Conference Updates

March 24, 2021

Gartner Security & Risk Management Summit APAC: Day 2 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week virtually in APAC. Below is a collection of the key announcements and insights coming out of the conference. You can read the highlights from Day 1 here.

On Day 2 of the conference, we are highlighting Gartner's strategic vision for vulnerability management, the challenges of enabling users to access corporate resources in a post-COVID-19 world, and the latest developments in the privacy landscape.

Key Announcements

Gartner’s Strategic Vision for Vulnerability Management

Presented by Craig Lawson, VP Analyst, Gartner

Vulnerability management is a critical security process; however, many organizations have problems optimizing their programs to achieve desired results. In this session, Craig Lawson, VP Analyst at Gartner, discussed Gartner’s strategic vision for vulnerability management and provided practical guidance on how security leaders can bring this to life in their organizations.

Key Takeaways

  • “Vulnerability management is arguably the best proactive thing you could be doing in your security operations program.”

  • “One of the big changes you can make to your vulnerability program is to focus on the vulnerabilities that are being exploited in the wild. That should be the number one goal and will drive down the most risk, the fastest.”

  • “Don’t think about whether a vulnerability is exploitable or accessible across the network, or whether it is medium or critical ranked. What you want to know is if bad guys are using them.”

  • “Review your existing vulnerability assessment solutions and look for better prioritization. Make sure they support new assets like cloud, containers and IoT in your environment. If not, augment or replace the solution.”

  • “Patching isn’t everything. It’s hard, can break things and takes time. Have a plan B - you need more arrows in your quiver than patching.”

  • “If you do a better job of your vulnerability program, you drastically reduce your attack surface. It presents a much harder target for a threat actor to try to get an exploit working, and therefore, gain some leverage inside your environment. This is a big deal.”

It’s not too late to join the conference!

Solving the Challenges of Modern Remote Access in a Post-COVID-19 World

Presented by Rob Smith, Senior Director, Analyst, Gartner

No one was ready for the onslaught of remote workers that COVID-19 brought on. Rob Smith, Senior Director, Analyst at Gartner, discussed how remote access VPN became one of the most important technologies overnight, and how organizations can implement the right remote access solution for their users and operations.

Key Takeaways

  • “Remote access VPN is arguably the most important tech for security and infrastructure and operations today.” 

  • “With the onset of COVID-19, workers now need a VPN to ‘get into the office’.”

  • “The first step in brainstorming the best VPN technology for your organization is to define your use case along four key variables: 1) user, 2) device, 3) data and 4) location.”

  • “There is no one right approach to remote access - you have to understand the strengths and limitations of each solution.”

  • “Don’t use always-on VPN unless you absolutely have to.”

  • “For the paranoid security people, virtual desktop infrastructure (VDI) solutions are best. It prevents enterprise data from making it to devices, however poor end-user bandwidth is a caution for workers in disparate locations.”

  • “Classify the data that is important to your organization rather than trying to protect it all, and then pick the appropriate controls based on that classification.”

Outlook for Privacy 2021

Presented by Nader Henein, VP Analyst, Gartner

New privacy laws are being proposed, passed, or struck down on a monthly basis. Customer trust hinges on how organizations handle their data, as consumers are more than likely to go to the competition if they’re not satisfied. In this session, Nader Henein, research vice president at Gartner, said that privacy is not a one-off project but rather an ongoing program that is just getting started.

Key Takeaways

  • “Creating a strong privacy program means having an understanding of three things: 1) the current regulatory landscape, 2) the technology capabilities that support it and 3) the best practices that give control back to customers.”

  • “COVID-19 highlighted the maturity of the framework established by the General Data Protection Regulation (GDPR). This has made a noticeable difference to global privacy.”

  • “While it is important for organizations to start the privacy discovery process manually to get a feel for the complexity within their data, it becomes quickly evident that there is a need for automation to deliver scale.”

  • “One key success factor for a privacy program is the partnerships built with other organizational teams. Connect with your chief data officer (CDO) to understand what data is being used and how you can support them with privacy-preserving alternatives.” 

  • “Privacy is deeply personal.”

  • “As you gain control over the data you process and turn it back over to consumers, compliance is no longer just a goal. It becomes part of the ethical fabric of your business.”

  • “The pressure to transform has increased during the pandemic and trust is central in doing so: Through 2023, organizations that can instill digital trust will be able to participate in 50% more ecosystems to expand revenue-generating opportunities.”

    For a deeper dive on the Outlook for Privacy, check out the Gartner press release.

About Gartner

Gartner, Inc. (NYSE: IT) delivers actionable, objective insight to executives and their teams. Our expert guidance and tools enable faster, smarter decisions and stronger performance on an organization’s mission-critical priorities. To learn more, visit


It's not too late to join the conference

Latest Releases