SOCs with integrated incident response, threat intelligence and threat-hunting capabilities, up from less than 10% in 2015.

“The need for SRM leaders to build or outsource a SOC that integrates threat intelligence, consolidates security alerts and automates response cannot be overstated,” says Firstbrook.

Data security governance frameworks will prioritise data security investments

Data security is a complex issue that cannot be solved without a strong understanding of the data itself, the context in which the data is created and used, and how it is subject to regulation. Rather than acquiring data protection products and trying to adapt them to suit the business need, leading organisations are starting to address data security through a data security governance framework (DSGF).

“DSGF provides a data-centric blueprint that identifies and classifies data assets and defines data security policies. This then is used to select technologies to minimise risk,” says Firstbrook. “The key in addressing data security is to start from the business risk it addresses, rather than from acquiring technology first, as too many companies do.”

Passwordless authentication is achieving market traction

Passwordless authentication, such as Touch ID on smartphones, is starting to achieve real market traction.

The technology is being increasingly deployed in enterprise applications for consumers and employees, as there is ample supply and demand for it.

“In an effort to combat hackers who target passwords to access cloud-based applications, passwordless methods that associate users to their devices offer increased security and usability, which is a rare win/win for security,” says Firstbrook.

Security product vendors are increasingly offering premium skills and training services

The number of unfilled cybersecurity roles is expected to grow from 1 million in 2018 to 1.5 million by the end of 2020, according to Gartner.

While advancements in artificial intelligence and automation certainly reduce the need for humans to analyse standard security alerts, sensitive and complex alerts require the human eye.

“We are starting to see vendors offer solutions that are a fusion of products and operational services to accelerate product adoption. Services range from full management to partial support aimed at improving administrators’ skill levels and reducing the daily workload,” says Firstbrook.

Investments being made in cloud security competencies as a mainstream computing platform

The shift to cloud means stretching security teams thin, as talent may be unavailable and organisations are simply not prepared for it.

Gartner estimates that the majority of cloud security failures will be the fault of the customers through 2023.

“Public cloud is a secure and viable option for many organisations, but keeping it secure is a shared responsibility,” says Firstbrook.

“Organisations must invest in security skills and governance tools that build the necessary knowledge base to keep up with the rapid pace of cloud development and innovation.”

SingleRAN Pro: Combining simplicity and openness for a 5G future
Huawei's SingleRAN Pro solution supposedly offers an open, simplified networking concept to help operators roll out commercial 5G networks.
Gartner recognizes Huawei's data center networking expertise
The Gartner Peer Insights Customers’ Choice analyzes more than 200,000 reviews across more than 300 markets posted to Gartner Peer Insights. 
How Huawei aims to enhance IP networks
'We believe that the intelligent IP networks built with the four-engine series products can continuously empower users with business intelligence."
Earth Day 2019: How tech firms can support our planet's wellbeing
Six industry experts explain how they - and other tech organisations - can positively contribute to the wellbeing of our earth.
CyrusOne signs up three new senior execs for Europe
CyrusOne has appointed three new senior hires in its growing Europe-based team, including a new area vice president, engineering solutions director, and business development manager.
Dell EMC’s six server market trends
As the evolution of cloud-based computing continues, it is important to know what’s ahead to stay ahead of the market.
Park Place Technologies hires new EMEA managing director
Post-warranty data centre maintenance company Park Place Technologies has recruited Sean Sears as its new managing director for Europe, the Middle East and Africa.
Huawei FusionServer Pro built for 'intelligent transformation'
The next generation X86 servers draw on an intelligent acceleration engine, an intelligent management ending, and intelligent data center solutions for ‘diverse’ scenarios as transformation shifts from digital to intelligent.