Tuesday, 23 March, 2021 / 10:45 AM - 11:15 AM AEDT
(Monday, 22 March, 2021 / 07:45 PM - 08:15 PM EDT)
Richard Addiscott, Sr Director Analyst, Gartner
Securing investment from executives for a security awareness program depends on persuasive justification and strong negotiation skills. Support for awareness programs can be dismissed or deprioritized as larger projects impacting bottom-line performance compete for attention. This presentation will cover the three ways that you can gain organizational support for your security awareness program.
Tuesday, 23 March, 2021 / 01:45 PM - 02:15 PM AEDT
(Monday, 22 March, 2021 / 10:45 PM - 11:15 PM EDT)
Christie Struckman, VP Analyst, Gartner
Gender imbalance is stagnating if not getting worse in many IT organizations. The challenge is not just hiring more women, it’s also not losing them. Leaders can support the women in IT by creating, curating and managing a pipeline program. Creating an inclusive environment also means confronting behaviors that marginalize women.
Tuesday, 23 March, 2021 / 01:45 PM - 02:15 PM AEDT
(Monday, 22 March, 2021 / 10:45 PM - 11:15 PM EDT)
Srinath Sampath, Sr Director Analyst, Gartner
Reporting risk and security to your board is challenging for every organization in the Gartner client base. Executives don’t know what they need. We offer these concrete examples that share all the necessary characteristics to satisfy non-IT executives and your board.
Tuesday, 23 March, 2021 / 02:30 PM - 03:00 PM AEDT
(Monday, 22 March, 2021 / 11:30 PM - 12:00 AM EDT)
Paul Furtado, Sr Director Analyst, Gartner
A midsize guide to starting a formal cybersecurity program within your business. This session is tailored for midsize organizations who are starting or have immature security programs. It is a series of pragmatic advice that can be implemented to improve security awareness and a better security posture throughout the business.
Tuesday, 23 March, 2021 / 02:30 PM - 03:00 PM AEDT
(Monday, 22 March, 2021 / 11:30 PM - 12:00 AM EDT)
Beth Schumaecker, Sr Director, Advisory, Gartner
Supporting the business during the digital era requires that Information Security staff possess a much more diverse set of skills than in the past. This Information Security Strategic Workforce Planning session will focus on building out the inputs we need to orient our planning around the skills and competencies essential for success.
Wednesday, 24 March, 2021 / 10:45 AM - 11:15 AM AEDT
(Tuesday, 23 March, 2021 / 07:45 PM - 08:15 PM EDT)
Tom Scholtz, Distinguished VP Analyst, Gartner
There is no such thing as a perfect, universally appropriate model for security organizations. Every enterprise must develop its own model, taking into consideration basic principles, practical realities and the challenges of digital transformation. This presentation will address the following key issues:
. What are the trends and challenges in security organization design?
. What are the factors that influence security organization?
. What are the current best practices and contemporary conceptual design models for security organization?
Wednesday, 24 March, 2021 / 10:45 AM - 11:15 AM AEDT
(Tuesday, 23 March, 2021 / 07:45 PM - 08:15 PM EDT)
Brian Lowans, Sr Director Analyst, Gartner
Any organisation that creates, stores or processes data must identify, prioritize and mitigate business and financial risks that result. Security and risk management leaders must focus on mitigating the business risks that match the risk appetite of the organisation. A data risk assessment can then demonstrate the risk mitigation effectiveness, leading to a defensible data security strategy.
Wednesday, 24 March, 2021 / 01:45 PM - 02:15 PM AEDT
(Tuesday, 23 March, 2021 / 10:45 PM - 11:15 PM EDT)
Sam Olyaei, Director Analyst, Gartner
Security and risk management leaders are often treated as scapegoats in cases of breach. By the same token, digital business has propelled security and risk to become a boardroom issue, business units have increased their expectations (and demand) of their leadership, and regulatory demands are often challenging. This session will shed light on the leadership traits that aide in a successful and balanced approach between the demands of the business and the effectiveness of the leader.
Wednesday, 24 March, 2021 / 02:30 PM - 03:00 PM AEDT
(Tuesday, 23 March, 2021 / 11:30 PM - 12:00 AM EDT)
David Gregory, Sr Director Analyst, Gartner
The information security profession is growing at a rate of 37% through 2022. Organizations need to ensure that they recruit, develop and retain the right talent to keep up with this demand. This presentation explores how organizations will need to extend diversity, flex recruitment strategies and create the right organizational culture to recruit, grow and retain the best talent.
Wednesday, 24 March, 2021 / 02:30 PM - 03:00 PM AEDT
(Tuesday, 23 March, 2021 / 11:30 PM - 12:00 AM EDT)
Sam Olyaei, Director Analyst, Gartner
Looking past the immediate implications of the current health and economic crisis, organizations are ill prepared to confront the impact on their services and goals. As economic uncertainty settles in and working environments become more difficult, leaders must create a cost-optimization plan to aid their organizations in navigating past this challenging turn, especially as it relates to security and risk management. This session will equip leaders with the information necessary to make a decision on where the balance between running the business and protecting the business shall be.
Tuesday, 23 March, 2021 / 10:45 AM - 11:15 AM AEDT
(Monday, 22 March, 2021 / 07:45 PM - 08:15 PM EDT)
Khushbu Pratap, Director Analyst, Gartner
This session walks through the state of risk management practices across technology and information exposures that influence organizational resilience. The current and future role of risk management leadership will be laid out in this session.
Tuesday, 23 March, 2021 / 02:30 PM - 03:00 PM AEDT
(Monday, 22 March, 2021 / 11:30 PM - 12:00 AM EDT)
Edward Weinstein, Sr Director Analyst, Gartner
Vendor risk management isn’t just required in highly regulated industries, it's good practice in all industries. But today’s approaches are mired in lengthy and complex assessment surveys that span a variety of threats and risks. This session will discuss how to improve and enhance your model for managing vendor risks.
. Why is vendor risk management important now?
. What are the current best practices in a vendor risk-management life cycle?
. How can we improve the efficiency and value of our vendor risk-management programs?
Wednesday, 24 March, 2021 / 12:15 PM - 12:45 PM AEDT
(Tuesday, 23 March, 2021 / 09:15 PM - 09:45 PM EDT)
Rob Smith, Sr Director Analyst, Gartner
This session will discuss the challenges of enabling users to access corporate resources in a post-COVID-19 world. Is always-on VPN still the right access choice or should new technologies such as ZTNA and CASB be used instead? And what about policies?
Wednesday, 24 March, 2021 / 01:45 PM - 02:15 PM AEDT
(Tuesday, 23 March, 2021 / 10:45 PM - 11:15 PM EDT)
Nader Henein, VP Analyst, Gartner
Privacy is not slowing! Consumers continue to demand that their privacy be protected, not just respected and legislators continue to react by enacting data protection laws. It is not sufficient (or efficient) to focus on baseline compliance. This session describes the latest developments in the landscape and steps to evolve the privacy management program from focusing on compliance only to value creation in the business.
Tuesday, 23 March, 2021 / 10:45 AM - 11:15 AM AEDT
(Monday, 22 March, 2021 / 07:45 PM - 08:15 PM EDT)
Steve Riley, Sr Director Analyst, Gartner
Cloud security remains a top priority. This presentation summarizes the problems, recommended processes, and new product types to address three key issues:
. What are the unique risks associated with public cloud service providers, and how can they be controlled?
. What are the unique security challenges of IaaS and how can they be mitigated?
. What are the unique control challenges of SaaS, and how can they be addressed?
Tuesday, 23 March, 2021 / 10:45 AM - 11:15 AM AEDT
(Monday, 22 March, 2021 / 07:45 PM - 08:15 PM EDT)
Lawrence Orans, VP Analyst, Gartner
The cloud era is forcing network security professionals to adapt on several fronts. Enterprises are spending more on cloud-based security services, as a replacement for physical appliances in private data centers. Also, as enterprises move workloads to IaaS clouds, they are turning to micro-segmentation to secure key assets. This session will deliver key insights into these important trends.
Tuesday, 23 March, 2021 / 12:15 PM - 12:45 PM AEDT
(Monday, 22 March, 2021 / 09:15 PM - 09:45 PM EDT)
Pete Shoard, Sr Director Analyst, Gartner
Managed security services are a sensible and efficient choice for many organizations, large and small to enable or augment their security operations. Gartner presents their view on the range of core services available in the market, cutting through the jargon and aligning the needs of consumers with available service types and providing predictions on the future of the market.
Tuesday, 23 March, 2021 / 12:15 PM - 12:45 PM AEDT
(Monday, 22 March, 2021 / 09:15 PM - 09:45 PM EDT)
Dale Gardner, Sr Director Analyst, Gartner
DevOps, new deployment models and technologies pose an existential threat to application security programs. But all is not lost. In this session, we'll show how — by embracing the tenets of DevOps, adopting new approaches to application security, and leveraging evolving security technologies — it's possible to achieve success in DevSecOps, with lessons learned for all development styles.
Tuesday, 23 March, 2021 / 12:15 PM - 12:45 PM AEDT
(Monday, 22 March, 2021 / 09:15 PM - 09:45 PM EDT)
John Collins, Sr Director Analyst, Gartner
Security monitoring and operations are rapidly evolving to keep up with a very dynamic threat landscape. Automation, advanced analytics and machine learning are some of the tools leveraged by security professionals to keep up with threats. This session will address these key issues:
. What trends are affecting security operations?
. What defines best-in-class security operations?
. What is the outlook for security monitoring and operations for the years ahead?
Tuesday, 23 March, 2021 / 01:45 PM - 02:15 PM AEDT
(Monday, 22 March, 2021 / 10:45 PM - 11:15 PM EDT)
Steve Riley, Sr Director Analyst, Gartner
Zero-trust network access (ZTNA), sometimes called software-defined perimeters (SDP), replaces traditional technologies and eliminates the need to extend excessive trust. Instead, it provides adaptive, identity-aware, precision access that improves flexibility, agility and scalability, while offering a consistent experience regardless of who the user is or where they are.
. What is ZTNA, exactly, and why is it suddenly so popular?
. What are the benefits and the common emerging use cases?
. What can we expect it to evolve into as it matures?
Tuesday, 23 March, 2021 / 02:30 PM - 03:00 PM AEDT
(Monday, 22 March, 2021 / 11:30 PM - 12:00 AM EDT)
Rob Smith, Sr Director Analyst, Gartner
Endpoints security challenges are rising to new levels of complexity as the definition blurs across clouds, BYO, workstations, mobile, wearable, “things” and pure software. This session will address:
. The evolution of device security to a single Unified Endpoint Security (UES) solution
. The evolution of network security from on-premise to cloud based since devices are frequently accessing cloud based services.
. The evolution of modern data protection for devices including VDI, encryption, and DRM
Wednesday, 24 March, 2021 / 10:45 AM - 11:15 AM AEDT
(Tuesday, 23 March, 2021 / 07:45 PM - 08:15 PM EDT)
Neil MacDonald, Distinguished VP Analyst, Gartner
Digital business is turning organizations inside out. More users, data, systems and applications will be outside of the enterprise than inside. This drives a need for cloud-based delivery of networking (notably SD-WAN) and security capabilities (notably SWG) to get closer to the users that need access to the internet and their data, systems and applications that are pretty much everywhere but a central office. Here, we introduce the secure access service edge where SD-WAN, FWaaS, SWG, CASB, WAF, DNS protection and ZTNA converge over the next several years creating significant disruption in the vendor landscape and opportunities for every organization.
Wednesday, 24 March, 2021 / 10:45 AM - 11:15 AM AEDT
(Tuesday, 23 March, 2021 / 07:45 PM - 08:15 PM EDT)
Mark Horvath, Sr Director Analyst, Gartner
Tools play a crucial role in DevSecOps, but even the best tool is no good if no one uses it. This session goes over five cultural practices the most successful teams use to move from DevOps to DevSecOps, without slowing everything down.
Wednesday, 24 March, 2021 / 12:15 PM - 12:45 PM AEDT
(Tuesday, 23 March, 2021 / 09:15 PM - 09:45 PM EDT)
Ramon Krikken, Distinguished VP Analyst, Gartner
This session covers current trends and emerging topics in the area of data security. From databases to files, threats are rapidly evolving and countermeasures slowly follow. Planning a data-centric roadmap for security governance and security architecture is a critical component of any security and risk management program.
Wednesday, 24 March, 2021 / 12:15 PM - 12:45 PM AEDT
(Tuesday, 23 March, 2021 / 09:15 PM - 09:45 PM EDT)
Craig Lawson, VP Analyst, Gartner
Gartner has been evolving its guidance on how to better run vulnerability management, which is a foundational security process. This presentation will go over this new way of doing vulnerability more effectively.
. Why we made some significant changes to our guidance on this critical process?
. What does the new RBVM actually look like?
. How to bring this to life inside your own security programs?
Wednesday, 24 March, 2021 / 12:15 PM - 12:45 PM AEDT
(Tuesday, 23 March, 2021 / 09:15 PM - 09:45 PM EDT)
Tim Zimmerman, VP Analyst, Gartner
Organizations must recognize the differing networking requirements for IoT use cases in order to deploy the correct network and security architecture and ecosystem, otherwise they will fail. This presentation reviews different market segments and analyzes usage scenarios to identify the network strategy needed to properly implement IoT solutions.
Wednesday, 24 March, 2021 / 01:45 PM - 02:15 PM AEDT
(Tuesday, 23 March, 2021 / 10:45 PM - 11:15 PM EDT)
Neil MacDonald, Distinguished VP Analyst, Gartner
Changes in the threat landscape and ineffectiveness of current security architectures has driven an explosion of interest in zero trust security architectures. This presentation will build on the concepts of zero-trust networking and extend to operating systems, applications (including development), users and data. Topics will include the new NIST draft standard for zero trust as well as technologies and vendors providing solutions.
Wednesday, 24 March, 2021 / 01:45 PM - 02:15 PM AEDT
(Tuesday, 23 March, 2021 / 10:45 PM - 11:15 PM EDT)
Michael Kelley, Sr Director Analyst, Gartner
As a security framework, all elements of CARTA can be applied to any technology. For access management, this includes concepts like continuous authentication and continuous authorization, applying dynamic (always being evaluated) approaches to access management. In this approach, adaptive and contextual authentication, as well as leveraging session management as a control plane, and UEBA as for visibility, will allow a near-real-time response to a variety of AM issues, including credential theft, session hijacking and others.
Wednesday, 24 March, 2021 / 02:30 PM - 03:00 PM AEDT
(Tuesday, 23 March, 2021 / 11:30 PM - 12:00 AM EDT)
David Mahdi, Sr Director Analyst, Gartner
In a world of cloud, does infrastructure security matter? As organizations move more services to the cloud, the problem shifts to managing user access and data. Attend this session to learn about emerging trends on the convergence of cloud, identity and data security, as well as best practices regarding cloud security, that you can leverage now.
Wednesday, 24 March, 2021 / 02:30 PM - 03:00 PM AEDT
(Tuesday, 23 March, 2021 / 11:30 PM - 12:00 AM EDT)
John Watts, Sr Director, Analyst, Gartner
"Zero trust" has emerged as a popular buzzword for the security industry in 2020. Security and risk management leaders need help cutting through the vendor hype for practical advice on how to succeed including:
- Practical implementations of zero trust.
- What problems it solves, but more importantly, what it doesn't.
- Real-world implementation feedback from clients.
Wednesday, 24 March, 2021 / 02:30 PM - 03:00 PM AEDT
(Tuesday, 23 March, 2021 / 11:30 PM - 12:00 AM EDT)
Manjunath Bhat, Sr Director Analyst, Gartner
DevSecOps promises to at last deliver effective application security — but lasting, tied to testing-oriented and gateway-focused approaches, guarantees failure. The urgent question then, is what does "success" look like? In this session we'll answer questions around the organizational process and the tool changes needed to help ensure a successful DevSecOps program and robust application security.
Tuesday, 23 March, 2021 / 12:15 PM - 12:45 PM AEDT
(Monday, 22 March, 2021 / 09:15 PM - 09:45 PM EDT)
Felix Gaehtgens, VP Analyst, Gartner
An introduction for privileged access management: Why Is PAM Such a Crucial Piece of Any Security Program? How Should You Leverage PAM? How can you raise your security posture by using a just-in-time PAM and Zero Standing Privileges Approach?
Tuesday, 23 March, 2021 / 01:45 PM - 02:15 PM AEDT
(Monday, 22 March, 2021 / 10:45 PM - 11:15 PM EDT)
David Mahdi, Sr Director Analyst, Gartner
IAM encompasses workforce, partner, citizen and customer identities and access, to manage risk and enable desired business outcomes. Decentralized identity, CARTA, fraud management and autonomous governance will drive opportunities and challenges for IAM leaders in 2020 and beyond. Key Issues:
. What does a successful IAM program look like in 2020?
. How can IAM quickly deliver real business value, improve customer retention and support cyber defense against fraud?
. How predictive and autonomous IAM governance will play a role in modern challenges in compliance and privileged access management?
. How will passwordless and decentralized identity disrupt old business models for authentication and access management?