Gartner Newsroom

Conference Updates

September 14, 2020

Gartner Security & Risk Management Summit, Day 1 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit taking place this week virtually in EMEA and the Americas. Below is a collection of the key announcements, and insights coming out of the conference.

On Day 1 from the conference, we are highlighting the opening keynote, top security predictions, Gartner's outlook for privacy, as well as the leadership vision for security & risk management. Be sure to check this page throughout the day for updates.

Key Announcements

Gartner Opening Keynote: Balance Risk, Trust and Opportunity in an Uncertain World

Presented by Jeffrey Wheatman, VP Analyst, Gartner

Trust in organizations, leaders, governments, and institutions is being challenged on a global scale as we are exposed to many new risks. In this Opening Gartner Keynote, Jeffrey Wheatman, VP Analyst at Gartner, shared the priorities and opportunities that lay ahead for CISOs as they move through the pandemic recovery.

Key Takeaways

  • "Security and risk leaders must focus on balancing risk, trust and opportunity to help maintain the ability of their organizations to function as a trusted participant in the digital economy."

  • "The ongoing digitalization of physical systems is increasing physical risks. To more systematically address physical risks and cyber-physical risk, leading organizations are restructuring security governance and realigning organizations." 

  • "Security leaders must lead the charge in accelerating digital business; managing the risks in both volume and impact; responding with agility in both proactive and reactive matters and maturing processes; while implementing cost optimization and evaluating investments in technologies and services."

  • "CISOs have a unique ability to give business executives the insights and tools to help them balance risk with the potential opportunity for digital transformation."

  • "The accelerated adoption of digital transformation means that interacting with clients and citizens will highlight the potential need for establishing dedicated digital trust and safety teams in enterprises."

  • "The ability for CISOs to communicate the real impacts of change and chaos, or in other words to achieve just the right level of balance, is critical to set and manage organizational risk appetite and capitalize on opportunity."

    Learn more from the Gartner Opening Keynote in the Gartner press release "Gartner Says Security & Risk Leaders Must Balance Risk, Trust and Opportunity to Succeed in Uncertain Times."

It’s not too late to join the conference!

Top Security Projects for 2020-2021

Presented by Brian Reed, Sr. Director Analyst at Gartner

Security and risk management leaders often spend too much time striving for a notion of “perfect security” that does not exist, when instead there are strategic focus areas that can help organizations be more resilient and prepared to manage threats. In this session, Brian Reed, Sr. Director Analyst at Gartner, discussed the top projects that security and risk leaders should focus their efforts and investments on for 2020-2021.

Key Takeaways

  • Securing Your Remote Workforce: “Securing your remote workforce has now become the single greatest existential imperative for all organizations in the wake of COVID-19.” 

  • Risk-Based Vulnerability Management. “Despite our best efforts, our systems are never going to be 100% patched.” Focus on systems and vulnerabilities with higher risk by applying context and threat intelligence to vulnerability data.

  • Platform Approach to Detection and Response: Improve detection accuracy, threat containment, and the overall incident management program using emerging extended detection and response (XDR) products, which attempt to consolidate multiple security products into a cohesive platform.

  • Cloud Security Posture Management (CSPM) and Simplify Cloud Access Controls: As cloud applications are extremely dynamic, security professionals find them difficult to secure. Ensure common controls across IaaS and PaaS, while also developing a central location for policy and governance across multiple cloud services.

  • Domain-Based Message Authentication, Reporting & Conformance (DMARC): “DMARC is by no means a silver bullet or a complete answer for email security; however, it can provide an additional level of trust and verification with the sender’s domain.” 

  • Passwordless Authentication: “Although complete elimination of passwords is still far off, reducing reliance on them increases trust and improves the user experience.”

  • Other security projects to focus on include Data Classification and Protection, Workforce Competencies Assessment, and Security Risk Assessment Automation.

Outlook for Privacy 2021

Presented by Nader Henein, VP Analyst at Gartner

New privacy laws are being proposed, passed, or struck down on a monthly basis. Customer trust hinges on how organizations handle their data, as consumers are more than likely to cross the street to the competition if they’re not satisfied. In this session, Nader Henein, VP Analyst at Gartner, said that privacy cannot be a one-off project but rather an ongoing program that is just getting started. 

Key Takeaways

  • “Creating a strong privacy program means having an understanding of three things: 1) the current regulatory landscape, 2) the technology capabilities that support it and 3) the best practices that give control back to customers.”

  • “COVID-19 highlighted the maturity of the framework established by the General Data Protection Regulation (GDPR). This has made a noticeable difference to global privacy.”

  • “While it is important for organizations to start the privacy discovery process manually to get a feel for the complexity within their data, it becomes quickly evident that there is a need for automation to deliver scale.”

  • “One key success factor for a privacy program is the partnerships built with other organizational teams. Connect with your chief data officer (CDO) to understand what data is being used and how you can support them with privacy-preserving alternatives.” 

  • “Privacy is deeply personal.”

  • “As you gain control over the data you process and turn it back over to consumers, compliance is no longer just a goal. It becomes part of the ethical fabric of your business.”

    Learn more in the Gartner press release "Gartner Says By 2023, 65% of the World’s Population Will Have Its Personal Data Covered Under Modern Privacy Regulations."

Leadership Vision for Security & Risk Management 2021

Presented by Jay Heiser, VP Analyst at Gartner

Security and risk leaders need a coherent program based on a clear vision and strategy that is understood by their peers in the business. In this session, Jay Heiser, VP Analyst at Gartner, outlined what chief information security officers (CISOs) will be experiencing over the next 12-18 months and how to balance the need for change and the desire for control.

Key Takeaways

  • “Most Gartner clients have not yet experienced serious budget cutbacks that impact security programs, but some have, and there is potential for more.”

  • “Almost four in ten CISOs are working more than 50 hours a week, but it’s not practical to do it all. By 2021, a third of security programs will incorporate at least two new roles, which may or may not sit in your team. Do you need a security ombudsman, business liaison or digital ecosystem manager?”

  • “The cybersecurity jobs market continues to be strong. This means the skills you need can’t be bought, so you need to develop expertise in-house, and that should be part of your strategic plan.”

  • “Security programs traditionally delivered confidentiality, integrity and availability. They should now also include privacy, digital resilience and personal safety.”

  • “Help your business partners to use good ‘cyber judgement’, that is, to recognize the IT risk implications of their choices and take responsibility for making good decisions.”

  • “Explain risks in terms of a business problem, such as loss of intellectual property, downtime or reputational damage. Then outline how you address those risks, for example, through sensitive data protection, resilience of critical systems and robust crisis and incident response.”

  • “Greater uncertainty and complexity have created a need for greater risk agility.”

  • Gartner recommends an annual strategy planning project, reviewed quarterly.

    You can visit the Gartner Newsroom to find additional news and highlights from the Gartner Security & Risk Management Summit this week.

Watch this space for more updates throughout the day.

Contacts

It's not too late to join the conference

Latest Releases

About Gartner

Gartner, Inc. (NYSE: IT) is the world’s leading research and advisory company and a member of the S&P 500. We equip business leaders with indispensable insights, advice and tools to achieve their mission-critical priorities today and build the successful organizations of tomorrow.

Our unmatched combination of expert-led, practitioner-sourced and data-driven research steers clients toward the right decisions on the issues that matter most. We are a trusted advisor and an objective resource for more than 14,000 enterprises in more than 100 countries — across all major functions, in every industry and enterprise size.

To learn more about how we help decision makers fuel the future of business, visit gartner.com.