Gartner

The Future of Global Information Security

Stay Connected

Facebook LinkedIn Twitter RSS

The last ten years of information security are barely a hint to what comes next. This special report will explore the major tectonic forces at play that will change how business use of technology will be dramatically changed by rapid escalations in threat, defense and societal demands.

Download: MP3 10:48, 9.9MB

Gartner's Security 2020 Scenario Research

Prepare for 2020 by Owning Your Own Internet Security and Reliability

17 October 2013

To preserve trust in the Internet, strong enterprise coalitions should form and aim to serve the needs of their members. In Gartner's "coalition rule" scenario, CISOs and strategic planners need to protect their enterprise's Web presence, starting with participation in like-minded groups.

Expand Community and Customer Support Efforts to Deal with the 'Neighborhood Watch' Scenario

9 October 2013

In Gartner's "neighborhood watch" scenario, individuals are attackers' primary targets and governments have a limited ability to mitigate threats to citizens. Security and risk management strategists should expand and augment their customer support and outreach efforts to build communities of trust.

Build A Penalty-Proof Compliance Program to Survive the 'Regulated Risk' Scenario

10 October 2013

In Gartner's "regulated risk" scenario, enterprises are the primary target for attackers, and governments enforce strong regulations to mitigate threats. Security and risk management strategists should move aggressively toward compliance, and minimize technological and behavioral vulnerabilities.

Protect and Serve the Individual in the 2020 'Controlling Parent' Scenario

16 October 2013

In Gartner's "Controlling Parent" scenario, individuals are the focus of malicious actors and of regulation. Strategic planning leaders — including CIOs and CISOs — should plan and budget for deeper technology and service protections for customers, citizens, executives and employees.

Maverick* Research: The Surveillance State and Stalker Economy Rise From the Unholy Union of Big Data, Big Algorithms and the Internet of Things

3 October 2013

A sea change in the security space (the scope and depth of surveillance) requires a recalibration of what can be observed and by whom, and where the data ends up. (Maverick research deliberately exposes unconventional thinking and may not agree with Gartner's official positions.)

Maverick* Research: Ethics Are at the Center of the Nexus of Forces

23 September 2013

IT is often seen as amoral, but we challenge this view. Through the Nexus of Forces, corporate computing has expanded its footprint on society. CIOs should embrace the ethics of IT. (Maverick research deliberately exposes unconventional thinking and may not agree with Gartner's official positions.)

Adaptive Access Control Brings Together Identity, Risk and Context

22 August 2013

Dynamic, risk-based authentication and authorization decisions have been important in financial services for quite some time. These techniques are now expanding to mobile and enterprise, and they are using broader sources of user context that affect both security and user experience.

Maverick* Research: Living in a World Without Trust: When IT's Supply Chain Integrity and Online Infrastructure Get Pwned

5 October 2012

Enterprise IT supply chains will be targeted and compromised, forcing changes in the structure of the IT marketplace and how IT will be managed moving forward. (Maverick research deliberately exposes unconventional thinking, and may not agree with Gartner's official positions.)

Maverick* Research: Crowdsource Your Management of Operational Risk (The Supply Chain View)

5 December 2012

Traditional management of operational risk is delivering diminishing returns as the pace of business accelerates. Crowdsourcing can change how risk is managed and decisions are made. (Maverick research deliberately exposes unconventional thinking and may not agree with Gartner's official positions.)

Maverick* Research: Kill Off Security Controls to Reduce Risk

12 September 2012

Traditional security controls are increasingly ineffective and obstructive in a world where rapid technology change is driving business strategy. We need a radically new approach. (Maverick research deliberately exposes unconventional thinking and may not agree with Gartner's official positions.)

Meeting the Information Needs of the Chief Risk Officer in 2023

12 November 2012

By 2023, the CRO role will be an executive position with an operational reporting connection to the board, separate from internal audit. Operational risk will be equally important to credit and market risks, requiring new skills and driving the information needs of the role.

User Behavior Can Improve Security, but Only With Development and Practice

30 April 2013

The Nexus of Forces of cloud, social, mobile and big data erodes the effectiveness of traditional technological security controls. To mitigate risk, security teams must invest in behavioral controls that align with security objectives.

Security & Risk Management Scenario Planning, 2020

31 May 2013

Macro changes in targets and threats outside the enterprise are shaping the risk and security landscape over the next decade. Visibility into these anticipated changes will help strategic planning leaders dissect future security and risk practices and uncover new opportunities.

Prevention Is Futile in 2020: Protect Information via Pervasive Monitoring and Collective Intelligence

30 May 2013

Advanced targeted attacks make prevention-centric strategies obsolete. Securing enterprises in 2020 will require a shift to information- and people-centric security strategies, combined with pervasive internal monitoring and sharing of security intelligence.

Let Personal Data Go Without Losing Control

31 May 2013

Processing personal data is rarely a central driver of business. It has real costs and always carries risks. As organizations cease processing personal data due to forces in mobile and cloud computing, they should address this loss of control in their business strategies.

Four Strategies for Optimizing Your Security Controls in Future Scenarios

31 May 2013

Future threat environments will force security and risk leaders to create new, adaptive control environments. A structured approach — one that defines, regularly surveys and improves control effectiveness — will help teams plan and adapt to the changing landscape.

Expand Business Continuity Management Efforts to Deal With the 'Coalition Rule' Scenario

31 May 2013

In Gartner's "coalition rule" scenario, the future of security is a world where barriers to entry for malicious actors are low, and government intervention is absent or ineffective. Strategic planning leaders should expand and augment BCM efforts in alignment with explicit IT risk leadership.

Access to research documents may vary based on your subscription.