We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week virtually in APAC. Below is a collection of key insights coming out of the conference.
On Day 1 of the conference, we are highlighting the Gartner opening keynote, how to gain support for your security awareness program, and how to build an information security workforce strategy. Be sure to check this page throughout the day for updates.
Presented by Peter Firstbrook, VP Analyst, Gartner
In the Gartner keynote presentation, Peter Firstbrook, VP Analyst at Gartner, discussed the top trends in security and risk management for 2021, highlighting ongoing strategic shifts in the security ecosystem that aren’t yet widely recognized, but are expected to have broad industry impact and significant potential for disruption.
Trend No. 1: Remote work is just work. “Gartner surveys indicate many employees will continue to work from home post COVID-19. We need to classify users by the type of data they use, not by location, move endpoint protection to cloud delivered services and revisit your policies for disaster recovery and backup to make sure they still work for a remote environment.”
Trend No. 2: The cybersecurity mesh. “This approach to security architecture is emerging to secure distributed digital assets as users move out of the office and applications move to the cloud. It allows security services such as identity, analytics and policy management controls to be used across different silos.”
Trend No. 3: Boards are adding cybersecurity expertise. “Board directors rate cybersecurity the second-highest source of risk for the enterprise after regulatory compliance, leading them to create dedicated cybersecurity committees led by a board member with security experience or a third-party consultant.”
Trend No. 4: Security product consolidation. “CISOs are keen to consolidate the number of security products and vendors they deal with, to improve integration, lower TCO and make it easier to properly configure security solutions, improving the risk posture of the organization.”
Other top security and risk trends for 2021 include identity first security, machine identity management, breach and attack simulation tools, and privacy enhancing computation techniques.
Learn more about these top trends in the press release.
Presented by Richard Addiscott, Senior Director Analyst, Gartner
Securing investment from executives for a security awareness program depends on persuasive justification and strong negotiation skills. Support can be dismissed or deprioritized as larger projects compete for attention. In this session, Richard Addiscott, Senior Director Analyst at Gartner, discussed three ways that will help you gain organizational support for your program.
“Lack of executive support for your security awareness program can have a significant impact on your security team’s ability to get penetration with their key messages across the organization.”
“You need to make a clear link between what you’re trying to achieve and the objectives of your business audience and organization.”
“Provide specific examples of recent events to help build out the messages in your story; whether about your company, competitors, current events or other industry reports.”
“Use measurable data to get your message across. Having quantifiable data points is key to articulating the effectiveness of your program and speaking in the language the audience understands.”
“Knowing how to tell a story well can be a critical determinant of how well your message about security awareness is received, understood and, ideally, endorsed.”
Presented by Beth Schumaecker, Senior Director, Advisory, Gartner
Supporting the business during the digital era requires information security staff to possess a much more diverse set of skills than in the past. In this session, Beth Schumaecker, Senior Director, Advisory at Gartner, outlined the skills and competencies needed for success.
“It’s important to build a security workforce strategy in the context of where you're headed and how future talent needs will support your business strategy, not a short-term talent forecast.”
“Engage regularly with business partners to discuss their business priorities and objectives, rather than your security priorities. A security-focused conversation might miss the bigger picture and limit the view of current and future talent needs.”
“Diagnose security talent gaps by analyzing business strategy and taking a comprehensive view of the security skill portfolio.”
“There are many strategies to address talent risks, including upskilling, reskilling, work rotations, outsourcing and redesigning work. Good workforce planning means figuring out which of these strategies you want to incorporate.”
Gartner, Inc. (NYSE: IT) delivers actionable, objective insight to executives and their teams. Our expert guidance and tools enable faster, smarter decisions and stronger performance on an organization’s mission-critical priorities. To learn more, visit gartner.com.
Susan Moore
Gartner
susan.moore@gartner.com
