Gartner predict more loses ahead as the security threat move away from ownership grip of IT. The article also suggests corrective measures and the key lag points addressed by the special report.
By 2020, 60% of digital businesses will suffer major service failures due to the inability of IT security teams to manage digital risk says the ‘Cyber security at the Speed of Digital Business’ report by Gartner.
Enterprises move swiftly towards the digital to achieve their financial and effective best, Gartner in its earlier report predicted that digital would bring 41% of total entrepreneurial revenue by 2020. No doubt most of the organisations are competing in digital arena as well. But the security in ‘digital’ is a grave concern as Information Technology (IT) department that is mostly responsible for the security of systems lacks control due to lack of directly owned infrastructure and services outside. Safety and security issues keep on augmenting as the physical and technical worlds intersect for businesses.
Gartner warned the companies to expect more losses as digital risks and digital adversaries will continue to challenge organizations.
IT team will fail to manage digital risk as within two years, that is, by 2018, a quarter of, 25%, corporate data traffic will flow directly from mobile devices to the cloud, bypassing enterprise security controls, as per Gartner.
Also, by 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches, up from less than 30% in 2016, as per the study.
Gartner has identified five key areas of focus for successfully addressing cyber security in digital business:
- Leadership and Governance
- The Evolving Threat Environment
- Cyber security at the Speed of Business
- Cyber security at the New Edge
- People and Process: Cultural Change
Leadership and Governance
“Improving leadership and governance is arguably more important than developing technology tools and skills when addressing cyber security and technology risk in digital business.” quotes the report.
The digital security requires new skills and approaches along with new technologies as the delivery models, threats and technologies change rapidly. But the study found that the security department has less control as the ways to create and consume IT services evolve, such as business unit IT and citizen development.
The report highlights need to have a ‘digital risk officer’ to address the changing nature of risks and threats across IT, OT and IoT, as well as safety concerns in the era of digital business. It also stressed on the need to align the Iidentity and access management (IAM) leasers and CIO’s agenda.
The Evolving and Business
CIOs and CISOs, as per Gartner, will have to mange the increasing risk in unsanctioned adoption of cloud services (SaaS and business process as a service [BPaaS]) to keep a check on increasing risks of data breaches and financial liabilities.
With growth in digital, smart machines and artificial intelligence (AI) will pose huge future risks derived from malicious humans using or abusing them to achieve their goals.
Gartner said that CISOs and risk management leaders need to maintain appropriate security when engaging in more agile development approaches as part of a digital transformation. It suggested IAM leaders to assist and empower bimodal approaches by focusing on efforts to enable software developers through new APIs and agile methodologies.
Cyber security at the New Edge
The new edge has pushed data far from traditional data centers to the operational technologies like cloud, SaaS and things. While enterprises have focused on the adoption of SaaS applications, they have often ignored the security governance principles that would normally be applied on-premises, as per report.
CIOs and CISOs need to develop new approaches to cloud control that allow them to leverage the benefits in secure, compliant and reliable way.
People and Process: Cultural Change
Cyber security requires people, process and technology, “but the people and process have not received the same attention as the technology”. With digital business, the power technology needs to be gives to individuals, as per the report.
Gartner said that the innovation shall start and end with people, which is considered weakest link. This change is aimed to allow users to change the way in which a given system or application is used. “Security policies can not be established in a way that damages the innovative, adaptive use of systems.” quoted the report