Risk management and security trends by Gartner in 2021
In 2021, cybersecurity and its (so far) main enabler – the need for regulatory compliance – become two of the most important concerns for corporate boards. This year’s security and risk trends presented by Gartner point to ongoing changes in the security ecosystem that are not yet widely recognized, but are expected to have broad industry impact and significant potential for disruption.
- The cyber security mesh – is a modern conceptual approach to security architecture that enables the distributed enterprise to deploy and extend security where it is most needed. As COVID-19 accelerated digitization, it also accelerated the trend of distributed networks – not located behind a traditional “wall of defense.” This requires flexible, agile, scalable and composable security options.
- Boards are going cyber – with the rise of public safety breaches and increasingly complex security configurations, boards are paying more attention to cybersecurity. They recognize this as a huge risk to the enterprise and are creating dedicated committees that focus on discussing cyber security issues, often led by a board member with security experience or an outside consultant. This means that an organization’s CISO can expect increased scrutiny and expectations, along with increased support and resources.
- Consolidation of cybersecurity vendors – Companies have too many tools from too many vendors. Gartner found in its 2020 CISO Effectiveness Study that 78% of CISOs have 16 or more tools in their cyber security vendor portfolio and 12% have 46 or more. Too many security vendors results in complex security operations and increased security staffing. Most organizations see vendor consolidation as a path to lower costs and better security, with 80% of organizations interested in a vendor consolidation strategy.
- Identity Security Above All – Identity security has been considered the gold standard for some time, but because many organizations had traditional network configurations, it was not a primary focus. Now that the pandemic has forced organizations to completely (or significantly) disperse, addressing this trend has become essential. Let’s get used to the fact that the “identity security first” paradigm represents how all information workers will function, whether they are at a distance or in the office.
- Machine Identity Management as a Critical Security Function – As digital transformation progresses, the number of non-human actors in organizations is increasing, which means that machine identity management has become an essential part of security strategy. Machine identities (as opposed to human identities) include objects (i.e. containers, applications, services) and devices (mobile devices, desktops, IoT / OT devices). As the number of devices increases – establishing an enterprise-wide strategy for managing machine identities, certificates and secrets will enable the organization to better secure the digital transformation.
- Remote work is now just work. – From a security perspective, this requires a complete reboot of policies and tools and approved machines to better mitigate risk.
- Intrusion and attack simulation – A new market is emerging to help organizations validate their security posture. Breach & Attack Simulation (BAS) offers continuous testing and validation of security controls and testing an organization’s posture against external threats, and offers specialized assessments and highlights risks to high-value assets such as sensitive data.
- Privacy-Enhancing Computing – PEC, Privacy-Enhancing Computing, is a group of techniques that protect data when it is in use – as opposed to at rest or in motion – to enable secure processing, sharing, cross-border transfer and analysis of data, even in untrusted environments. This technology is rapidly evolving from academic research into real projects that deliver real value, enabling new forms of data processing and sharing with reduced risk of data security breaches.
Personally, we’re curious to see what the above ranking would look like (or, as far as I’m concerned, be advanced when it comes to technology) if not for the dramatic events of 2020. The popular joke that Covid19 is responsible for digital transformation in most enterprises is reflected in the rate of technological growth. We will certainly write about many of the above in more detail…