The eight top current security and risk management trends
- Published: Tuesday, 30 March 2021 07:35
Security and risk management leaders must address eight top trends to enable rapid reinvention in their organization, as COVID-19 accelerates digital business transformation and challenges traditional cyber security practices, according to Gartner, Inc. In the opening keynote at the recent virtual Gartner Security & Risk Management Summit APAC, Peter Firstbrook, research vice president at Gartner, said these trends are a response to persistent global challenges that all organizations are experiencing.
“The first challenge is a skills gap. 80 percent of organizations tell us they have a hard time finding and hiring security professionals and 71 percent say it’s impacting their ability to deliver security projects within their organizations,” said Mr. Firstbrook.
Other key challenges facing security and risk leaders in 2021 include: the complex geopolitical situation and increasing global regulations; the migration of workspaces and workloads off traditional networks; an explosion in endpoint diversity and locations; and a shifting attack environment, in particular, the challenges of ransomware and business email compromise.
Gartner’s top security and risk management trends are:
Trend 1: Cybersecurity Mesh
Cybersecurity mesh is a modern security approach that consists of deploying controls where they are most needed. Rather than every security tool running in a silo, a cybersecurity mesh enables tools to interoperate by providing foundational security services and centralized policy management and orchestration. With many IT assets now outside traditional enterprise perimeters, a cybersecurity mesh architecture allows organizations to extend security controls to distributed assets.
Trend 2: Identity-First Security
For many years, the vision of access for any user, anytime, and from anywhere (often referred to as ‘identity as the new security perimeter’) was an ideal. It has now become a reality due to technical and cultural shifts, coupled with a now majority remote workforce during COVID-19. Identity-first security puts identity at the center/centre of security design and demands a major shift from traditional LAN edge design thinking.
Trend 3: Security Support for Remote Work is Here to Stay
According to the 2021 Gartner CIO Agenda Survey, 64 percent of employees are now able to work from home. Gartner surveys indicate that at least 30-40 percent will continue to work from home post COVID-19. For many organizations, this shift requires a total reboot of policies and security tools suitable for the modern remote workspace. For example, endpoint protection services will need to move to cloud delivered services. Security leaders also need to revisit policies for data protection, disaster recovery and backup to make sure they still work for a remote environment.
Trend 4: Cyber-Savvy Board of Directors
In the Gartner 2021 Board of Directors Survey, directors rated cyber security as the second-highest source of risk for the enterprise after regulatory compliance. Large enterprises are now beginning to create a dedicated cyber security committee at the board level, led by a board member with security expertise or a third-party consultant.
Gartner predicts that by 2025, 40 percent of boards of directors will have a dedicated cyber security committee overseen by a qualified board member, up from less than 10 percent today.
Trend 5: Security Vendor Consolidation
Gartner’s 2020 CISO Effectiveness Survey found that 78 percent of CISOs have 16 or more tools in their cyber security vendor portfolio; 12 percent have 46 or more. The large number of security products in organizations increases complexity, integration costs and staffing requirements. In a recent Gartner survey, 80 percent of IT organizations said they plan to consolidate vendors over the next three years.
Trend 6: Privacy-Enhancing Computation
Privacy-enhancing computation techniques are emerging that protect data while it’s being used — as opposed to while it’s at rest or in motion — to enable secure data processing, sharing, cross-border transfers and analytics, even in untrusted environments. Implementations are on the rise in fraud analysis, intelligence, data sharing, financial services (e.g. anti-money laundering), pharmaceuticals and healthcare.
Gartner predicts that by 2025, 50 percent of large organizations will adopt privacy-enhancing computation for processing data in untrusted environments or multiparty data analytics use cases.
Trend 7: Breach and Attack Simulation
Breach and attack simulation (BAS) tools are emerging to provide continuous defensive posture assessments, challenging the limited visibility provided by annual point assessments like penetration testing. When CISOs include BAS as a part of their regular security assessments, they can help their teams identify gaps in their security posture more effectively and prioritize security initiatives more efficiently.
Trend 8: Managing Machine Identities
Machine identity management aims to establish and manage trust in the identity of a machine interacting with other entities, such as devices, applications, cloud services or gateways. Increased numbers of nonhuman entities are now present in organizations, which means managing machine identities has become a vital part of the security strategy.