Security is becoming an increasingly important consideration for businesses, especially as a lack of proper measures could mean the difference between your organisation suffering a nasty data breach, or being able to act in a swiftly manner.
As such research firm Gartner has dedicated quite a bit of time into security, as well as risk management, trying to identify the elements and trends that CIOs and other decision makers should be aware of.
“External factors and security-specific threats are converging to influence the overall security and risk landscape, so leaders in the space must properly prepare to improve resilience and support business objectives,” explains Peter Firstbrook, research vice president at Gartner.
This brings us to their latest trends report, focusing on seven in particular that the research firm predicts will come to prominence in 2019.
The first trend focuses on communication, and in particular creating risk appetite statements. This specifically looks at how security and risk managers need to effectively link security matters to key business decision makers.
“This leaves no room for business leaders to be confused as to why security leaders were even present at strategic meetings,” Firstbrook notes.
Next is investments, with a focus on the role that security operations centres (SOCs) can play, especially when it comes to threat detection and response.
In fact Garner predicts that by 2022, 50 percent of all SOCs will transform into modern SOCs with integrated incident response, threat intelligence and threat-hunting capabilities.
Third among the research firm’s trends is data security governance frameworks (DSGF) and how they need to prioritise data security investments.
Gartner’s research also revealed that rather than acquiring data protection products and trying to adapt them to suit their businesses needs, leading organisations are starting to address data security through a data security governance framework.
“DSGF provides a data-centric blueprint that identifies and classifies data assets and defines data security policies. This then is used to select technologies to minimise risk,” adds Firstbrook.
As for the fourth trend, it looks as if passwordless authentication is beginning to gain traction in Gartner’s view. This as touch ID and similar biometric options found on smartphones are having a pervasive effect on the enterprise side of things.
“In an effort to combat hackers who target passwords to access cloud-based applications, passwordless methods that associate users to their devices offer increased security and usability, which is a rare win/win for security,” says Firstbrook.
Next is the offering of premium skills and training services from security product vendors. This is because the number of unfilled cybersecurity roles is expected to swell to 1.5 million by the end of 2020, and as such will require employees to gain the required knowledge to fill said roles.
“We are starting to see vendors offer solutions that are a fusion of products and operational services to accelerate product adoption,” notes Firstbrook.
The sixth trend according to Gartner is a more concerted effort to invest in cloud security competencies. This as the firm identified is down to the fact that security teams are being spread thin as more businesses are making the shift to the cloud for all their requirements.
“Public cloud is a secure and viable option for many organisations, but keeping it secure is a shared responsibility,” says Firstbrook. “Organisations must invest in security skills and governance tools that build the necessary knowledge base to keep up with the rapid pace of cloud development and innovation,” he continues.
The final trend for 2019 just so happens to be one that Gartner developed, with their CARTA model being more heavily adopted when trying to deal with ambiguous digital business trust assessments.
“Even though it’s a multiyear journey, the idea behind CARTA is a strategic approach to security that balances security friction with transaction risk,” explains Firstbrook. “A key component to CARTA is to continuously assess risk and trust even after access is extended,” he concludes.