Mumbai, India, February 27, 2024

Gartner Security & Risk Management Summit 2024 India: Day 2 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summi t, taking place this week in India. Below is a collection of the key announcements and insights coming out of the conference. You can read the highlights from Day 1 here.

On Day 2 from the conference, we are discussing how to connect business value with identity management, sharing ways to reduce security and compliance risks through AI-generated code, as well as exploring strategies for managing AI trust, risk, and security in organizations. Be sure to check this page throughout the day for updates.

Key Announcements

Gartner Forecasts Security and Risk Management Spending in India to Grow 12% in 2024

How to Mitigate Security and Compliance Risks With AI-Generated Code

Presented by Manjunath Bhat, VP Analyst, Gartner

Generative artificial intelligence (GenAI) coding assistants are poised to fundamentally alter the way software engineers build applications. However, security and compliance risks can hinder their legitimate use and create the need for new compensating controls. In this session, Manjunath Bhat, VP Analyst at Gartner, shared ways to mitigate the risks associated with AI coding assistants.

Key Takeaways

“AI coding assistants enable developers to code faster and focus on high-value activities, boosting developer productivity and developer experience.”

The top five risks associated with AI coding assistants are:

- Vulnerable output

- Intellectual Property (IP) violation

- Training data poisoning

- Sensitive data leakage

- Adversarial prompting

By 2026, 40% of development organizations will use AI-based autoremediation of insecure code from application security testing (AST) vendors as a default, up from less than 5% in 2023. “Large language models (LLMs) have the potential to convert security jargon into a more comprehensible format, resulting in a better understanding of the issue and a more efficient solution.”
“Branch protection policies are one of the best ways to ensure that developers don’t accidentally bypass the checks and balances in place.”
“Enterprises must create an AI coding usage policy guideline document that enables consistent use of policy across the organization.”

It’s not too late to join the conference!

Don't Let Your AI Control You: Manage AI Trust, Risk and Security

Presented by Dale Gardner, Senior Director Analyst, Gartner

AI creates new risks and security threats within organizations, but AI teams often perceive risk differently than security teams. In this session, Dale Gardner, Senior Director Analyst at Gartner, explained how organizations can manage AI trust, risk and security collaboratively and consistently.

Key Takeaways

“Compromises and attacks span all stages of the AI life cycle, including data poisoning, privacy concerns, model outcome manipulation, and model or data misuse, compromise or theft.”
“There are two common misperceptions about AI security threats. Most AI attacks only happen by outsiders, so we don't have to look inside, and most AI attacks are complicated, so let's not sweat the small stuff.”
“CISOs and AI teams perceive risk coming from AI differently. AI teams think AI risk is more likely to materialize and are more concerned about AI risk overall. It's not every day that someone is more concerned about information risk than the security team.”
“AI trust, risk and security (TRiSM) helps ensure governance, trustworthiness, fairness, reliability, privacy, security and compliance of AI solutions, turning unmanaged risks into managed risks.”
“By 2026, organizations that apply TRiSM controls to their AI applications will consume at least 50% less inaccurate or illegitimate information that leads to faulty decision making.”

Connect Business Value and Identity Management

Presented by Abhyuday Data, Director Analyst, Gartner

Leaders responsible for identity and access management (IAM) generally focus on the technical benefits of an IAM solution rather than its impact on the organization's goals and objectives. They are unaccustomed to recognizing and accommodating the influence IAM has on business outcomes or associating IAM with environmental, organizational or social change. In this session, Abhyuday Data, Director Analyst at Gartner, discussed strategies for security leaders to ensure that IAM enables the organization to deliver business value and minimize risk.

Key Takeaways

“Translating common IT metrics into specific statements of business value will enhance the credibility of the IAM team and its impact on the entire organization.”
“IAM leaders must connect identity with risk and business outcomes by using ODMs (outcome driven metrics). Decisions should be made collaboratively once risks and opportunities are identified.”
“ODMs present a clear view of protection levels. Security leaders have the option to invest directly to enhance the level of protection and reduce risks, or they can choose to save money and accept a lower level of protection with higher risk.”
“Protection level agreements (PLAs) and ODMs are simple ways to communicate a very important message that impacts the whole organization. IAM leaders can now have real conversations when it comes to prioritizing the work of their IAM team.”
“Gartner recommends forming IAM fusion teams because identity is more distributed than ever, and it is embedded into every organizational process.”

View coverage from Day 1

This is a wrap for this week's conference. See you next year!

About Gartner

Gartner, Inc. (NYSE: IT) delivers actionable, objective insight that drives smarter decisions and stronger performance on an organization’s mission-critical priorities. To learn more, visit gartner.com.