Addresses the challenges of a dispersed infrastructure.
Technology analyst firm Gartner has outlined eight security trends it suggests organisations consider as the shift to digital business continues across the globe.
At the Gartner Security & Risk Management Summit, research vice president Peter Firstbrook said these trends are a response to persistent global challenges that all organisations are experiencing.
“The first challenge is a skills gap. 80 percent of organisations tell us they have a hard time finding and hiring security professionals and 71 percent say it’s impacting their ability to deliver security projects within their organisations,” Firstbrook said.
Most of the following trends are related to access, identification and management across an increasingly dispersed infrastructure.
1 – Mesh
With many IT assets now outside traditional enterprise perimeters, a cybersecurity mesh architecture allows organisations to extend security controls to distributed assets.
It enables tools to interoperate by providing foundational security services and centralised policy management and orchestration.
2 – Identity-first
“The SolarWinds attack demonstrated that we’re not doing a great job of managing and monitoring identities,” Firstbrook said.
“While a lot of money and time has been spent on multifactor authentication, single sign-on and biometric authentication, very little has been spent on effective monitoring of authentication to spot attacks against this infrastructure.”
3 – Remote work
Some 30-40 percent of employees will continue to work from home post-pandemic, according to the 2021 Gartner CIO Agenda Survey.
For many organisations, this shift requires a total reboot of policies and security tools suitable for the modern remote workspace.
For example, endpoint protection services will need to move to cloud-delivered services, and policies for data protection, disaster recovery and backup may need updating.
4 – Cyber-Savvy Board
Today, less than 10 percent of large enterprises have dedicated cybersecurity advisory teams headed by a board member or third-party consultant.
Gartner predicts that by 2025, this number will rise to 40 percent.
5 – Vendor consolidation
A recent Gartner survey showed 80 percent of IT organisations planned to consolidate vendors over the next three years.
“CISOs are keen to consolidate the number of security products and vendors they must deal with,” Firstbrook said.
“Having fewer security solutions can make it easier to properly configure them and respond to alerts, improving your security risk posture. However, buying a broader platform can have downsides in terms of cost and the time it takes to implement. We recommend focusing on TCO over time as a measure of success.”
6 – Privacy-enhancing computation
Gartner predicted that by 2025, 50 percent of large organisations will adopt privacy-enhancing computation for processing data in untrusted environments or multiparty data analytics use cases.
Privacy-enhancing computation techniques are emerging methods that protect data while it’s being used, as opposed to while at rest or in motion.
Implementations are on the rise in fraud analysis, intelligence, data sharing, financial services (e.g. anti-money laundering), pharmaceuticals and healthcare.
7 – Breach and attack simulation
Breach and attack simulation (BAS) tools are emerging to provide continuous defensive posture assessments, as opposed to regularly scheduled penetration checks.
These tools can identify gaps in security posture more effectively and guide security initiative prioritisation.
8 – Managing machine identities
Increased numbers of nonhuman entities are now present in organisations, such as devices, applications, cloud services or gateways.
Machine identity management aims to establish and manage trust in the identity of a machine interacting with other entities.