Published on September 16th, 2020 📆 | 7298 Views ⚑
0#GartnerSEC: Top Trends for Risk and Security Include Cloud, Automation and Privacy
The current top trends in security and risk management for threat-facing, disruption and the organization have been detailed at the Gartner Security and Risk Virtual Summit.
Speaking at the event, research VP Peter Firstbrook pointed at âmega trends that are beyond your control,â which include: the skills gap, regulation and privacy, application scale and complexity, endpoint diversity, attackers and the impact of COVID-19. He said that COVID-19 has accelerated a lot of the trends Gartner has been seeing in the last 10 years, and if your organization is mature âyouâre probably in a good space to handle COVID.â
The top eight trends he cited were as follows:
Extended Detection and Response (XDR) â Firstbrook said this tool is replacing SIEM and SOAR tools and providing organizations to be âmore operationally secure in their operations than by investing and trying to integrate a best of breed set of products.â
He said that XDR unites security tools into a common data format and make correlations between events, and gives the user an integrated incident response experience where products are combined into one. âStart prioritizing the product that you need to focus in on, so start focusing on where you think it is important to have integrated information and to do incident response,â he said.
Security Process Automation â This is a trend across products, as vendors invest in this to address the skills gap, and to make it âeasier to get repetitive tasks done.â Firstbrook recommended looking at long manual processes and ways to automate that, and to develop a playbook to know what steps to go though. Also, look for products with API and automation technology built in.
Securing Artificial Intelligence â Firstbrook said this is becoming a security and risk managerâs responsibility. âA lot of organizations have invested in AI and machine learning, but very few have looked at how that AI might be gained by a malicious attacker,â he said. He recommended looking at machine learning algorithms, and what attacks can be made against them.
Impact of Cyber on the Physical World â This includes IoT and machinery, as Firstbrook said the duties of security and risk managers become about more than traditional information security to include safety too. This includes factory machinery that is not as well protected, as well as building security where âsiegewareâ attackers lock you out of a building or mess with the HVAC system. âThese are issues that information security doesnât address, so we see organizations reorganize and put someone from infosec or cybersecurity to work across disciplines â operational security, supply chain security and product management security,â he said. âThese are all areas that need to be addressed that not necessarily are.â
Form Trust and Safety Teams â These teams form a âdigital perimeterâ which includes points where the customer interacts with your environment: your call center, website, social media, some physical presences. Firstbrook recommended forming at least a part time trust and safety team to include marketing, a brand manager, legal, privacy âand look at the environment holisticallyâ and inventory controls to organize around that
Privacy â Firstbrook said this is becoming an influential discipline of its own, as it has been a part time job of the organization in the past, but now it is becoming a full time role. âThe reason they are doing this is because organizations are concerned about financial loss, concerned about losing customers and worried about suffering from reputational damage.â
To do this efficiently, businesses should focus on assessing the data and business risk that a business has in its environment. The three areas to focus on are: consent and making sure customers opt in to share data with you, transparency so they know what youâre storing and why youâre storing it, and self-management to be able to manage and delete data.
Secure Access Service Edge (SASE) â Firstbrook said this is enabling your WAN architecture to look more like local area network (LAN) architecture. âSo how do you regain visibility and control into these applications and services that exist outside of your environment, with the users that are also outside the environment?â He recommended SASE as the way to do it, as it is the integration of network security controls with new tech like remote access technology and CASB, which merge into a single platform âto provide all of this connectivity across all of the internet, and make the internet feel like your WAN.â
Cloud Workload Protection â This is seeing a number of disruptive vendors come in, where cloud applications are protected from development to production, as we see applications built bespoke, in containers and across SaaS services. âSo you need an inventory of what they are using, where they are and what protocols are they using, and where the credentials being are stored â managing all of that has become very complex,â he said.
In conclusion, Firstbrook recommended taking a step back to âlook at the broader picture and not just at individual problems.â
Gloss