Gartner Newsroom

Conference Updates

September 16, 2020

Gartner Security & Risk Management Summit, Day 3 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit taking place this week virtually in EMEA and the Americas. Below is a collection of the key announcements, and insights coming out of the conference. You can also read the highlights here from Day 1 and Day 2.  

On Day 3 from the conference, we are highlighting how to solve the challenges of modern remote access in a post-COVID-19 world, followed by five cost optimization techniques for security & risk leaders, and the strategies for consistent security and compliance in a hybrid multicloud environment. Be sure to check this page throughout the day for updates.

Key Announcements

Press releases and stories covering news from the Gartner Security & Risk Management Summit conference are listed below:

Solving the Challenges of Modern Remote Access in a Post-COVID-19 World

Presented by Rob Smith, Sr Director Analyst at Gartner

No one was ready for the onslaught of remote workers that COVID-19 brought on. Rob Smith, Sr Director Analyst at Gartner, discussed how remote access VPN became one of the most important technologies overnight, and how organizations can implement the right remote access solution for their users and operations.

Key Takeaways

  • “Remote access VPN is arguably the most important tech for security and infrastructure and operations today.”
  • “With the onset of COVID-19, workers now need a VPN to ‘get into the office'."
  • “The first step in brainstorming the best VPN technology for your organization is to define your use case along four key variables: 1) user, 2) device, 3) data and 4) location."
  • “There is no one right approach to remote access - you have to understand the strengths and limitations of each solution.”
  • “Don’t use always-on VPN unless you absolutely have to."
  • “For the paranoid security people, virtual desktop infrastructure (VDI) solutions are best. It prevents enterprise data from making it to devices, however poor end-user bandwidth is a caution for workers in disparate locations.”
  • “Classify the data that is important to your organization rather than trying to protect it all, and then pick the appropriate controls based on that classification.”

It’s not too late to join the conference!

Five Cost Optimization Techniques Security & Risk Leaders Must Use in Uncertain Times

Presented by Sam Olyaei, Director Analyst, Gartner 

As economic uncertainty settles in and working environments become more difficult, security and risk leaders must create a cost optimization plan to aid their organizations in navigating through this challenging turn. In this session, Sam Olyaei, Director Analyst at Gartner, discussed five techniques that security and risk management leaders can use to stay ahead of the curve.

Key Takeaways

  • Identify Your Crisis Phase And Associated Action: “During the recovery phase of a crisis, the most effective security leaders will differentiate themselves from the most ineffective ones because this where they show their value to the business - by creating cost optimization initiatives.”
  • Data, Data, Data: “Reliance on data is ever so important especially in cost optimization. Use a combination of business reports, benchmarking, current state assessments and asset inventory to help with decision making.” 
  • Build Adaptable and Realistic Budget Scenarios: “Make sure you have planned out, tested and designed specific budgets for scenarios that you may face in the near to short term.” Sixty-one percent of security and risk teams do not have formalized budget plans and are waiting to see the impact of the pandemic. 
  • Follow a Risk Value Cost Model: All business units are valuable, but some are more valuable than others. Use a model to help align cost optimization initiatives based on business unit value, risk and cost. 
  • Take a Portfolio View of Cost Optimization: “Cost optimization does not mean cost cutting.” Make sure you have a balanced approach to cost optimization, understanding the supply and demand sides of the organization.
  • “This is one of the rare opportunities where a realistic scenario, like the pandemic we are in today, allows us to go back to the business and showcase the importance of our security function and role in a tangible manner.”

Read more on the topic of cost optimization in “5 Strategic Cost Optimization Action Items for Security Leaders”

Strategies for Consistent Security & Compliance in a Hybrid Multicloud World

Presented by Neil MacDonald, Distinguished VP Analyst, Gartner 

About 75% of enterprises today are multicloud by design, but many still have workloads in the data center, known as hybrid multicloud. Neil MacDonald, Distinguished VP Analyst at Gartner, discussed how security and risk leaders can take a hierarchical approach to ensure consistent security and compliance in today’s hybrid multicloud world.

Key Takeaways

  • “The good news is that all of the public cloud providers will federate with their identities, so you can use your enterprise identities and your preferred identity as a service provider, so at least you have consistent authentication.” 
  • “All the storage systems and services are different across these public clouds, but we can apply consistency in a policy that says ‘encrypt all data at rest in public cloud.’ And, we can implement a centralized key management system.”
  • “The vast majority of [cloud] mistakes are self-inflicted wounds—mistakes that the customer makes.” Cloud security posture management (CSPM) tools create automated guide rails to ensure consistent security controls across workloads.
  • “All the clouds have built-in, detailed, X-ray-like vision.” A best practice is to have one security operations center that looks across all your cloud infrastructure, but using the native built-in monitoring capabilities of each cloud.
  • “Ensure that you have consistency in your patch management processes and discipline.” 
  • “You have workloads of all types. Our job is to give consistency in the protection of that workload no matter how big it is.” Cloud workload protection platforms (CWPPs) can help ensure consistent security.
  • Take advantage of the built-in threat detection offered by many public cloud platforms, and link it to the enterprise security information and event management (SIEM) system.

Contacts

It's not too late to join the conference

Latest Releases

About Gartner

Gartner, Inc. (NYSE: IT) is the world’s leading research and advisory company and a member of the S&P 500. We equip business leaders with indispensable insights, advice and tools to achieve their mission-critical priorities today and build the successful organizations of tomorrow.

Our unmatched combination of expert-led, practitioner-sourced and data-driven research steers clients toward the right decisions on the issues that matter most. We are a trusted advisor and an objective resource for more than 14,000 enterprises in more than 100 countries — across all major functions, in every industry and enterprise size.

To learn more about how we help decision makers fuel the future of business, visit gartner.com.