Conference Updates

March 08, 2022

Gartner Security & Risk Management Summit India: Day 2 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week virtually in India. Below is a collection of the key announcements and insights coming out of the conference.

On Day 2 from the conference, we are highlighting how to create cloud security guidelines, the outlook for endpoint and mobile security and how to prepare for cyber-physical threats.


Key Announcements

Taming the Legal Beast - What Every CISO Should Know About Vendor Risks and Agile Cloud Contracting

Presented by Stephanie Stoudt-Hansen, VP Analyst, Gartner

Cloud contracting requires due diligence from pre-contract vetting to monitoring ongoing activities. In this session, Stephanie Stoudt-Hansen, Vice President Analyst at Gartner, discussed how to create cloud security guidelines, address security risks in the contract and ongoing vendor risk management. 

Key Takeaways

  • “There are four key steps to create a holistic view of any security program - 1) create a team and assess the risks, 2) develop processes, 3) analyze contract portfolios and 4) develop risk management programs.”

  • “Security leaders should first assess their own teams, then the contracts and finally move to understanding what is required in the cloud environment to manage risks.”

  • “Understand what the cloud delivery model entails and what are the different types of risks that it can lead to.”

  • “SLAs and contracts are one of the most preferred risk mitigation strategies.”

  • “In any cloud contract there are three important points to consider - 1) definition of security, 2) security clauses and 3) actual terms of the contract.”

  • “Most tier 1 cloud providers come up with their own clauses,so understanding the maturity of cloud providers is critical.”

  • “Monitor and manage vendor risks by looking at a vendor’s financial, operational, and compliance data and if there is a change, you can adjust your contract.

Outlook for Endpoint and Mobile Security

Presented by Patrick Hevesi, VP Analyst, Gartner

Endpoints continue to multiply and connect from anywhere meaning security leaders need to protect more devices than ever before. In this session, Patrick Hevesi, Vice President Analyst at Gartner, highlighted the trends of attack, new hardware and software security solutions, and how to build a strong defense on devices.

Key Takeaways

  • “We are surrounded by endpoints - tablets, mobile devices, laptops, etc. We cannot be 100% sure that one of these endpoints is not compromised.”
  • “Currently there are three types of endpoint attacks that attackers are using  1) ransomware, 2) LOLBin attacks and 3) credential compromise.”

  • “The majority of recent cyber attacks have some kind of malware tied to them.”

  • “Unified endpoint management (UEM) are not security tools, they can be used to only manage your endpoint devices.”

  • “UEM is the future of endpoint management. In the long term, UEM will be a single point of control for configurations and updates.”

  • “Ransomware protection is critical for both traditional endpoints and mobile endpoints.”

  • “Don’t assume that because you have a secure email gateway your mobile device is completely secure.”

  • “Security vendors continue to innovate how they can provide maximum protection to the data that they host on a daily basis.”

Facing New Threats — Cyber-Physical Systems

Presented by Katell Thielemann, VP Analyst, Gartner

Cyber-physical systems could have a wide range of impacts, from mere annoyance to loss of life. Katell Thielemann, Vice President Analyst at Gartner, shared an overview of current and emerging threats specific to cyber-physical systems (CPS) and how CPS changes an organization’s threat environment.

Key Takeaways

  • “The new world reality is cyber-physical, as people, assets and technology increasingly combine due to macro trends driven by demographics, economics or geopolitics.”

  • “The next two decades will continue to merge the real and digital world.”

  • “Evolution of CPS is uneven.” 

  • “CPS is emerging in all kinds of industries, in all kinds of use cases - they can be called greenfield CPS. This includes precision agriculture, autonomous vehicles or personalized medicine.”

  • “CPS are foundational to digital societies. It will be increasingly true in the future.”

  • “CPS challenges traditional security concepts. Unlike IT systems where data is at the center, it is not the same for CPS as they capture real life information.”

  • “Privacy, safety and reliability, and in some instances survivability, are unique aspects of CPS that need to be considered.”

  • “Attacks on CPS can become existential threats. This is because CPS lives where your business value is created. They hold the most important information such as IPs, proprietary information, etc.”

  • “CPS exponentially extends the risk envelope.”

It’s not too late to join the conference!

About Gartner

Gartner, Inc. (NYSE: IT) delivers actionable, objective insight to executives and their teams. Our expert guidance and tools enable faster, smarter decisions and stronger performance on an organization’s mission-critical priorities. To learn more, visit


It's not too late to join the conference

Latest Releases