The last ten years of information security are barely a hint to what comes next. This special report will explore the major tectonic forces at play that will change how business use of technology will be dramatically changed by rapid escalations in threat, defense and societal demands.
17 October 2013
To preserve trust in the Internet, strong enterprise coalitions should form and aim to serve the needs of their members. In Gartner's "coalition rule" scenario, CISOs and strategic planners need to protect their enterprise's Web presence, starting with participation in like-minded groups.
9 October 2013
In Gartner's "neighborhood watch" scenario, individuals are attackers' primary targets and governments have a limited ability to mitigate threats to citizens. Security and risk management strategists should expand and augment their customer support and outreach efforts to build communities of trust.
10 October 2013
In Gartner's "regulated risk" scenario, enterprises are the primary target for attackers, and governments enforce strong regulations to mitigate threats. Security and risk management strategists should move aggressively toward compliance, and minimize technological and behavioral vulnerabilities.
16 October 2013
In Gartner's "Controlling Parent" scenario, individuals are the focus of malicious actors and of regulation. Strategic planning leaders — including CIOs and CISOs — should plan and budget for deeper technology and service protections for customers, citizens, executives and employees.
3 October 2013
A sea change in the security space (the scope and depth of surveillance) requires a recalibration of what can be observed and by whom, and where the data ends up. (Maverick research deliberately exposes unconventional thinking and may not agree with Gartner's official positions.)
23 September 2013
IT is often seen as amoral, but we challenge this view. Through the Nexus of Forces, corporate computing has expanded its footprint on society. CIOs should embrace the ethics of IT. (Maverick research deliberately exposes unconventional thinking and may not agree with Gartner's official positions.)
22 August 2013
Dynamic, risk-based authentication and authorization decisions have been important in financial services for quite some time. These techniques are now expanding to mobile and enterprise, and they are using broader sources of user context that affect both security and user experience.
5 October 2012
Enterprise IT supply chains will be targeted and compromised, forcing changes in the structure of the IT marketplace and how IT will be managed moving forward. (Maverick research deliberately exposes unconventional thinking, and may not agree with Gartner's official positions.)
5 December 2012
Traditional management of operational risk is delivering diminishing returns as the pace of business accelerates. Crowdsourcing can change how risk is managed and decisions are made. (Maverick research deliberately exposes unconventional thinking and may not agree with Gartner's official positions.)
12 September 2012
Traditional security controls are increasingly ineffective and obstructive in a world where rapid technology change is driving business strategy. We need a radically new approach. (Maverick research deliberately exposes unconventional thinking and may not agree with Gartner's official positions.)
12 November 2012
By 2023, the CRO role will be an executive position with an operational reporting connection to the board, separate from internal audit. Operational risk will be equally important to credit and market risks, requiring new skills and driving the information needs of the role.
30 April 2013
The Nexus of Forces of cloud, social, mobile and big data erodes the effectiveness of traditional technological security controls. To mitigate risk, security teams must invest in behavioral controls that align with security objectives.
31 May 2013
Macro changes in targets and threats outside the enterprise are shaping the risk and security landscape over the next decade. Visibility into these anticipated changes will help strategic planning leaders dissect future security and risk practices and uncover new opportunities.
30 May 2013
Advanced targeted attacks make prevention-centric strategies obsolete. Securing enterprises in 2020 will require a shift to information- and people-centric security strategies, combined with pervasive internal monitoring and sharing of security intelligence.
31 May 2013
Processing personal data is rarely a central driver of business. It has real costs and always carries risks. As organizations cease processing personal data due to forces in mobile and cloud computing, they should address this loss of control in their business strategies.
31 May 2013
Future threat environments will force security and risk leaders to create new, adaptive control environments. A structured approach — one that defines, regularly surveys and improves control effectiveness — will help teams plan and adapt to the changing landscape.
31 May 2013
In Gartner's "coalition rule" scenario, the future of security is a world where barriers to entry for malicious actors are low, and government intervention is absent or ineffective. Strategic planning leaders should expand and augment BCM efforts in alignment with explicit IT risk leadership.