As the COVID-19 pandemic accelerates digital business transformation and challenges traditional cybersecurity practices, security and risk management leaders must address eight trends that will help their organizations rapidly reshape, according to Gartner, a leading consulting firm.
Recently, the Gartner Security and Risk Management Summit was held online in the Asia-Pacific region. Peter? In the summit’s opening keynote, Peter Firstbrook said these trends are a response to ongoing global challenges that all business organisations encounter.
Mr. Fosterbrook said: “The first challenge is the skills gap. 80% of organizations told us they have difficulty finding and hiring security professionals; 71% said the skills gap is affecting their ability to deliver security within the organization capacity of the project.”
Security and risk leaders face other significant challenges in 2021, including a complex geopolitical landscape, increasing global regulations, migration of workplaces and workloads away from traditional networks, proliferation of endpoint diversity and locations, and changing attack environments, Ransomware and business email intrusions in particular pose challenges.
The following megatrends represent developments in business, markets and technology that are expected to have a broad impact on the industry and have the potential to disrupt the status quo.
Gartner’s top eight trends in security and risk management for 2021
Source: Gartner, March 2021
Trend 1: Cybersecurity Grid
A cybersecurity mesh is a modern approach to security that includes deploying controls where they are most needed. Instead of each security tool being used in a siloed environment, a network security mesh enables many tools to work together by providing foundational security services and centralized policy management and orchestration capabilities. With many IT assets now outside traditional corporate boundaries, the network security mesh architecture allows organizations to extend the reach of security controls to distributed assets.
Trend 2: Identity-First Security
This has been an ideal vision for years: Any user can access it anytime, anywhere (often called “identity as the new security perimeter”). This vision has become a reality thanks to technological and cultural shifts, coupled with the now-predominant remote workforce during the COVID-19 pandemic. Identity-first security puts identity at the center of security design, requiring a radical departure from traditional LAN edge design thinking.
Mr Fosterbrook said: “The SolarWinds attack showed how bad we are at managing and monitoring identities. While organisations spend a lot of money and time on multi-factor authentication, single sign-on and biometric authentication, Little money and time is spent on effectively monitoring authentication for attacks against this infrastructure.”
Trend 3: Remote work is securely supported
According to Gartner’s 2021 CIO Work Agenda Survey, 64% of employees are now able to work from home. Gartner’s survey shows that at least 30% to 40% of people will continue to work from home after the epidemic. For many organizations, this shift will require a complete rethink of policies and security tools appropriate for the modern remote workplace. For example, endpoint protection services will need to be changed to cloud-delivered services. Security leaders also need to rethink strategies for data protection, disaster recovery, and backup to ensure they still work in remote environments.
Trend #4: Network-savvy boards
In Gartner’s 2021 Board Survey, many directors ranked cybersecurity as the second-largest source of risk for businesses, after regulatory compliance. Large corporations are beginning to create a dedicated cybersecurity committee at the board level, led by board members or third-party consultants with security expertise.
Gartner predicts that by 2025, 40% of boards will have dedicated cybersecurity committees overseen by competent board members, up from less than 10% today.
Trend 5: Security Vendor Consolidation
Gartner’s 2020 Chief Information Security Officer (CISO) Effectiveness Survey found that 78% of CISOs have at least 16 tools in their cybersecurity vendor portfolio, and 12% have at least 46 tools. The sheer number of security products in an organization increases complexity, integration costs, and staffing requirements. In a recent Gartner survey, 80 percent of IT organizations said they plan to merge vendors within the next three years.
Mr. Fosterbrook said: “CISOs are eager to consolidate the many security products and vendors they deal with. Having fewer security solutions makes it easier to properly configure and respond to alerts, thereby improving the security risk profile. However, buying a This broader platform may be short-lived in terms of cost and time required to implement. We recommend focusing on long-term total cost of ownership (TCO) as a measure of success.”
Trend 6: Privacy-enhancing computing
Privacy-enhancing computing technologies are emerging that protect data while it is in use, rather than at rest or in motion, to ensure secure data processing, sharing, cross-border transfer, and analysis, even in untrusted environments Down. This technology is increasingly implemented in areas such as fraud analysis, intelligence, data sharing, financial services (such as anti-money laundering), pharmaceuticals, and healthcare.
Gartner predicts that by 2025, 50% of large organizations will adopt privacy-enhancing computing for processing data in untrusted environments or multi-party data analytics use cases.
Trend 7: Leaks and Attack Simulations
Breach and Attack Simulation (BAS) tools are available today that provide a continuous assessment of the defense posture; by contrast, annual credit assessments such as penetration testing provide limited visibility. When CISOs include BAS as part of their regular security assessments, it helps teams more effectively identify gaps in their security posture and prioritize security programs more efficiently.
Trend 8: Managing Machine Identity
Machine identity management aims to establish and manage the identity trust of machines interacting with other entities such as devices, applications, cloud services or gateways. The growing number of non-human entities in organizations now means that managing machine identities has become an important part of security strategy.