Ability to link security risks to business goals key for security leaders: Gartner

This is necessary as IT strategies has become more closely aligned with business goals

Ability to link security risks to business goals key for security leaders: Gartner - CIO&Leader

As IT strategies become more closely aligned with business goals, the ability for security and risk management (SRM) leaders to effectively present security matters to key business decision makers gains importance, reiterates Gartner. 

The research firm has identified seven emerging security and risk management trends for 2019 that will impact security, privacy and risk leaders in the longer term. Gartner defines “top” trends as ongoing strategic shifts in the security ecosystem that are not yet widely recognized, but are expected to have broad industry impact and significant potential for disruption.

They are:

1. Risk Appetite Statements are becoming linked to business outcomes

2. Security Operations Centers are being implemented with a focus on threat detection and response

According to Gartner, by 2022, 50% of all SOCs will transform into modern SOCs with integrated incident response, threat intelligence and threat-hunting capabilities, up from less than 10% in 2015. 

3. Data security governance frameworks will prioritize data security investments

Rather than acquiring data protection products and trying to adapt them to suit the business need, leading organizations are starting to address data security through a data security governance framework (DSGF).

 4. Passwordless authentication is achieving market traction

Passwordless authentication, such as Touch ID on smartphones, is starting to achieve real market traction. The technology is being increasingly deployed in enterprise applications for consumers and employees, as there is ample supply and demand for it. 

5. Security product vendors are increasingly offering premium skills and training services 

The number of unfilled cybersecurity roles is expected to grow from 1 million in 2018 to 1.5 million by the end of 2020, according to Gartner. While advancements in artificial intelligence and automation certainly reduce the need for humans to analyze standard security alerts, sensitive and complex alerts require the human eye. 

6. Investments being made in cloud security competencies as a mainstream computing platform 

The shift to cloud means stretching security teams thin, as talent may be unavailable and organizations are simply not prepared for it. Gartner estimates that the majority of cloud security failures will be the fault of the customers through 2023. 

7. Increasing presence of Gartner’s CARTA in traditional security markets

The research firm claims its continuous adaptive risk and trust assessment (CARTA) strategy for dealing with the ambiguity of digital business trust assessments is gaining traction. “Even though it’s a multiyear journey, the idea behind CARTA is a strategic approach to security that balances security friction with transaction risk. A key component to CARTA is to continuously assess risk and trust even after access is extended,” said Peter Firstbrook, research vice president at Gartner. 


Add new comment