Gartner Security & Risk Management Summit 2024 National Harbor: Day 2 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in National Harbor, Maryland. Below is a collection of the key announcements and insights coming out of the conference.

On Day 2 from the conference, we are highlighting the impact of GenAI on CISOs, securing edge computing, as well as the outlooks for network security and cloud security. Be sure to check this page throughout the day for updates.

• Gartner Identifies Three Areas for CISOs to Augment Their Cybersecurity Approach

Presented by Jeremy D'Hoinne, VP Analyst, Gartner

Both cybersecurity providers and attackers have started to leverage generative AI (GenAI). In this session, Jeremy D'Hoinne, VP Analyst at Gartner, discussed the various impacts of GenAI on chief information security officers (CISOs).

• “Securing how employees use GenAI applications with, or without telling their organizations about it, was the first and most pressing challenge.” 
  
• “It is important to state that models are not smart. Anthropomorphism hinders our understanding of these AI systems, and it is important when we evaluate them for cybersecurity.”
  
• “Malicious cyber actors have begun testing the capabilities of AI-developed malware and AI-assisted software development—technologies that have the potential to enable larger scale, faster, efficient, and more evasive cyber attacks.”
  
• “Focus on deepfakes generated by GenAI and social engineering as urgent problems to solve.”
  
• “Experiment with GenAI cybersecurity assistants to augment, not replace staff.”
  

Presented by Neil MacDonald, Distinguished VP Analyst, Gartner

Securing edge computing requires a mashup of technologies and approaches that incorporates elements of mobile security, data center security, workload security, application security and access security. In this session, Neil MacDonald, Distinguished VP Analyst at Gartner, discussed a multilayered strategy for a “zero trust edge.”

• “Edge computing describes a distributed computing topology in which data storage and processing are placed in optimal locations relative to the location of data creation and use.”

• “Zero trust is a security paradigm that replaces implicit trust with continuously assessed explicit risk/trust levels based on identity and context supported by security infrastructure that adapts to risk-optimize the organization’s security posture.”

• “To secure edge computing, you must use a blended approach of branch security, workload security, device security and access security.”

• “Edge security strategies must address hardware and software supply chain security.”

Presented by John Watts, VP Analyst, Gartner

With the growing complexity of networks and network security architecture and evolving use cases, network security teams are facing a constant challenge of how to secure these dynamic environments which are not behind the perimeter anymore. In this session, John Watts, VP Analyst at Gartner, discussed what is impacting network security and how to evolve with them.

• Gartner predicts that by 2025, over 50% of network firewall deployments will involve more than two deployment factors for the same vendor - up from less than 10% in 2023.

• “There are many organizational drivers for network security, including consolidation from both vendors and customers, a shift to hybrid environments, and zero trust strategies impacting networking.”

• “As the networks are evolving, we must evolve our approach to secure it. Focus on areas which were not paid much importance before, such as API security, and improve the existing controls to embrace consolidation and integration.”

• “The top three challenges of network security include the convergence of teams, network segmentation and securing remote access.”

Presented by Richard Bartley, VP Analyst, Gartner

Cloud security remains a top priority for the enterprise as it continues to adopt evolving product types. In this session, Richard Bartley, VP Analyst at Gartner, discussed key issues chief information security officers (CISOs) must address when it comes to the latest cloud security trends.

• “In the cloud, security outcomes are the same as on-premises. However, the approach to addressing risks is likely different. Core policy goals remain the same. However, how you address cloud risks may be radically different and require significant changes for security and supporting tooling.”

• “CISOs can get several things wrong with cloud security, including not working with the CIO to build security into platform engineering/DevOps, as well as bottleneck development pipelines with old security processes.”

• “Address visibility, misconfiguration and privileged activity with security tooling for each cloud deployment. Use native security controls, and augment with third-party vendor capabilities where required.”

• “Establish a cloud security governance capability including appropriate forums and councils, provider-agnostic policies, and outcome-driven metrics, for enhanced asset protection and overall security posture.” 

• “Collaborate with engineering teams to make production infrastructure immutable, with the only paths to change being via infrastructure, and as policy-as-code changes being pushed to runtime.”

• “Transfer, readapt and rethink existing skills to support cloud security architecture by being open-minded to new ways of implementing security.”