The Gartner Security & Risk Management Summit 2015 in Washington DC was no snooze fest. Quite the contrary. It’s just I don’t usually plan for security threats five years in advance. I’m engaged today. With the event infogram, "By 2020, 25% of global enterprises will engage the services of a “cyberwar mercenary” organization." I can’t think of anyone who doesn’t already. And, their prediction by 2020 that 60% of digital businesses will face major failures, because their security teams are unable to effectively face digital risks from state sponsored attacks and advanced malware. The percentage today is actually higher. 60% represents an improvement. Cisco CEO, John Chambers, puts the number at 100%.
To summarize Leon Panetta’s Gartner Security Summit keynote:
Security and risk professionals need to start addressing risks now to protect an organization in the future.
I really think it should be:
Security and risk professionals need to address risks immediately to ensure an organization has a future.
Security & Risk Management is Everybody’s Business
I hope I’m not sounding critical. I’m passionate about the topic. I also assume we’re under attack at all times.
The Gartner Security Summit does a great job in elevating security awareness. Organizations need to be more proactive around security. This may mean making changes today, like:
- Ensure your incident response plan is ready
- Automate user provisioning and account terminations
- Deploy active monitoring technology throughout your systems
- Engage your workforce with security communication and training
Clearly, we all agree. The security mission goes far beyond the IT department. One noticeable indicator is the attendees who no longer are exclusively security professionals. Two years ago, this was not the case. People from almost any line of business you can think of now attend. Participants focus is on protecting their data and information. They want access on any device they choose. The security mission now involves professionals from every part of an enterprise. All employees, consultants, suppliers and partners benefit from knowing best practices that protect an organization.
Critical Security & Risk Management Trends
As noted at the Gartner Security Summit, the information security industry is at a key inflection point. Multiple simultaneous trends are occurring that place tremendous stress on existing infrastructure. First, there’s a shift to externalize and open business processes to outsiders. Anywhere anytime access to systems from any device, is a trend called consumerization. In particular, people want to bring their own device (BYOD) and use their personal equipment. Although this creates savings, it places challenges on existing security information infrastructure.
Another important trend is the shift to cloud computing. Whether you leverage infrastructure as a service and move a data center to the cloud. Or, access SaaS applications such as Saleforce.com or Office 365, the cloud adds risks. The cloud, consumerization and externalization make an organization more vulnerable to security breaches.
Two other trends getting attention at the Gartner Security Summit are the industrialization and nationalization of hackers. Industrialization meaning hackers no longer just deploy mass random attacks. They are going after targets. They go after specific intellectual property, data, and secrets. Industrialization stems from another trend called
nationalization. This means efforts are funded at the nation state level. The combination results in a level of advanced complexity.
Information security must evolve to support the changing demands of the business as well as the evolving threat environment. One of the most significant changes is a shift in thinking about information security not as a set of siloed hardware products, but rather as a set of software based security controls that you can put in hardware if you need to, or inside a virtual appliance, machine, data center, or wherever. Identity and access management represents a key control for prevention, detection and response activities.
Enable user provisioning software rapid planning, strategic decision-making, and technology innovation. Jump start your user provisioning and identity management initiative. Learn from IT security experts and address the challenges that derail projects.