While we build the 2022 agenda, explore last year's tracks built upon our latest research that addressed the challenges most critical to security, risk management and IAM leaders. These key topics kickstarted conversations around priorities and initiatives so that attendees could tackle what was most important to them.
2021 track highlights
Track A: Management & Leadership
Strategies and action plans to set expectations with teams, business and third parties
Track B: Digital Risk Management
Innovate risk management practices, prepare organizations to be resilient through the new normal and prepare for the next inevitable crisis
Track C: Security Technology and Architecture
Security markets, best practices in adopting and using technology solutions, new and emerging technologies
Spotlight Track: Identity & Access Management
Effective identity and access management (IAM) in the new normal. Improve governance and strengthen privileged access management practices to prevent breaches.
Spotlight Track: Midsize Enterprise
Pragmatic advice on overcoming resource obstacles and applying the right level of protection and risk management.
Spotlight Track: Diversity/Women in IT
Diversity and inclusion have become priorities for workplace performance and workplace culture. Security and risk management leaders must shape attitudes and behaviors to achieve true acceptance and inclusion across their teams.
View By:
Agenda / Track
Wednesday, 17 March, 2021 / 01:15 PM - 02:00 PM IST
(03:45 AM - 04:30 AM EDT)
Roundtable: Putting Your Newly Found “COVID Skills” to Work
Nader Henein, VP Analyst, Gartner
Much like learning to ride a bicycle, you don’t know you can do it till you have. Our organizations have had developed dozens of similar skills. We’ve transitioned to remote work overnight and without warning, we’ve done IT migrations to the cloud in a fraction of the time had we planned for it. We may not want to continue placing our teams under this kind of pressure, but how can we take these and other newly discovered capabilities and adapt them for the long term.
Wednesday, 17 March, 2021 / 02:45 PM - 03:15 PM IST
(05:15 AM - 05:45 AM EDT)
Technology Risk and Cybersecurity Metrics for Your Board
Srinath Sampath, Sr Director Analyst, Gartner
Reporting risk and security to your board is challenging for every organization in the Gartner client base. Executives don’t know what they need. We offer these concrete examples that share all the necessary characteristics to satisfy non-IT executives and your board.
Wednesday, 17 March, 2021 / 03:30 PM - 04:00 PM IST
(06:00 AM - 06:30 AM EDT)
Building an Information Security Workforce Strategy
Beth Schumaecker, Sr Director, Advisory, Gartner
Supporting the business during the digital era requires that Information Security staff possess a much more diverse set of skills than in the past. This Information Security Strategic Workforce Planning session will focus on building out the inputs we need to orient our planning around the skills and competencies essential for success.
Wednesday, 17 March, 2021 / 03:30 PM - 04:00 PM IST
(06:00 AM - 06:30 AM EDT)
Moving From 0 to 1: A Midsize Guide on How to Create a Formal Cybersecurity Program
Paul Furtado, Sr Director Analyst, Gartner
A midsize guide to starting a formal cybersecurity program within your business. This session is tailored for midsize organizations who are starting or have immature security programs. It is a series of pragmatic advice that can be implemented to improve security awareness and a better security posture throughout the business.
Wednesday, 17 March, 2021 / 03:30 PM - 05:15 PM IST
(06:00 AM - 07:45 AM EDT)
Research Discussion: Building Cyber Judgement in the Business
Christopher Mixter, VP, Advisory, Gartner
Zaira Pirzada, Principal, Advisory, Gartner
Majority of business decisions today have information risk implications. Without clear guidance, enterprise decision-makers may open themselves up to expensive remediation or create exposure broader than their initiative. The volume, variety and unpredictability of these decisions makes CISOs' aspirations to "facilitate" and "consult" on them impossible.
Join your peers in this interactive three-hour session to learn how to identify and execute on opportunities to drive information risk accountability out to the true owners of those risks.
The discussion will focus on answering the following questions:
- How should CISOs navigate information risk accountability when the volume and variety of business decisions with information risk implications are growing exponentially?
- How can CISOs take advantage of new IT development methodologies to identify and enable accountability by the true owners of information risk?
- What does the information security organization that effectively stewards information risk accountability look like?
Thursday, 18 March, 2021 / 11:45 AM - 12:15 PM IST
(02:15 AM - 02:45 AM EDT)
Security Organization Dynamics
Tom Scholtz, Distinguished VP Analyst, Gartner
There is no such thing as a perfect, universally appropriate model for security organizations. Every enterprise must develop its own model, taking into consideration basic principles, practical realities and the challenges of digital transformation. This presentation will address the following key issues:
. What are the trends and challenges in security organization design?
. What are the factors that influence security organization?
. What are the current best practices and contemporary conceptual design models for security organization?
Thursday, 18 March, 2021 / 01:15 PM - 01:45 PM IST
(03:45 AM - 04:15 AM EDT)
How to Tell Your Story Like a Pro
Leigh McMullen, Distinguished VP Analyst, Gartner
Whether it's in the board room or the big stage at an event like symposium, having great is just part of the equation. This session is about how to TELL your story. how to structure it for different audiences and different formats, and how to make sure your message sticks!
Thursday, 18 March, 2021 / 03:30 PM - 04:00 PM IST
(06:00 AM - 06:30 AM EDT)
Money Talks – How to Create a Defensible Data Security Strategy
Brian Lowans, Sr Director Analyst, Gartner
Any organisation that creates, stores or processes data must identify, prioritize and mitigate business and financial risks that result. Security and risk management leaders must focus on mitigating the business risks that match the risk appetite of the organisation. A data risk assessment can then demonstrate the risk mitigation effectiveness, leading to a defensible data security strategy.
Wednesday, 17 March, 2021 / 11:45 AM - 12:15 PM IST
(02:15 AM - 02:45 AM EDT)
Outlook for Risk: Technology, Information, and Resilience
Khushbu Pratap, Director Analyst, Gartner
This session walks through the state of risk management practices across technology and information exposures that influence organizational resilience. The current and future role of risk management leadership will be laid out in this session.
Wednesday, 17 March, 2021 / 11:45 AM - 12:15 PM IST
(02:15 AM - 02:45 AM EDT)
Resetting Executive Engagement, Business Context, and How We Invest in Security
Paul Proctor, Distinguished VP Analyst, Gartner
What is the right amount of security? How much should we be spending? How can this all be put in a business context? How do I satisfy the regulators? And how do we create a safer world?
Wednesday, 17 March, 2021 / 03:30 PM - 04:00 PM IST
(06:00 AM - 06:30 AM EDT)
Fraud Prevention is Killing Customer Experience
Akif Khan, Sr Director Analyst, Gartner
Consumers have unrelenting expectations for smooth and friction-free experiences when dealing with retailers and financial institutions. This is often at odds with the various antifraud mechanisms that security leaders have implemented. A new approach is required to reduce tension between CX and fraud management, and instead blend a spectrum of technologies to deliver the fluid experience that most customers want and deserve.
Thursday, 18 March, 2021 / 11:45 AM - 12:15 PM IST
(02:15 AM - 02:45 AM EDT)
Ask the Expert: How to Address Risk and Security in SaaS Agreements
Luke Ellery, Sr Director Analyst, Gartner
Risk and security teams struggle to ensure the contractual clauses in SaaS agreements protect their organization or comply with internal policy and external regulation. This session will provide insight to help you identify the key contractual clauses that must be addressed to protect your organization:
● The challenges in negotiating SaaS agreements: What can realistically be achieved?
● What are the key contract clauses and provisions to protect your data and minimize risk?
Thursday, 18 March, 2021 / 01:15 PM - 01:45 PM IST
(03:45 AM - 04:15 AM EDT)
Outlook for Privacy 2021
Nader Henein, VP Analyst, Gartner
Privacy is not slowing! Consumers continue to demand that their privacy be protected, not just respected and legislators continue to react by enacting data protection laws. It is not sufficient (or efficient) to focus on baseline compliance. This session describes the latest developments in the landscape and steps to evolve the privacy management program from focusing on compliance only to value creation in the business.
Thursday, 18 March, 2021 / 02:45 PM - 03:15 PM IST
(05:15 AM - 05:45 AM EDT)
When Worlds Collide, Converge, and Evolve: IT Security, OT Security and the Rise of Cyber-Physical Systems (CPS) Security
Katell Thielemann, VP Analyst, Gartner
A wave of cyber-physical systems with unique security considerations is emerging as a result of IT/OT convergence, IoT, IIoT, and smart infrastructure efforts alike. What should SRM leaders know and how should they prepare for a post IT-centric security world?
Thursday, 18 March, 2021 / 02:45 PM - 03:15 PM IST
(05:15 AM - 05:45 AM EDT)
Trends in Midsize Enterprise Security
Patrick Long, Principal Analyst, Gartner
Midsize enterprise (MSE) IT leaders face significant security challenges when trying to deliver IT services with small IT teams (usually fewer than 30 people) and limited IT budgets (usually less than $20 million). Join us for a discussion of the top trends that MSE IT leaders responsible for security and risk management should prioritize to stay current and proactive in protecting the organization and managing risk effectively.
Thursday, 18 March, 2021 / 02:45 PM - 03:30 PM IST
(05:15 AM - 06:00 AM EDT)
Roundtable: Lessons Learned from Recent Cybersecurity Incidents
This session will review some of the recent cybersecurity incidents with a focus on the root cause and lessons learned from the response.
Key issues explored include:
How are more advanced hackers breaching organizations?
What is the root cause of the breach?
Key lessons learned for incident response playbooks and public relations.
Thursday, 18 March, 2021 / 03:30 PM - 04:00 PM IST
(06:00 AM - 06:30 AM EDT)
Solving the Challenges of Modern Remote Access in a Post-COVID-19 World
Rob Smith, Sr Director Analyst, Gartner
This session will discuss the challenges of enabling users to access corporate resources in a post-COVID-19 world. Is always-on VPN still the right access choice or should new technologies such as ZTNA and CASB be used instead? And what about policies?
Thursday, 18 March, 2021 / 03:30 PM - 04:00 PM IST
(06:00 AM - 06:30 AM EDT)
Build an Actionable Risk Appetite Framework for Technology Risk
Srinath Sampath, Sr Director Analyst, Gartner
Most security and risk management leaders fail to shape their security programs around the executive leaders’ risk appetite — and they usually cite ignorance of the latter. What’s worse is that organizations that have risk appetite statements find them too impractical to use. This session will cover best practices on how to influence key decisions through an actionable risk appetite framework.
Thursday, 18 March, 2021 / 03:30 PM - 04:00 PM IST
(06:00 AM - 06:30 AM EDT)
Ask the Expert: Technology Solutions and Services to Address Third-Party and Vendor Risks
Joanne Spencer, Sr Director Analyst, Gartner
Luke Ellery, Sr Director Analyst, Gartner
Solutions and services to support vendor risk and security efforts continue to emerge. These solutions include integrated risk management (IRM) and security rating services (SRS). This session will discuss the market and recommendations for their use along with the emerging services and solutions best suited for vendor risk management.
Wednesday, 17 March, 2021 / 11:45 AM - 12:15 PM IST
(02:15 AM - 02:45 AM EDT)
A Pragmatic Approach to Implementing a Zero Trust Security Architecture
Neil MacDonald, Distinguished VP Analyst, Gartner
Changes in the threat landscape and ineffectiveness of current security architectures has driven an explosion of interest in zero trust security architectures. This presentation will build on the concepts of zero-trust networking and extend to operating systems, applications (including development), users and data. Topics will include the new NIST draft standard for zero trust as well as technologies and vendors providing solutions.
Wednesday, 17 March, 2021 / 11:45 AM - 12:15 PM IST
(02:15 AM - 02:45 AM EDT)
Outlook for Cloud Security
Tom Croll, Sr Director Analyst, Gartner
Cloud security remains a top priority. This presentation summarizes the problems, recommended processes, and new product types to address three key issues:
. What are the unique risks associated with public cloud service providers, and how can they be controlled?
. What are the unique security challenges of IaaS and how can they be mitigated?
. What are the unique control challenges of SaaS, and how can they be addressed?
Wednesday, 17 March, 2021 / 01:15 PM - 01:45 PM IST
(03:45 AM - 04:15 AM EDT)
Outlook for Application Security
Dale Gardner, Sr Director Analyst, Gartner
DevOps, new deployment models and technologies pose an existential threat to application security programs. But all is not lost. In this session, we'll show how — by embracing the tenets of DevOps, adopting new approaches to application security, and leveraging evolving security technologies — it's possible to achieve success in DevSecOps, with lessons learned for all development styles.
Wednesday, 17 March, 2021 / 01:15 PM - 01:45 PM IST
(03:45 AM - 04:15 AM EDT)
Outlook for Security Monitoring and Operations
John Collins, Sr Director Analyst, Gartner
Security monitoring and operations are rapidly evolving to keep up with a very dynamic threat landscape. Automation, advanced analytics and machine learning are some of the tools leveraged by security professionals to keep up with threats. This session will address these key issues:
. What trends are affecting security operations?
. What defines best-in-class security operations?
. What is the outlook for security monitoring and operations for the years ahead?
Wednesday, 17 March, 2021 / 02:45 PM - 03:15 PM IST
(05:15 AM - 05:45 AM EDT)
Strategies for Consistent Security and Compliance in a Hybrid Multicloud World
Neil MacDonald, Distinguished VP Analyst, Gartner
Most enterprises will have data centers for years to come and most have adopted a multi-cloud strategy by design. This presentation will outline strategies for the consistent management and security of a hybrid multi-cloud environment composed of physical machines, virtual machines, containers and serverless workloads.
Wednesday, 17 March, 2021 / 02:45 PM - 03:15 PM IST
(05:15 AM - 05:45 AM EDT)
Outlook for Network Security
Lawrence Orans, VP Analyst, Gartner
The cloud era is forcing network security professionals to adapt on several fronts. Enterprises are spending more on cloud-based security services, as a replacement for physical appliances in private data centers. Also, as enterprises move workloads to IaaS clouds, they are turning to micro-segmentation to secure key assets. This session will deliver key insights into these important trends.
Wednesday, 17 March, 2021 / 03:30 PM - 04:00 PM IST
(06:00 AM - 06:30 AM EDT)
The Long-Term Evolution of Endpoints Will Reshape Enterprise Security
Dionisio Zumerle, VP Analyst, Gartner
Endpoints are becoming digital consumer experience enablers that are more tightly controlled and natively fortified against attacks. Security and risk management leaders must design long-term security and investment strategies that align with this technology trend.
Thursday, 18 March, 2021 / 11:45 AM - 12:15 PM IST
(02:15 AM - 02:45 AM EDT)
Ask the Expert: DevSecOps: What Does Success Look Like?
Manjunath Bhat, Sr Director Analyst, Gartner
Ravisha Chugh, Assoc Principal Analyst, Gartner
DevSecOps promises to at last deliver effective application security — but lasting, tied to testing-oriented and gateway-focused approaches, guarantees failure. The urgent question then, is what does "success" look like? In this session we'll answer questions around the organizational process and the tool changes needed to help ensure a successful DevSecOps program and robust application security.
Thursday, 18 March, 2021 / 11:45 AM - 12:15 PM IST
(02:15 AM - 02:45 AM EDT)
The Future of Network Security Is in the Cloud: Introducing the Secure Access Service Edge
Neil MacDonald, Distinguished VP Analyst, Gartner
Digital business is turning organizations inside out. More users, data, systems and applications will be outside of the enterprise than inside. This drives a need for cloud-based delivery of networking (notably SD-WAN) and security capabilities (notably SWG) to get closer to the users that need access to the internet and their data, systems and applications that are pretty much everywhere but a central office. Here, we introduce the secure access service edge where SD-WAN, FWaaS, SWG, CASB, WAF, DNS protection and ZTNA converge over the next several years creating significant disruption in the vendor landscape and opportunities for every organization.
Thursday, 18 March, 2021 / 11:45 AM - 12:15 PM IST
(02:15 AM - 02:45 AM EDT)
Identifying and Managing Open Source Software Risks in DevSecOps Environments
Dale Gardner, Sr Director Analyst, Gartner
The nearly ubiquitous presence of open source software within applications and their supporting infrastructure introduces an array of risks, and has led to some of the most damaging security incidents on record. This session will deliver guidance on the necessary policies, processes, and tools — including software composition analysis and vulnerability assessment — necessary to identify and manage these risks.
Thursday, 18 March, 2021 / 01:15 PM - 01:45 PM IST
(03:45 AM - 04:15 AM EDT)
Outlook for Data Security
Ramon Krikken, Distinguished VP Analyst, Gartner
This session covers current trends and emerging topics in the area of data security. From databases to files, threats are rapidly evolving and countermeasures slowly follow. Planning a data-centric roadmap for security governance and security architecture is a critical component of any security and risk management program.
Thursday, 18 March, 2021 / 01:15 PM - 01:45 PM IST
(03:45 AM - 04:15 AM EDT)
Gartner's Strategic Vision for Vulnerability Management
Craig Lawson, VP Analyst, Gartner
Gartner has been evolving its guidance on how to better run vulnerability management, which is a foundational security process. This presentation will go over this new way of doing vulnerability more effectively.
. Why we made some significant changes to our guidance on this critical process?
. What does the new RBVM actually look like?
. How to bring this to life inside your own security programs?
Thursday, 18 March, 2021 / 02:45 PM - 03:15 PM IST
(05:15 AM - 05:45 AM EDT)
Outlook for Managed Security Services
Pete Shoard, Sr Director Analyst, Gartner
Managed security services are a sensible and efficient choice for many organizations, large and small to enable or augment their security operations. Gartner presents their view on the range of core services available in the market, cutting through the jargon and aligning the needs of consumers with available service types and providing predictions on the future of the market.
Thursday, 18 March, 2021 / 03:30 PM - 04:00 PM IST
(06:00 AM - 06:30 AM EDT)
The State of the IoT Network Landscape
Tim Zimmerman, VP Analyst, Gartner
Organizations must recognize the differing networking requirements for IoT use cases in order to deploy the correct network and security architecture and ecosystem, otherwise they will fail. This presentation reviews different market segments and analyzes usage scenarios to identify the network strategy needed to properly implement IoT solutions.