Security, once merely a small part of enterprise IT, is now a significant function, crucial for organisational success. This has elevated the role of security and risk management (SRM) leaders, who are currently faced with the difficult task of protecting their organisations from harmful cyber attacks and tougher regulators with increased expectations, says Peter Firstbrook, research vice president at Gartner.
"Security and risk management leaders have operated in the shadows for a long time. Now it's their opportunity to shine. If they exploit emerging trends and build a strong security programme, they can keep their organisation safe and significantly elevate their standing."
Gartner has identified five major upcoming security and risk management trends, along with some of their key impacts.
The spotlight is on
Firstly, senior business executives are finally aware that cyber security has a significant impact on the ability to achieve business goals and protect the corporate reputation.
Therefore, SRM leaders should capitalise on this increased attention and work closely with business stakeholders to link security strategy with business initiatives, advises Firstbrook.
This is also a perfect opportunity to address skill shortages and increase professional development of the internal security workforce, he adds.
"When speaking with senior executives, an important, but often neglected aspect is the language barrier. Speak the language of the business and don't lose yourself in technical terms when you deal with the C-suite."
Regulations enforce change
Secondly, legal and regulatory mandates on data protection practices are impacting digital business plans and demanding increased emphasis on data liabilities.
The rise of data breaches forces enterprises to comply with an increasingly complex legal and regulatory environment, including Europe's General Data Protection Regulation, explains Firstbrook.
Data is both an asset and a potential liability, he notes. Digital business plans must weigh both and seek innovative solutions to lower costs and potential liabilities.
"Leading organisations are focused on how a compliance programme can act as a business enabler. The message SRM leaders must communicate to CEOs is that data protection has both costs and risk but can also be used as a business differentiator," he elaborates.
Security moves to the cloud
Thirdly, security products are rapidly exploiting cloud delivery to provide more agile solutions.
Enterprise security organisations are getting buried under the maintenance burden of legacy security solutions, says Firstbrook. Cloud-delivered security products are more agile and can implement new detection methods and services faster than on-site solutions, he adds.
But not all cloud security services are created equal, and exploiting the cloud is more than moving legacy management servers to the cloud, Firstbrook stresses.
SRM leaders should look for solutions that take full advantage of cloud scale, increased data telemetry, staff augmentation, machine learning, API-based access, and other services and products that are disruptive to the status quo, says Gartner.
Machine learning becomes the watchdog
Fourthly, machine learning (ML) is providing value in simple tasks and elevating suspicious events for human analysis.
By 2025, ML will be a normal part of security practice and will offset some skills and staffing shortfalls, says Gartner. In its current state, ML is better at addressing narrow and well-defined problem sets, such as classifying executable files, says Firstbrook.
Today it is difficult to unpack the difference between marketing and good ML, he adds. SRM leaders should focus on how artificial intelligence makes their product superior in terms of efficacy and administrative requirements. However, they should keep in mind that ML requires human assistance, he cautions.
Origin beats pricing
Lastly, dangerous concentrations of digital power are driving decentralisation efforts at several levels in the ecosystem, says Gartner.
The recent US government bans against Russian-based security products and Chinese smartphones are only the latest results of a growing distrust of the influence of competitive world powers in cyber space, says Firstbrook.
Organisations that deal with government agencies should be especially sensitive to the geo-political demands of their upstream and downstream business relationships, he adds.
All security and product buying decisions are based on trust in the integrity of the supplier, notes Firstbrook. SRM leaders should start to incorporate geopolitical risk in all business-critical software, hardware and services purchasing decisions and, where necessary, consider local alternatives, he concludes.
Share