While we build the 2021 agenda, explore last year's tracks built upon our latest research that addressed the challenges most critical to security, risk management and IAM leaders. These key topics kickstarted conversations around priorities and initiatives so that attendees could tackle what was most important to them.
2020 track highlights
Track A: Management & Leadership
Strategies and action plans to set expectations with teams, business and third parties
Track B: Digital Risk Management
Innovate risk management practices, prepare organizations to be resilient through the new normal and prepare for the next inevitable crisis
Track C: Security Technology & Architecture
Security markets, best practices in adopting and using technology solutions, new and emerging technologies
Track D: Identity & Access Mangement
Effective identity and access management (IAM) in the new normal. Improve governance and strengthen privileged access management practices to prevent breaches.
CISO Circle
Specifically for CISOs. Advance leadership opportunities and learn how to prioritize business objectives with cutting-edge advice from a variety of experts.
Midsize Enterprise
Pragmatic advice on overcoming resource obstacles and applying the right level of protection and risk management.
Diversity/Women in IT
Shape attitudes and behaviors to achieve true acceptance and inclusion across teams.
Technical Insights (GTP)
Pragmatic steps to advance your security and risk initiatives.
View By:
A look back at 2020's agenda
Monday, September 14, 2020 / 11:30 AM - 12:00 PM EDT
Welcome and Keynote: Balance Risk, Trust and Opportunity in an Uncertain World
Jeffrey Wheatman, VP Analyst, Gartner
The pandemic, trade disputes, economic uncertainty: the environment our enterprises operate in are becoming increasingly unpredictable. Greater uncertainty results in greater risk. However, turmoil also presents opportunity, and digitalization offers innovative means for navigating uncertainty. As a security and risk leader, you must establish and maintain the ability of your organization to function as a trusted participant in the digital economy.
Monday, September 14, 2020 / 12:15 PM - 12:45 PM EDT
DevSecOps: What Does Success Look Like?
Dale Gardner, Sr Director Analyst, Gartner
DevSecOps promises to at last deliver effective application security — but lasting ties to testing-oriented, gateway-focused approaches guarantee failure. The urgent question then, is what does "success" look like? In this session we'll examine the organizational, process, and tool changes needed to help ensure a successful DevSecOps program and robust application security.
Monday, September 14, 2020 / 12:15 PM - 12:45 PM EDT
Top Security Projects for 2020-2021
Security and risk management leaders should implement or improve upon these top 10 security projects in 2020. Any security project must be supported by technology, address the changing needs of cybersecurity and reduce risk by adopting a CARTA strategic approach with all security projects.
Monday, September 14, 2020 / 12:15 PM - 12:45 PM EDT
Ask the Expert: Everything You Always Wanted to Know About Privacy (But Were Afraid to Ask)
Bernard Woo, Sr Director Analyst, Gartner
In this session, attendees MUST bring questions, even when afraid. Although Gartner is not in the business of determining what is compliant and what is not, foundational privacy insights can be shared between participants. Some suggestions for questions:
- What's purposeful processing?,
- How to shape a positive Privacy UX?,
- Where is privacy going in the world?
End users only, registration required
Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this conference.
Monday, September 14, 2020 / 12:15 PM - 12:45 PM EDT
Use Risk, Value and Cost to Change Executive Priorities and Investments in Security
Paul Proctor, Distinguished VP Analyst, Gartner
Cybersecurity should balance the need to protect against the need to achieve desired business outcomes. This balance can best be achieved through risk-optimized decisions in a business context that meet stakeholder needs and expectations. SecQuilibrium is the right balance between the needs to protect and the needs to run your business.
Monday, September 14, 2020 / 01:45 PM - 02:15 PM EDT
The Economics of Cyber Security: Using the ‘Dismal Science’ to Make Better Security Decisions
Tom Scholtz, Distinguished VP Analyst, Gartner
Economics is called “the dismal science” because scarce resources mean not every need can be met. As a security and risk leader with unlimited challenges and limited resources, you face difficult decisions about what to prioritize. Is there a better way to balance digital business opportunity against cyber risk? What are the opportunity costs of your security investments? How can you articulate the business value of security? If you treat data as a financial asset, can economic models help you make more effective investment decisions? In this keynote, we’ll look at how looking at security and risk dilemmas through the lens of economics can help you make better decisions. We will also discuss trends in security spending, and introduce new tools, models and concepts to help you understand the impact of tradeoffs, improve cost optimization and evaluate where resources will have the greatest impact on security and the business.
Monday, September 14, 2020 / 01:45 PM - 02:15 PM EDT
Ask the Expert: How to Create a Culture of Inclusivity for Women
Christie Struckman, VP Analyst, Gartner
Creating an environment where women feel not only accepted but respected does not happen unless leaders make it a priority. This session will explore strategies and actions that leaders can take to ensure women feel they are equally able to thrive in your organization.
Monday, September 14, 2020 / 02:30 PM - 03:00 PM EDT
Leadership Vision for Security and Risk Management 2021
Jay Heiser, VP Analyst, Gartner
Roberta Witty, VP Analyst, Gartner
The challenges to security and risk management programs range from governmental/political intervention to digital business adoption to the impact of organizational culture of running a business. Security and Risk Management (SRM) leaders must develop a coherent program based on a clear vision and strategy. This presentation will address:
. What constitutes an effective vision and strategy for SRM leaders?
. What are the elements of a SRM program?
. What are the drivers shaping SRM strategy in 2020-2021?
Tuesday, September 15, 2020 / 11:00 AM - 11:30 AM EDT
Guest Keynote: Communicating Complex Ideas in a Complex Time: An Interview with Neil deGrasse Tyson
Neil deGrasse Tyson, Astrophysicist, Cosmologist, Planetary Scientist, Author, and Science Communicator,
As a security, risk or IAM leader, you face a myriad of challenges. You must anticipate new cybersecurity threats and disruptive technologies, address the ongoing implications of COVID-19 and build resilience in a world where nothing is certain. The foundations for success are built on effective communication. In this keynote interview, renowned astrophysicist and science communicator, Neil deGrasse Tyson shows how to break down complex ideas into smaller sound-bites in order to bring people with different perspectives together and drive compelling communication. Join us as deGrasse Tyson draws upon cosmic perspectives to help us all communicate better and find joy in uncertain times
Tuesday, September 15, 2020 / 11:45 AM - 12:15 PM EDT
Ask the Expert: How Do You Establish a Defensible Data Security Budget?
Brian Lowans, Sr Director Analyst, Gartner
This session will give you a chance to ask questions such as: How can a data security governance strategy create business support? What are the practical steps to implement data security by deploying a risk assessment? How can a risk assessment architect a successful data security strategy with an appropriate budget?
Tuesday, September 15, 2020 / 11:45 AM - 12:15 PM EDT
Building an Information Security Workforce Strategy
Beth Schumaecker, Sr Director, Advisory, Gartner
Supporting the business during the digital era requires that Information Security staff possess a much more diverse set of skills than in the past. This Information Security Strategic Workforce Planning session will focus on building out the inputs we need to orient our planning around the skills and competencies essential for success.
Tuesday, September 15, 2020 / 11:45 AM - 12:15 PM EDT
Technology Risk and Cybersecurity Metrics for Your Board
Srinath Sampath, Sr Director Analyst, Gartner
Reporting risk and security to your board is challenging for every organization in the Gartner client base. Executives don’t know what they need. We offer these concrete examples that share all the necessary characteristics to satisfy non-IT executives and your board.
Tuesday, September 15, 2020 / 11:45 AM - 12:30 PM EDT
Roundtable — Establish, Maintain and Evolve a Privacy Program: What Not to Miss
Matt Chinn, Principal, Research, Gartner
Since the advent of the GDPR in the EU, organizations have no way evading the privacy topic anymore. Today over 60 jurisdictions follow a similar setup, including Brazil, India, Japan and the U.S. Many organizations find they have to start from scratch, and they're all in different stages. Are you establishing the program? Ready to maintain, or evolving it? In this session participants share experiences and best practices, or pitfalls to avoid (end users only).
Tuesday, September 15, 2020 / 11:45 AM - 12:30 PM EDT
Roundtable: Women in IT — Elevate Your Game for Strategic Impact
Mary Mesaglio, Distinguished VP Analyst, Gartner
Although women make up nearly half of the global workforce, women are only 31% of IT employees. Unlike other professions where women have made significant strides to reach leadership positions, only 22% of IT leaders are women. This Roundtable discussion will explore the questions:
1) What holds women back from attaining leadership roles in IT?
2) What keys to success can we learn from women CIOs and from female senior business executives in technology companies?
3) What changes are being tried to better attract, retain and promote women in IT?
Tuesday, September 15, 2020 / 12:30 PM - 01:00 PM EDT
Money Talks – How to Create a Defensible Data Security Strategy
Brian Lowans, Sr Director Analyst, Gartner
Any organisation that creates, stores or processes data must identify, prioritize and mitigate business and financial risks that result. Security and risk management leaders must focus on mitigating the business risks that match the risk appetite of the organisation. A data risk assessment can then demonstrate the risk mitigation effectiveness, leading to a defensible data security strategy.
Tuesday, September 15, 2020 / 12:30 PM - 01:00 PM EDT
How Leaders Can Support Women in IT
Christie Struckman, VP Analyst, Gartner
Gender imbalance is stagnating if not getting worse in many IT organizations. The challenge is not just hiring more women, it’s also not losing them. Leaders can support the women in IT by creating, curating and managing a pipeline program. Creating an inclusive environment also means confronting behaviors that marginalize women.
Tuesday, September 15, 2020 / 12:30 PM - 01:15 PM EDT
Roundtable: DevSecOps Security Coaching, Supporting Successful Developer Security Outcomes
Mark Horvath, Sr Director Analyst, Gartner
A guiding principle in DevSecOps is to make the developer successful at security by matching resources to the developer environment. Coaches are an important but often overlooked part of the developer ecosystem. Share best practices about successful coaching for security and some of the ways to improve security outcomes.
Tuesday, September 15, 2020 / 02:00 PM - 02:30 PM EDT
Outlook for Security Talent, Careers, and People
David Gregory, Sr Director Analyst, Gartner
The information security profession is growing at a rate of 37% through 2022. Organizations need to ensure that they recruit, develop and retain the right talent to keep up with this demand. This presentation explores how organizations will need to extend diversity, flex recruitment strategies and create the right organizational culture to recruit, grow and retain the best talent.
Tuesday, September 15, 2020 / 02:00 PM - 02:30 PM EDT
CISO Circle: CISO Effectiveness - The Four Facets of the CISO Role
Daria Kirilenko, Sr Director, Research, Gartner
William Candrick, Director, Research, Gartner
The digital business has propelled security and risk to become a boardroom issue. Together with a democratization of information risk decision making and an increasingly complex regulatory environment they drive a change in the way CISOs approach their roles. This session will discuss four facets of the CISO role and give you an opportunity to ask questions about our latest research around CISO effectiveness.
Tuesday, September 15, 2020 / 02:00 PM - 02:30 PM EDT
When It Comes to Security Metrics, Context Is More Important Than Content
Jeffrey Wheatman, VP Analyst, Gartner
Useful and actionable security metrics continue to be elusive. Program leaders often share what they have rather than what they should. Maybe we have been going about it the wrong way. Maybe, the problem isn’t what you tell your stakeholders, but rather the way you tell them.
. What are the biggest challenges in reporting security metrics?
. Why context is more important than the actual metrics?
. What can leaders do to provide the proper level of context and drive action?
Tuesday, September 15, 2020 / 02:00 PM - 02:45 PM EDT
Roundtable: Combating the Insider — Understanding the Real Threat
Paul Furtado, Sr Director Analyst, Gartner
The biggest threat to any business walks through the front door every day! In this session, we will discuss how to combat the insider threat and what tools and tactics need to be used to secure the business. This session is ideal for organizations with minimal or immature insider threat mitigation programs.
Tuesday, September 15, 2020 / 02:30 PM - 03:15 PM EDT
Roundtable: Metrics That Matter for Midsize Enterprise Security
Patrick Long, Principal Analyst, Gartner
Many midsize enterprise security teams are having trouble defining what security metrics they should be tracking. What metrics actually drive outcomes? Are your metrics targeting the correct audience? Are your outsourced security services providing you the right metrics? Join us for this MSE specific session to help get rid of the noise and find what works best for your organization.
Tuesday, September 15, 2020 / 02:45 PM - 03:15 PM EDT
The Diversity Dilemma
Debra Christmas, Sr Executive Partner, Gartner
As organizations work to address the ongoing diversity issue in tech, there remains an intense focus on the lack of gender diversity. Despite being half of the workforce, women are grossly underrepresented. Add race and ethnicity to the mix and the numbers are abysmal. This session will talk about current issues and will present concrete actions for moving the dial.
Tuesday, September 15, 2020 / 02:45 PM - 03:15 PM EDT
Five Steps to Creating a Simple Business-Aligned Cybersecurity Strategy
Jeffrey Wheatman, VP Analyst, Gartner
Everyone knows how important strategic planning is for success and yet it is an immense challenge … for pretty much everyone. Join us to learn a simple approach that can be used to create a simple story that links security program activities to business goals in a way the drives better decisions.
. What makes a good strategy?
. What kind of narratives work?
. What does a sample strategy look like?
Wednesday, September 16, 2020 / 11:45 AM - 12:15 PM EDT
Ask the Expert: The Impact of Privacy on Vendor Selection and Control
Bart Willemsen, VP Analyst, Gartner
Modern day privacy tilts the business case for compliance, and losing customers is easier than ever before. GDPR in Europe, Brazil's LGPD, India's PDP and California's CCPA are only a few examples of over 60 jurisdictions worldwide. This brings privacy on the procurement table. Typical questions that might be asked in this “Ask the Expert” session include:
- How do I decide who to collaborate with?
- What should I mind when entering into a processing agreement?
Please note: Attendees should come prepared to ask questions and contribute to the discussion. Available to end users only, preregistration is required. Spaces are limited.
Wednesday, September 16, 2020 / 11:45 AM - 12:15 PM EDT
Fighting Ransomware in Midsize Enterprises
Paul Furtado, Sr Director Analyst, Gartner
Ransomware continues to wreak havoc in businesses globally. This session provides some insights on how to best protect your business and how to recover in the event you are compromised. We will discuss best practices and some "no cost" activities to help thwart the bad actors.
Wednesday, September 16, 2020 / 11:45 AM - 12:15 PM EDT
Security Organization Dynamics
Tom Scholtz, Distinguished VP Analyst, Gartner
There is no such thing as a perfect, universally appropriate model for security organizations. Every enterprise must develop its own model, taking into consideration basic principles, practical realities and the challenges of digital transformation. This presentation will address the following key issues:
. What are the trends and challenges in security organization design?
. What are the factors that influence security organization?
. What are the current best practices and contemporary conceptual design models for security organization?
Wednesday, September 16, 2020 / 11:45 AM - 12:30 PM EDT
Roundtable: Top 10 Ways Successful Women Increase Their Visibility (Women in IT)
Beth Schumaecker, Sr Director, Advisory, Gartner
Dorota Pietruszewska, Director, Advisory, Gartner
Increasing your visibility is important for advancing your career. In this session, we will review ten things that highly successful women say they do in order to increase their visibility throughout the company, industry and technical community. Participants will discuss how you have seen this play out in your organization and share additional ideas that have worked for you.
Wednesday, September 16, 2020 / 12:30 PM - 01:00 PM EDT
Security Program 101: First Step — Pick a Framework
Richard Addiscott, Sr Director Analyst, Gartner
Security and risk management leaders are often faced with the continuous challenge of developing and (re)shaping their cybersecurity program strategy based on changing business needs and risk appetite. To complement this, leaders are often tasked with picking a defensible framework that aligns with an appropriate controls catalog based on repeatable and scalable processes. However, Gartner Research continues to show a cultural disconnect between foundational elements of program management and changing business needs. This presentation will define the basic elements of a security program , describes the differences between each layer, and tie them into an overall strategy planning process that will ensure a defensible security program that facilitates business needs.
Wednesday, September 16, 2020 / 12:30 PM - 01:00 PM EDT
Five Cost-Optimization Techniques Security and Risk Leaders Must Use in Uncertain Times
Sam Olyaei, Director Analyst, Gartner
Looking past the immediate implications of the current health and economic crisis, organizations are ill prepared to confront the impact on their services and goals. As economic uncertainty settles in and working environments become more difficult, leaders must create a cost-optimization plan to aid their organizations in navigating past this challenging turn, especially as it relates to security and risk management. This session will equip leaders with the information necessary to make a decision on where the balance between running the business and protecting the business shall be.
Wednesday, September 16, 2020 / 02:00 PM - 02:30 PM EDT
Moving From 0 to 1: A Midsize Guide on How to Create a Formal Cybersecurity Program
Paul Furtado, Sr Director Analyst, Gartner
A midsize guide to starting a formal cybersecurity program within your business. This session is tailored for midsize organizations who are starting or have immature security programs. It is a series of pragmatic advice that can be implemented to improve security awareness and a better security posture throughout the business.
Wednesday, September 16, 2020 / 02:00 PM - 02:30 PM EDT
Developing an Agile Cybersecurity Program for the Post-COVID-19 World: Lessons Learned From the Pandemic
Tom Scholtz, Distinguished VP Analyst, Gartner
In the post-COVID-19 renewal phase, enterprises are rapidly adopting new digital technologies to help reset their business strategies. This results in new cybersecurity risks and challenges. Cybersecurity programs must react to this new reality — they must become much more agile to help manage the risk inherent in this seismic shift to digitalization, and also become better prepared for the next global shock. This presentation shares practical advice on how to reengineer security programs to become agile.
Wednesday, September 16, 2020 / 02:00 PM - 02:45 PM EDT
Roundtable: Improving Collaboration Between Security & Risk Management and I&O
Roger Williams, VP Analyst, Gartner
Both Security & Risk Management and I&O Leaders rank the collaboration between their teams as critical to their success, yet differing objectives and cultures can make working together challenging. Join other Security & Risk Management Leaders to discuss ways to strengthen the relationship with I&O to improve organizational resiliency and adaptability.
Wednesday, September 16, 2020 / 02:30 PM - 03:15 PM EDT
CISO Circle: How to Have an Engaging Conversation With Your CEO/Board About Risk
Leigh McMullen, Distinguished VP Analyst, Gartner
It is now common practice for boards of directors/CEOs to require periodic reporting and event-based updates on the state of security and risk management in an enterprise. Developing and communicating an effective message that balances the need to protect with the need to run your business is critical. However, there is a big disconnect between what security and risk leaders are presenting to executives and what they actually care about. Join us in this session to discuss tools and narratives to get CEOs/Boards to the table and to keep them engaged.
Wednesday, September 16, 2020 / 02:45 PM - 03:15 PM EDT
Security Vendor Consolidation Trends: Should You Pursue a Consolidation Strategy?
John Watts, Sr Director, Analyst, Gartner
This session will reveal the recent Gartner 2020 survey on security vendor consolidation trends and provide insights on how organizations should be thinking about a security vendor consolidation vs a best of breed strategy today. Attendees will receive practical advice on strategy risks, vendor rationalization techniques, and guidance for strategy execution.
Wednesday, September 16, 2020 / 02:45 PM - 03:15 PM EDT
Ask the Expert: Moving from 0 to 1: A Midsize Guide on How to Create a Formal Cybersecurity Program
Paul Furtado, Sr Director Analyst, Gartner
A midsize guide to starting a formal cybersecurity program within your business. This session is tailored for midsize organizations who are starting or have immature security programs. It is a series of pragmatic advice that can be implemented to improve security awareness and a better security posture throughout the business.
Thursday, September 17, 2020 / 11:00 AM - 11:30 AM EDT
Keynote — Crisis Culture Hacking: How to Keep Your Employees Sane Over the Long Haul
Mary Mesaglio, Distinguished VP Analyst, Gartner
If you feel like your team is demotivated and could use a shot of morale, you’re not alone. Leaders are being asked to rally employees to carry the enterprise through perhaps the most challenging business conditions they have ever encountered. In this environment, leaders can use crisis culture hacking to keep employees positive and motivated. This keynote session shows you how.
Thursday, September 17, 2020 / 11:45 AM - 12:15 PM EDT
The State of Artificial Intelligence in Security and Risk Management
Jeremy D'Hoinne, VP Analyst, Gartner
This session covers why everyone speaks about how artificial intelligence might solve security and risk management challenges, but struggle when asked to provide a concrete example. It will show examples of what we call AI today, explain how it can be useful but also its limitations, and explain what to look for.
Thursday, September 17, 2020 / 11:45 AM - 12:15 PM EDT
The Key Drivers for an Effective Security and Risk Leader
Sam Olyaei, Director Analyst, Gartner
Security and risk management leaders are often treated as scapegoats in cases of breach. By the same token, digital business has propelled security and risk to become a boardroom issue, business units have increased their expectations (and demand) of their leadership, and regulatory demands are often challenging. This session will shed light on the leadership traits that aide in a successful and balanced approach between the demands of the business and the effectiveness of the leader.
Thursday, September 17, 2020 / 11:45 AM - 12:30 PM EDT
Roundtable: The Key Challenges You Face When Securing OT
Wam Voster, Sr Director Analyst, Gartner
Initially, security incidents only occurred in IT but the world has seen attacks in OT as well. Organizations need to implement security in OT to protect this domain from these attacks. This will ensure not only an uninterrupted operation, but also that no harm to people and the environment occurs. What are organizations doing to address this? Is the maturity of OT security at par with IT security?
Thursday, September 17, 2020 / 12:30 PM - 01:00 PM EDT
Security Program Governance Best Practices for Digital Transformation
Tom Scholtz, Distinguished VP Analyst, Gartner
Effective governance should be a cornerstone of security programs and ineffective governance is the most common cause of failure. Security and risk leaders need to implement governance capabilities that support accountability, authority, risk management and assurance. This presentation will share strategies for establishing effective, adaptive security governance to enable digital transformation.
Thursday, September 17, 2020 / 12:30 PM - 01:00 PM EDT
Three Ways to Gain Support for Your Security Awareness Program
Securing investment from executives for a security awareness program depends on persuasive justification and strong negotiation skills. Support for awareness programs can be dismissed or deprioritized as larger projects impacting bottom-line performance compete for attention. This presentation will cover the three ways that you can gain organizational support for your security awareness program.
Thursday, September 17, 2020 / 02:00 PM - 02:30 PM EDT
Top Trends in Security and Risk Management
Peter Firstbrook, VP Analyst, Gartner
"Top trends" highlights ongoing strategic shifts in the security ecosystem that aren't yet widely recognized, but are expected to have broad industry impact and significant potential for disruption. This presentation will describe the most significant trends in security and risk management and how leading organizations are taking advantage of these trends. Key issues explored will include:
. Top technological improvements in the security product landscape
. Trends in creating a top notch security organization
. Long-term trends that will influence security strategy
Thursday, September 17, 2020 / 02:00 PM - 02:30 PM EDT
How to Tell Your Story Like a Pro
Leigh McMullen, Distinguished VP Analyst, Gartner
Whether it is in the boardroom or the big stage at an event like symposium, having great is just part of the equation. This session is about how to tell your story. How to structure it for different audiences and different formats, and how to make sure your message sticks!
Thursday, September 17, 2020 / 02:00 PM - 02:30 PM EDT
Beyond Agility to Antifragility in Turbulent Times
Dave Aron, Distinguished VP Analyst, Gartner
To succeed in the times of uncertainty and volatility, being holistically agile throughout the enterprise, and going beyond agility to anti-fragility, becomes an existential requirement. Agile project and operational methodologies are only small pieces of the solution.
Thursday, September 17, 2020 / 02:00 PM - 02:45 PM EDT
Roundtable: Are CISOs Ready to Be Board Members?
Sam Olyaei, Director Analyst, Gartner
Cyber security is increasingly a topic of discussion at the board level, with over 80% of directors required to routinely discuss cybersecurity in the boardroom, yet 66% of directors lack confidence in their companies’ cybersecurity program. This lack of confidence undermines the board’s fiduciary duty with an obvious solution to get more CISO’s in to board positions, however this is not yet happening. Join this roundtable to discuss where CISO’s are ready to be board members.
Thursday, September 17, 2020 / 02:30 PM - 03:15 PM EDT
Roundtable: What Works and What Doesn't in Security Outsourcing
Toby Bussa, VP Analyst, Gartner
This session will discuss what can be outsourced, what has worked well when outsourced to security services providers and the lessons learned where outsourcing hasn't been successful.
Thursday, September 17, 2020 / 02:45 PM - 03:15 PM EDT
When Ransomware Becomes Siegeware
Wam Voster, Sr Director Analyst, Gartner
Many buildings have become Smart Buildings. Connected systems for air conditioning, heating, access control are now being connected to networks and the internet to allow for optimization, energy efficiency, and remote facility management. What would happen if these systems are infected with ransomware? What can SRM Leaders do to address this?
Thursday, September 17, 2020 / 02:45 PM - 03:15 PM EDT
Cybersecurity 2030: A Look Ahead
Toby Bussa, VP Analyst, Gartner
This session will take a look at what security and risk management will look like in 10 years. What will be the same? What will change? What will you need to start thinking about now to be prepared in the future?
Monday, September 14, 2020 / 12:15 PM - 12:45 PM EDT
Outlook for Risk: Technology, Information and Resilience
Khushbu Pratap, Director Analyst, Gartner
This session walks through the state of risk management practices across technology and information exposures that influence organizational resilience. The current and future role of risk management leadership will be laid out in this session.
Monday, September 14, 2020 / 01:45 PM - 02:15 PM EDT
Outlook for Privacy 2021
Nader Henein, VP Analyst, Gartner
Privacy is not slowing! Consumers continue to demand that their privacy be protected, not just respected and legislators continue to react by enacting data protection laws. It is not sufficient (or efficient) to focus on baseline compliance. This session describes the latest developments in the landscape and steps to evolve the privacy management program from focusing on compliance only to value creation in the business.
Monday, September 14, 2020 / 02:15 PM - 03:00 PM EDT
Roundtable: Can You Train Your Employees to Use SaaS Safely?
Jay Heiser, VP Analyst, Gartner
SaaS is a self-service model that is mostly out of IT's control, which has lead to endless exposures of sensitive data, audit frustrations, and cost overrun. Who is in charge of SaaS governance, and what policies, processes and products can they use to help their organizations use SaaS more responsibly. This session will be an opportunity for attendees to share their experiences with what works, and what doesn't.
Monday, September 14, 2020 / 02:30 PM - 03:00 PM EDT
Vendor Risk Management Is Now a Must-Have Discipline
Edward Weinstein, Sr Director Analyst, Gartner
Vendor risk management isn’t just required in highly regulated industries, it's good practice in all industries. But today’s approaches are mired in lengthy and complex assessments that span a variety of threats and risks. This session will discuss how to improve and enhance your model for managing vendor risks. How can we improve the efficiency and value of our vendor risk-management program?
Tuesday, September 15, 2020 / 11:45 AM - 12:15 PM EDT
How to Respond to the 2020 Threat Landscape
Jonathan Care, Sr Director Analyst, Gartner
The threat landscape is a moving target. Attack campaigns might hit multiple organizations, but each enterprise should analyze its own threat landscape. Security and risk management leaders should gain baseline knowledge on:
. Optimizing Prediction and Prevention
. Knowing When Detection is Required
. Preparing to Respond When Things go Wrong
Tuesday, September 15, 2020 / 11:45 AM - 12:15 PM EDT
COVID-19 as a Resilience Game Changer: How the World Will Never Be the Same
Roberta Witty, VP Analyst, Gartner
The COVID-19 pandemic has shown how focus on efficiency has greatly hampered pandemic response and continuity of operations. The result is a dearth of organizational resilience. This session will present the lessons learned that every organization must now integrate into operations so that panic and chaos don't take over again during crisis situations.
Tuesday, September 15, 2020 / 12:30 PM - 01:00 PM EDT
Model Your Risk Assessment on the Digital Business Runway
Jie Zhang, VP Analyst, Gartner
Digital transformation relies heavily on new technology adoptions. While organizations innovate and create values through digital business, a set of new risks are emerging. These emerging risks require security and risk leaders' special attention. This session equips you with a model to assess the emerging risks.
Tuesday, September 15, 2020 / 12:30 PM - 01:00 PM EDT
How to Address Risk and Security in SaaS Agreements
Luke Ellery, Sr Director Analyst, Gartner
Risk and security teams struggle to ensure the contractual clauses in SaaS agreements protect their organization or comply with internal policy and external regulation. This session will provide insight to help you identify the key contractual clauses that must be addressed to protect your organization:
● The challenges in negotiating SaaS agreements: What can realistically be achieved?
● What are the key contract clauses and provisions to protect your data and minimize risk?
Tuesday, September 15, 2020 / 02:00 PM - 02:30 PM EDT
Digital Business Requires a Delicate Balance in Risk Culture: What's Yours Like?
Srinath Sampath, Sr Director Analyst, Gartner
To succeed at digital business, organizations need to make bold & innovative business choices while simultaneously protecting their business outcomes. The culture of the organization - specifically as it relates to risk-taking - is a significant yet underutilized driver. This session will cover how to build a risk culture that powers your digital future.
Tuesday, September 15, 2020 / 02:00 PM - 02:30 PM EDT
How to Write a Recovery Plan
Roberta Witty, VP Analyst, Gartner
Recovery plans vary in quality and quantity based on their age ("We have a plan that is five years old"), the experience of the team developing the plan, the type of automation being used or not and more. This session will present best practices for developing recovery plans that actually work in a business disruption.
Tuesday, September 15, 2020 / 02:00 PM - 02:30 PM EDT
Ask the Expert: Technology Solutions and Services to Address Third-Party and Vendor Risks
Edward Weinstein, Sr Director Analyst, Gartner
Solutions and services to support vendor risk and security efforts continue to emerge. These solutions include integrated risk management (IRM) and security rating services (SRS). This session will discuss the market and recommendations for their use along with the emerging services and solutions best suited for vendor risk management.
Tuesday, September 15, 2020 / 02:45 PM - 03:15 PM EDT
Maturing Business Continuity Programs
David Gregory, Sr Director Analyst, Gartner
Continuous improvement of business continuity plans is essential to ensure that they continue to reflect the organizational needs and priorities. This session will show how to develop, grow and benchmark your resilience program.
Wednesday, September 16, 2020 / 11:45 AM - 12:15 PM EDT
Solving the Challenges of Modern Remote Access in a Post-COVID-19 World
Rob Smith, Sr Director Analyst, Gartner
This session will discuss the challenges of enabling users to access corporate resources in a post-COVID-19 world. Is always-on VPN still the right access choice or should new technologies such as ZTNA and CASB be used instead? And what about policies?
Wednesday, September 16, 2020 / 12:30 PM - 01:00 PM EDT
Trends in Midsize Enterprise Security
Patrick Long, Principal Analyst, Gartner
Midsize enterprise (MSE) IT leaders face significant security challenges when trying to deliver IT services with small IT teams (usually fewer than 30 people) and limited IT budgets (usually less than $20 million). Join us for a discussion of the top trends that MSE IT leaders responsible for security and risk management should prioritize to stay current and proactive in protecting the organization and managing risk effectively.
Wednesday, September 16, 2020 / 12:30 PM - 01:00 PM EDT
What Are, and Why You Need, Incident Response Services
Toby Bussa, VP Analyst, Gartner
Incidents happen, and when they do many organizations are not prepared. Incident response services are an important component of an organization's incident response capabilities. This session will explain what incident response services are, why you need them, how they support your incident response capabilities, and how to procure these services.
Wednesday, September 16, 2020 / 02:00 PM - 02:30 PM EDT
Crisis and Risk Management Discretionary Budgeting
Brent Predovich, Assoc Principal Analyst, Gartner
Security and risk management leaders tasked with the reactive art of attack damage mitigation, have struggled with budgets running wild. Understand how to set the expectations for your budget and advocate for a discretionary attack-damage mitigation budget.
Wednesday, September 16, 2020 / 02:45 PM - 03:15 PM EDT
U.S. DoD’s New Cybersecurity Maturity Model Certification — Fix or Folly?
Katell Thielemann, VP Analyst, Gartner
As the U.S. Department of Defense rolls out its new CMMC approach, some view it as a revolutionary fix to contractor cybersecurity issues, while others see a bureaucratic folly that will further constrain DoD technology adoption. What is it? Why does it matter? What does it mean for security and risk management leaders everywhere?
Thursday, September 17, 2020 / 11:45 AM - 12:15 PM EDT
Sovereignty, Shadows and Spies: How Can You Trust the Cloud?
Jay Heiser, VP Analyst, Gartner
Is your cloud solutions provider facilitating or resisting government surveillance? How can you know? You can't avoid the cloud by building a digital wall around your organization. Can any technology or law save you from the cloud? Will local providers come to your rescue? This provocative session will cut through the myths, so that your organization can stop wasting time solving problems that can't be fixed.
Thursday, September 17, 2020 / 11:45 AM - 12:15 PM EDT
Resetting Executive Engagement, Business Context and How We Invest in Security
Paul Proctor, Distinguished VP Analyst, Gartner
What is the right amount of security? How much should we be spending? How can this all be put in a business context? How do I satisfy the regulators? And how do we create a safer world?
Thursday, September 17, 2020 / 11:45 AM - 12:15 PM EDT
Ask the Expert: Mastering Privacy UX — Transparency, Subject Rights and Consent Management
Nader Henein, VP Analyst, Gartner
Privacy UX is composed of the aspects of a privacy program that are exposed to the public. Come to this Ask the Expert session to join a discussion about balancing just the right level of transparency with your users to earn their trust, drive depth and turn privacy from a challenge to a market advantage.
Thursday, September 17, 2020 / 12:30 PM - 01:00 PM EDT
Build an Actionable Risk Appetite Framework for Technology Risk
Srinath Sampath, Sr Director Analyst, Gartner
Most security and risk management leaders fail to shape their security programs around the executive leaders’ risk appetite — and they usually cite ignorance of the latter. What’s worse is that organizations that have risk appetite statements find them too impractical to use. This session will cover best practices on how to influence key decisions through an actionable risk appetite framework.
Thursday, September 17, 2020 / 12:30 PM - 01:00 PM EDT
Practical Privacy in Action: What Two Years of Modern Privacy Laws Have Taught Us
Bernard Woo, Sr Director Analyst, Gartner
Privacy regulations across the globe have developed more over the past two years than they have in the preceding century. This has placed substantial pressure on organisations regarding how they store and handle personal information pertaining to their employees and their customers. This session focuses on the top three mistakes, top three capabilities and top three hacks learned through out two years in the trenches of the GDPR, the CCPA, the LGPD and many more.
Thursday, September 17, 2020 / 02:00 PM - 02:30 PM EDT
Selecting the Right IT Risk Management Solution
Khushbu Pratap, Director Analyst, Gartner
This session walks through requirements planning, decision making and stakeholder communication, and also discusses overlap with cybersecurity tools, compliance solutions, security operations, analysis and reporting tools as well as risk management capabilities available with cloud service providers.
Thursday, September 17, 2020 / 02:45 PM - 03:15 PM EDT
The BCM Software Ecosystem
David Gregory, Sr Director Analyst, Gartner
BCMP, C/IM, EMNS, IRM The technologies available to BCM leaders are many, but selecting the right solution can be daunting. In addition, the markets are merging to deliver a single-pane-of-glass approach to managing a business disruption. This session will review the BCM software ecosystem markets and then compare them so that participants will have a methodology to use for product selection.
Monday, September 14, 2020 / 12:15 PM - 12:45 PM EDT
Ask the Expert: Sharing Best Practices on Tools Selection for Red Teams
Jeremy D'Hoinne, VP Analyst, Gartner
Toby Bussa, VP Analyst, Gartner
Breach and attack simulation tools are maturing and provide an interesting alternative to automated penetration testing tools when automating security posture assessments.
This session will give an opportunity to attendees to ask question about the emerging attack simulation and the rejuvenating automated penetration testing markets , and tips on how to evaluate the vendors and best benefit from the technology.
Monday, September 14, 2020 / 12:15 PM - 12:45 PM EDT
Outlook for Endpoint and Mobile Security
Rob Smith, Sr Director Analyst, Gartner
Endpoints security challenges are rising to new levels of complexity as the definition blurs across clouds, BYO, workstations, mobile, wearable, “things” and pure software. This session will address:
. The evolution of device security to a single Unified Endpoint Security (UES) solution
. The evolution of network security from on-premise to cloud based since devices are frequently accessing cloud-based services.
. The evolution of modern data protection for devices including VDI, encryption, and DRM
Monday, September 14, 2020 / 12:15 PM - 12:45 PM EDT
A Pragmatic Approach to Implementing a Zero Trust Security Architecture
Neil MacDonald, Distinguished VP Analyst, Gartner
Changes in the threat landscape and ineffectiveness of current security architectures has driven an explosion of interest in zero trust security architectures. This presentation will build on the concepts of zero-trust networking and extend to operating systems, applications (including development), users and data. Topics will include the new NIST draft standard for zero trust as well as technologies and vendors providing solutions.
Monday, September 14, 2020 / 12:15 PM - 01:00 PM EDT
Roundtable: How Relevant Is Network Security for Cloud?
Lawrence Orans, VP Analyst, Gartner
This round table will discuss the use cases on how clients are protecting their cloud and cloud access by using network security best practices or not relying much on network security.
Monday, September 14, 2020 / 01:45 PM - 02:15 PM EDT
You’ve Got Cloud Security All Wrong — Why Identity and Data Security Are Paramount in a Cloud World
David Mahdi, Sr Director Analyst, Gartner
In a world of cloud, does infrastructure security matter? As organizations move more services to the cloud, the problem shifts to managing user access and data. Attend this session to learn about emerging trends on the convergence of cloud, identity and data security, as well as best practices regarding cloud security, that you can leverage now.
Monday, September 14, 2020 / 01:45 PM - 02:15 PM EDT
Five Cultural Elements for Successful DevSecOps
Mark Horvath, Sr Director Analyst, Gartner
Tools play a crucial role in DevSecOps, but even the best tool is no good if no one uses it. This session goes over five cultural practices the most successful teams use to move from DevOps to DevSecOps, without slowing everything down.
Monday, September 14, 2020 / 01:45 PM - 02:15 PM EDT
Outlook for Data Security
Ramon Krikken, Distinguished VP Analyst, Gartner
This session covers current trends and emerging topics in the area of data security. From databases to files, threats are rapidly evolving and countermeasures slowly follow. Planning a data-centric roadmap for security governance and security architecture is a critical component of any security and risk management program.
Monday, September 14, 2020 / 02:15 PM - 03:00 PM EDT
Roundtable — CASBs: The Good, the Bad, the Ugly
Steve Riley, Sr Director Analyst, Gartner
CASBs have become the hottest cloud security market, and according to Gartner projections will be the fastest growing through the mid 2020s. Many CASB-using organizations are now reassessing their first choice and evaluating other vendors. If you’re already using a CASB, this roundtable is for you — come learn from your peers about what went well and what went not-so-well in their CASB journeys.
Monday, September 14, 2020 / 02:30 PM - 03:00 PM EDT
Technical Insights: Outlook for Security Monitoring and Operations
John Collins, Sr Director Analyst, Gartner
Security monitoring and operations are rapidly evolving to keep up with a very dynamic threat landscape. Automation, advanced analytics and machine learning are some of the tools leveraged by security professionals to keep up with threats. This session will address these key issues:
. What trends are affecting security operations?
. What defines best-in-class security operations of 2020?
. What is the outlook for security monitoring and operations for the years ahead?
Monday, September 14, 2020 / 02:30 PM - 03:00 PM EDT
The Future of Endpoint Management and Security in a Post-COVID-19 World
Rob Smith, Sr Director Analyst, Gartner
How is endpoint device management and security evolving since the COVID-19 crisis? What are the best practices to manage and secure endpoints today and tomorrow? This session will address what should be done today while keeping an eye on the future as technology evolves.
Monday, September 14, 2020 / 02:30 PM - 03:00 PM EDT
Outlook for Application Security
Dale Gardner, Sr Director Analyst, Gartner
DevOps, new deployment models and technologies pose an existential threat to application security programs. But all is not lost. In this session, we'll show how — by embracing the tenets of DevOps, adopting new approaches to application security, and leveraging evolving security technologies — it's possible to achieve success in DevSecOps, with lessons learned for all development styles.
Tuesday, September 15, 2020 / 11:45 AM - 12:15 PM EDT
Outlook for Cloud Security
Steve Riley, Sr Director Analyst, Gartner
Cloud security remains a top priority. This presentation summarizes the problems, recommended processes, and new product types to address three key issues:
. What are the unique risks associated with public cloud service providers, and how can they be controlled?
. What are the unique security challenges of IaaS and how can they be mitigated?
. What are the unique control challenges of SaaS, and how can they be addressed?
Tuesday, September 15, 2020 / 11:45 AM - 12:15 PM EDT
Technical Insights: Do You Still Need a SIEM?
For years SIEMs have been the cornerstone of security operations centers and the primary security monitoring tool for many organizations. However, with the adoption of newer threat detection tools, massive migrations to cloud services and the increasing adoption of technologies such as IoT and mobile, does it still make sense to invest in a SIEM? This session addresses the role of the SIEM in a modern SOC, covering the following issues:
- Is the SIEM capable of detecting modern threats?
- Does the SIEM scale to address the volume of data generated by the cloud?
- Is it possible for a SOC to operate without a SIEM?
Tuesday, September 15, 2020 / 12:30 PM - 01:00 PM EDT
Applying CARTA to Access Management
Michael Kelley, Sr Director Analyst, Gartner
As a security framework, all elements of CARTA can be applied to any technology. For access management, this includes concepts like continuous authentication and continuous authorization, applying dynamic (always being evaluated) approaches to access management. In this approach, adaptive and contextual authentication, as well as leveraging session management as a control plane, and UEBA as for visibility, will allow a near-real-time response to a variety of AM issues, including credential theft, session hijacking and others.
Tuesday, September 15, 2020 / 12:30 PM - 01:00 PM EDT
Deception Should Be Part of Your Threat Detection Strategy
Pete Shoard, Sr Director Analyst, Gartner
During this session, we will cover the different deception deployment models, the benefits and limitations of deception products and services and how do you need to have your deception technology managed. Attendees will better understand deception as part of a wider security strategy, availability of products on the market and how service providers are adopting this technology.
Tuesday, September 15, 2020 / 12:30 PM - 01:15 PM EDT
Roundtable: Solving Remote Access in a Post-COVID-19 World
Rob Smith, Sr Director Analyst, Gartner
This roundtable will be a discuss with peers who lived through the challenges of enabling remote working under dire conditions.
- What worked and what didn't?
- How has it changed since then?
Tuesday, September 15, 2020 / 02:00 PM - 02:30 PM EDT
Outlook for Network Security
Lawrence Orans, VP Analyst, Gartner
The cloud era is forcing network security professionals to adapt on several fronts. Enterprises are spending more on cloud-based security services, as a replacement for physical appliances in private data centers. Also, as enterprises move workloads to IaaS clouds, they are turning to micro-segmentation to secure key assets. This session will deliver key insights into these important trends.
Tuesday, September 15, 2020 / 02:00 PM - 02:30 PM EDT
Technical Insights: The Future of Cloud Security Posture Management
Richard Bartley, Sr Director Analyst, Gartner
Cloud security posture management services are now offered by cloud providers, CASB service vendors, firewall vendors, as well as dedicated vendors. Which is the right set of services for you and your cloud implementation? This session takes a look across these capabilities and discusses priorities and technical directions.
Tuesday, September 15, 2020 / 02:45 PM - 03:15 PM EDT
The Future of Network Security Is in the Cloud: Introducing the Secure Access Service Edge
Neil MacDonald, Distinguished VP Analyst, Gartner
Digital business is turning organizations inside out. More users, data, systems and applications will be outside of the enterprise than inside. This drives a need for cloud-based delivery of networking (notably SD-WAN) and security capabilities (notably SWG) to get closer to the users that need access to the internet and their data, systems and applications that are pretty much everywhere but a central office. Here, we introduce the secure access service edge where SD-WAN, FWaaS, SWG, CASB, WAF, DNS protection and ZTNA converge over the next several years creating significant disruption in the vendor landscape and opportunities for every organization.
Tuesday, September 15, 2020 / 02:45 PM - 03:15 PM EDT
Ask the Expert: Managing the Risks of Electronic Signature
This session provides the opportunity to ask questions about best practices for the selection and implementation of electronic signature across a variety of use cases; including ways to manage the business, legal, compliance and security risks for a successful deployment. Attendees should come prepared to ask questions.
Tuesday, September 15, 2020 / 02:45 PM - 03:15 PM EDT
The State of the IoT Network Landscape
Tim Zimmerman, VP Analyst, Gartner
Organizations must recognize the differing networking requirements for IoT use cases in order to deploy the correct network and security architecture and ecosystem, otherwise they will fail. This presentation reviews different market segments and analyzes usage scenarios to identify the network strategy needed to properly implement IoT solutions.
Tuesday, September 15, 2020 / 02:45 PM - 03:15 PM EDT
Ask the Expert: Building Out Your Insider Threat Management Program
This session will cover the people, processes and technologies necessary to ensure a successful insider threat management program. Insider threats come in a variety of forms, and it is important that proper attention to use case development and focus on actual business goals are maintained throughout the program development.
Wednesday, September 16, 2020 / 11:45 AM - 12:15 PM EDT
Technical Insights: CASB 201: Use Cases, Architecture and the Continuing Evolution of Securing Cloud Applications
Ramon Krikken, Distinguished VP Analyst, Gartner
CASB is to SaaS as the firewall is to the data center. Come learn how to best take advantage of CASBs as your business continues to migrate more services to the cloud. We will discuss the different use cases and best practices on how to deploy CASB, as well as the continuing evolution of security architecture through CASB and related technologies such as zero trust network access (ZTNA).
Wednesday, September 16, 2020 / 11:45 AM - 12:15 PM EDT
Cut Through the "Zero Trust" Vendor Hype
John Watts, Sr Director, Analyst, Gartner
"Zero trust" has emerged as a popular buzzword for the security industry in 2020. Security and risk management leaders need help cutting through the vendor hype for practical advice on how to succeed including:
- Practical implementations of zero trust.
- What problems it solves, but more importantly, what it doesn't.
- Real-world implementation feedback from clients.
Wednesday, September 16, 2020 / 12:30 PM - 01:00 PM EDT
Ask the Expert: Building Out a DLP Program
Zaira Pirzada, Principal, Advisory, Gartner
Data Loss Prevention has a mixed reputation given its resource intensive technology. However, hopes are still high for DLP, as the visibility it provides can be a force in reshaping policy, processes, and data usage behavior – pushing the enterprise towards a brighter future in compliance and risk reduction. The question is often: How? How do you do it? It’s by building a DLP program. Each part of the process is an ocean. Join this session to ask your questions.
Wednesday, September 16, 2020 / 12:30 PM - 01:00 PM EDT
SOC in the Era of Clouds
How are SecOps and SOC evolving in the era of cloud-first initiatives? On-prem, legacy approaches need to be rethought considering the changing landscape, and the unique requirements that organizations are putting on their security operations
Wednesday, September 16, 2020 / 02:00 PM - 02:30 PM EDT
Magic Quadrant for Network Security Products
Rajpreet Kaur, Sr Principal Analyst, Gartner
This session will cover the latest Magic Quadrants for three most important network security devices: Network firewalls, secure web gateways and web application firewalls.
Wednesday, September 16, 2020 / 02:00 PM - 02:30 PM EDT
Outlook for Managed Security Services
Pete Shoard, Sr Director Analyst, Gartner
Managed security services are a sensible and efficient choice for many organizations, large and small to enable or augment their security operations. Gartner presents their view on the range of core services available in the market, cutting through the jargon and aligning the needs of consumers with available service types and providing predictions on the future of the market.
Wednesday, September 16, 2020 / 02:00 PM - 02:30 PM EDT
Protecting Data and Securely Collaborating With Office 365
Steve Riley, Sr Director Analyst, Gartner
Securing Office 365 can be daunting — perhaps even overwhelming. Microsoft continues to add new security features at a blistering pace, and inquiry trends show that while some customers enjoy this, others struggle with finding the most relevant controls to meet security requirements. Come to this session to receive answers to your most pressing questions about Office 365 security.
* What are the most important controls to implement and what is a reasonable sequence?
* Is it OK to go all-in with Microsoft, or are third-party products still necessary?
Wednesday, September 16, 2020 / 02:45 PM - 03:15 PM EDT
Strategies for Consistent Security and Compliance in a Hybrid Multicloud World
Neil MacDonald, Distinguished VP Analyst, Gartner
Most enterprises will have data centers for years to come and most have adopted a multi-cloud strategy by design. This presentation will outline strategies for the consistent management and security of a hybrid multi-cloud environment composed of physical machines, virtual machines, containers and serverless workloads.
Wednesday, September 16, 2020 / 02:45 PM - 03:15 PM EDT
The VPN Is Dead: Long Live Zero-Trust Network Access
Steve Riley, Sr Director Analyst, Gartner
Zero-trust network access (ZTNA), sometimes called software-defined perimeters (SDP), replaces traditional technologies and eliminates the need to extend excessive trust. Instead, it provides adaptive, identity-aware, precision access that improves flexibility, agility and scalability, while offering a consistent experience regardless of who the user is or where they are.
. What is ZTNA, exactly, and why is it suddenly so popular?
. What are the benefits and the common emerging use cases?
. What can we expect it to evolve into as it matures?
Wednesday, September 16, 2020 / 02:45 PM - 03:15 PM EDT
How to Achieve Success in Data Loss Prevention
Zaira Pirzada, Principal, Advisory, Gartner
Security and risk management leaders are prone to buying a DLP tool before identifying risks, governance requirements and the ground that is necessary to operate DLP successfully. The objective of this session is to teach SRM leaders the preliminary steps necessary to implement DLP as a program and a process. These steps will yield success upon tool selection, implementation and maintenance.
Wednesday, September 16, 2020 / 02:45 PM - 03:15 PM EDT
Ask the Expert: Soul Searching, Who Owns IoT/OT Security Organization?
Barika Pace, Sr Director Analyst, Gartner
Most enterprises are starting to realize that security — whether IT, OT, physical or supply chain — needs a whole-of-enterprise focus. Historical IT and OT functional differences are becoming a liability when security is involved. Due to design, age or function, the unique requirements of OT systems now add to IT security concerns in ways that can no longer be ignored. This session will answer your organizational questions about OT/IoT security.
Thursday, September 17, 2020 / 11:45 AM - 12:15 PM EDT
Ask the Expert: What to Watch for When Your IT Security Vendor Is Acquired
This session will discuss some of the potential pitfalls, warnings, and signs for concern when your IT security vendor is acquired, divested, merged or altered significantly due to a significant vendor business condition. This session will point out several key indicators that you might want to rethink your go-forward plans with a specific IT security vendor when a change of control takes place.
Thursday, September 17, 2020 / 11:45 AM - 12:15 PM EDT
Identifying and Managing Open Source Software Risks in DevSecOps Environments
Dale Gardner, Sr Director Analyst, Gartner
The nearly ubiquitous presence of open source software within applications and their supporting infrastructure introduces an array of risks, and has led to some of the most damaging security incidents on record. This session will deliver guidance on the necessary policies, processes, and tools — including software composition analysis and vulnerability assessment — necessary to identify and manage these risks.
Thursday, September 17, 2020 / 12:30 PM - 01:00 PM EDT
Technical Insights: Cloud Security Through the Looking Glass
Patrick Hevesi, VP Analyst, Gartner
Have you stumbled down a rabbit hole as you are building and deploying your cloud security strategy. Terms like CASB, CSPM, CWPP and more are being thrown at you, with more coming everyday. Vendors are trying to sell you best of breed, while other large security vendors are buying and building for a more integrated cloud security solution. This session will discuss the right approach to build your cloud security strategy, give you insight to the ever changing vendor landscape and provide a roadmap on where to go as you navigate the wonderland that is cloud security.
Thursday, September 17, 2020 / 12:30 PM - 01:00 PM EDT
When Worlds Collide, Converge, and Evolve: IT Security, OT Security and the Rise of Cyber-Physical Systems Security
Katell Thielemann, VP Analyst, Gartner
A wave of cyber-physical systems with unique security considerations is emerging as a result of IT/OT convergence, IoT, IIoT, and smart infrastructure efforts alike. Threats and vulnerabilities are increasing, and emerging technologies such as 5G will only accelerate security and safety concerns. What trends does Gartner see, and how should Security and Risk Management Leaders prepare for this new future?
Thursday, September 17, 2020 / 12:30 PM - 01:15 PM EDT
Roundtable: Zero-Trust Networking
Lawrence Orans, VP Analyst, Gartner
Compare notes with your peers on zero trust networks. Discuss your plans and objectives for 2020 and beyond. Contribute your perspective and learn from others that are well down the path of zero trust networks.
Thursday, September 17, 2020 / 12:30 PM - 01:15 PM EDT
Roundtable: Security Vendors, the Midsize Enterprises' Love
Patrick Long, Principal Analyst, Gartner
Join this discussion on security vendors that midsize enterprises love. Midsize enterprises are defined as organizations between $50 million and $1 billion in annual revenue and fewer than 1,000 employees. This session is a good fit for you if your organization has between five and 50 people in IT and an IT budget between $5 million and $30 million.
Thursday, September 17, 2020 / 12:30 PM - 01:15 PM EDT
Roundtable: The Evolving Needs of the CSO and the Head of Development in Application Security Testing
Mark Horvath, Sr Director Analyst, Gartner
As DevSecOps becomes a more mainstream, the purchaser of application security testing tools is also evolving. Once the sole responsibility of the CSO, AST tool purchases are increasingly being driven by the development leads who are putting the speed of the development process front and center. And, as their developer process maturity increases, so does developer budget for security.
Thursday, September 17, 2020 / 02:00 PM - 02:30 PM EDT
Technical Insights: Assessing the Impact of Machine Learning and Artificial Intelligence on Security
Anna Belak, Director Analyst, Gartner
Security organizations are flooded with AI/ML marketing from security vendors, but it is hard to understand how much of this is real and effective. This research reviews areas where AI/ML methods are successfully used for security and provides guidance for judging their effectiveness and suitability for your environment.
Thursday, September 17, 2020 / 02:00 PM - 02:30 PM EDT
Ask the Expert: Cloud Security and Data Protection for Midsize Enterprises Moving to IaaS
Paul Furtado, Sr Director Analyst, Gartner
Moving from on-premises to IaaS can introduce additional security risks. This session will discuss areas that midsize enterprises should be aware of and prepared to address when moving to the cloud. This session is a good fit for you if your organization has between five and 50 people in IT, and an IT budget between $5 million and $30 million.
Thursday, September 17, 2020 / 02:00 PM - 02:30 PM EDT
I Like the Idea of SASE, but How Do I Put SASE Into Practice in My Network?
Nat Smith, Sr Director Analyst, Gartner
We are buying into digital transformation so my network and security architectures need to take advantage of secure access services edge (SASE), but SASE seems like a framework for vendors. How do I best take advantage of SASE? Where do I start, and how do I get the most value from my existing investments? What should be my goals for the next year, next three years, and the next five years? Come get some guidance and structure to help you succeed with SASE.
Thursday, September 17, 2020 / 02:30 PM - 03:15 PM EDT
Roundtable: Cyber-Physical Systems Security: Focus on Drones and Counter-Drone Measures
Katell Thielemann, VP Analyst, Gartner
Discuss challenges, lessons learned, opportunities, and latest trends for drone and counter-drone security with your peers in a facilitated roundtable discussion.
Thursday, September 17, 2020 / 02:45 PM - 03:15 PM EDT
Technical Insights: Mobile Security Strategy 201: Are Your Mobile Devices Secure From the Latest Attacks?
Patrick Hevesi, VP Analyst, Gartner
Come see how secure the latest versions of your mobile OSes and devices are against the current mobile attacks. This session will show which operating systems and devices you need to be using along with third-party solutions to protect your organization. We will demonstrate attacks and also discuss the right EMM/UEM, MTD and other mobile security solutions your should be using today.
Thursday, September 17, 2020 / 02:45 PM - 03:15 PM EDT
Gartner's Strategic Vision for Vulnerability Management
Craig Lawson, VP Analyst, Gartner
Gartner has been evolving its guidance on how to better run vulnerability management, which is a foundational security process. This presentation will go over this new way of doing vulnerability more effectively.
. Why we made some significant changes to our guidance on this critical process?
. What does the new RBVM actually look like?
. How to bring this to life inside your own security programs?
Thursday, September 17, 2020 / 02:45 PM - 03:15 PM EDT
The Long-Term Evolution of Endpoints Will Reshape Enterprise Security
Dionisio Zumerle, VP Analyst, Gartner
Endpoints are becoming digital consumer experience enablers that are more tightly controlled and natively fortified against attacks. Security and risk management leaders must design long-term security and investment strategies that align with this technology trend.
Thursday, September 17, 2020 / 02:45 PM - 03:15 PM EDT
Ask the Expert: Everything You Ever Wanted to Know About SOC But Were Afraid to Ask
John Collins, Sr Director Analyst, Gartner
This "Ask the Expert" session will be focused on security operations centers (SOCs) -- from building, to outsourcing, to operating and evolving, this session will address all attendees' questions on SOC
Monday, September 14, 2020 / 12:15 PM - 12:45 PM EDT
Outlook for Identity and Access Management
David Mahdi, Sr Director Analyst, Gartner
IAM encompasses workforce, partner, citizen and customer identities and access, to manage risk and enable desired business outcomes. Decentralized identity, CARTA, fraud management and autonomous governance will drive opportunities and challenges for IAM leaders in 2020 and beyond. Key Issues:
. What does a successful IAM program look like in 2020?
. How can IAM quickly deliver real business value, improve customer retention and support cyber defense against fraud?
. How predictive and autonomous IAM governance will play a role in modern challenges in compliance and privileged access management?
. How will passwordless and decentralized identity disrupt old business models for authentication and access management?
Monday, September 14, 2020 / 01:45 PM - 02:15 PM EDT
Ask the Expert: Structuring an IAM Organization to Succeed
Kevin Kampman, Sr Director Analyst, Gartner
As IAM programs mature they are beginning to separate from traditional security and IT organizations. This evolution represents the foundational characteristics of identity as an aspect of all business activities and how identity needs to be recognized for its influence on all business activities.
Monday, September 14, 2020 / 01:45 PM - 02:15 PM EDT
Creating Trust and Safety on the Internet
Jonathan Care, Sr Director Analyst, Gartner
The internet, like any other society, is populated with all kinds of people. Some people try to get real work done while others have sensitive or proprietary data they must protect. Successful e-businesses, — whether retail, financial (or other) services — social platforms, sharing economies all make use of this untrustworthy medium.
- What does trust and safety mean?
- Where is it applicable?
- How do we know where it is being applied?
- What can we observe?
- What can we measure? Since mulling this idea on client inquiries we have seen the industry start to gain traction around this idea in 2019. .
- What does trust and safety mean?
- Where is it applicable?
- How do we know where it is being applied?
- What can we observe? What can we measure?
Monday, September 14, 2020 / 02:30 PM - 03:00 PM EDT
Fraud Prevention is Killing Customer Experience
Akif Khan, Sr Director Analyst, Gartner
Consumers have unrelenting expectations for smooth and friction-free experiences when dealing with retailers and financial institutions. This is often at odds with the various antifraud mechanisms that security leaders have implemented. A new approach is required to reduce tension between CX and fraud management, and instead blend a spectrum of technologies to deliver the fluid experience that most customers want and deserve.
Tuesday, September 15, 2020 / 11:45 AM - 12:15 PM EDT
Security Leader's Guide to Privileged Access Management
Felix Gaehtgens, VP Analyst, Gartner
An introduction for privileged access management: Why Is PAM Such a Crucial Piece of Any Security Program? How Should You Leverage PAM? How can you raise your security posture by using a just-in-time PAM and Zero Standing Privileges Approach?
Tuesday, September 15, 2020 / 02:00 PM - 02:30 PM EDT
IT Leaders' Guide to IAM Program Management
David Collinson, Sr Director Analyst, Gartner
IT leaders often struggle to know where to begin and how to initiate a well-run IAM program. This session will help you by taking you through the initial steps, best practices and lessons from organizations that have been through this process before.
Tuesday, September 15, 2020 / 02:45 PM - 03:15 PM EDT
Passwordless Authentication, More or Less
David Mahdi, Sr Director Analyst, Gartner
There are many different ways to eliminate passwords to significantly improve UX/CX, enhance security or both, but technology constraints make a universal approach elusive. IAM must take pains to craft a cohesive strategy across key use cases.
● What are the key drivers for passwordless authentication?
● What options are available and what value do they provide?
● What are the barriers to going passwords — and what does success look like?
Wednesday, September 16, 2020 / 11:45 AM - 12:15 PM EDT
Identity Multiverse: See Your Role Management Process in 3D
Henrique Teixeira, Sr Director Analyst, Gartner
Enterprise role management is not only about the tools. Learn how to combine a traditional two-dimensional enterprise role management framework with three parallel universes of identities, accounts and entitlements to unlock a three-dimensional approach for role management. A combination of the hats and buckets approach with the three planes of identities.
Wednesday, September 16, 2020 / 12:30 PM - 01:00 PM EDT
Best Practices for CIAM
Abhyuday Data, Sr Principal Analyst, Gartner
What are companies doing for CIAM? What are the primary considerations for a company planning to move from a “build it” to a “buy it” CIAM capability? How can you differentiate yourself from your competitors through a superior CIAM portal that your customers love? What are the main considerations, and how is privacy regulation impacting these decisions? We will discuss best practices around CIAM, what are the main considerations, how to plan for the best user experience and which vendors you can partner with to achieve your goals.
Wednesday, September 16, 2020 / 12:30 PM - 01:00 PM EDT
Ask the Expert: Privileged Access Management Best Practices
Felix Gaehtgens, VP Analyst, Gartner
This session gives you an opportunity to ask questions about privileged access management (PAM), successful use cases and requirements needed to make your PAM efforts successful. Attendees should come prepared to ask questions.
Wednesday, September 16, 2020 / 02:00 PM - 02:30 PM EDT
Technical Insights: Best Practices for Microservices IAM
David Chase, Sr Director Analyst, Gartner
Identity of microservices is a rapidly evolving and challenging topic. In a zero-trust framework, microservices has to be authenticated and authorized. This breakout will discuss the latest best practices of identity and microservices.
Wednesday, September 16, 2020 / 02:00 PM - 02:45 PM EDT
Roundtable: Access Management, CARTA and Zero Trust
Michael Kelley, Sr Director Analyst, Gartner
Henrique Teixeira, Sr Director Analyst, Gartner
Join this session to discuss the intersection of Access Management and Zero Trust, and how the CARTA framework provides guidance for success.
Wednesday, September 16, 2020 / 02:45 PM - 03:15 PM EDT
Accelerate Your IAM Using DevOps and Agile Approaches
Kevin Kampman, Sr Director Analyst, Gartner
IAM adoption has traditionally been seen as a monolithic and waterfall style deployment activity. These characteristics are changing as the needs of the business preclude extended investment and adoption. Learn how organizations have used DevOps and agile approaches to improve alignment with business requirements and practices.
Thursday, September 17, 2020 / 11:45 AM - 12:15 PM EDT
IAM Leaders' Guide to Identity Governance and Administration
David Collinson, Sr Director Analyst, Gartner
An introduction to identity governance and administration. What value does IGA bring today? What are the main challenges? What is the outlook for the future?
Thursday, September 17, 2020 / 12:30 PM - 01:00 PM EDT
Face Value: Biometric Authentication Risks and Opportunities
Ant Allan, VP Analyst, Gartner
Early promises of easy, secure and universal authentication through unique personal traits have been unfulfilled for decades, but in the past 10 years we have seen a surge in interest and adoption.
● What is biometric authentication and what are its benefits over other orthodox methods?
● What are the key biometric authentication risks and how can you deal with them?
● Where can biometric authentication methods add value in accelerated digitalization?
Thursday, September 17, 2020 / 02:00 PM - 02:30 PM EDT
Leveraging CARTA and CIAM to Prevent Fraud and Protect Privacy
Michael Kelley, Sr Director Analyst, Gartner
After Facebook privacy scandals, and publicity around so many data breaches, consumers and the public opinion have pushed the industry to do the inconceivable: To entertain the idea that #thefutureisprivate. This session discusses how continuous adaptive risk and trust assessment (CARTA) for CIAM can help prevent internal fraud and achieve a more private future. Includes contexts for CIAM and internal fraud. Based on "Implications of Facebook’s Privacy Scandal: Key Takeaways and Next Steps" — using this in the context of CIAM, to leverage CARTA to prevent "internal" fraud.