Gartner Security & Risk Management Summit 2024 National Harbor: Day 3 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in National Harbor, Maryland. Below is a collection of the key announcements and insights coming out of the conference.

On Day 3 from the conference, we are highlighting zero trust and endpoint security, building quantum resiliency and securing GenAI applications. Be sure to check this page throughout the day for updates.

• Gartner Identifies Three Areas for CISOs to Augment Their Cybersecurity Approach
• The Expanding Enterprise Investment in Cloud Security

Presented by Chris Silva, VP Analyst, Gartner

The primary goal of zero trust is to reduce exposure by optimizing an organization’s risk posture. In this session, Chris Silva, VP Analyst at Gartner, discussed how to apply a zero-trust framework on an endpoint to strengthen endpoint security. 

• “By 2026, the number of large enterprises will have matured and the measurable zero trust program will grow 10X.”
  
• “Endpoint security is one of the key pillars of an overall zero trust strategy in an organization.” 
  
• “Endpoints are more vulnerable in remote working environments and become a larger attack surface.” 
  
• “Credential theft and misuse is very prevalent today. It’s so prevalent that it’s become the primary attack vector.”
  
• “Zero trust cannot solve all security challenges. Therefore, it is important to combine zero trust with detection and response strategies to reduce the overall risk the organization is trying to solve for.”
  

Presented by Mark Horvath, VP Analyst, Gartner

We are rapidly entering the age of usable quantum computing, and it's an increasing threat to existing methods of encryption, privacy and data security. In this session, Mark Horvath, VP Analyst at Gartner, explained how to build  resilience into data security programs to protect against existing and future developments of quantum computing.

• “There are many different quantum systems available from cryogenic gate models to Atom-computing photonic quantum systems.” 

• “Quantum computing is a type of non-classical computing that operates on the quantum state of subatomic particles that represent information called qubits.”

• “The quantum computing market has several quantum service providers that specialize in identifying use cases and developing quantum algorithms.”

• “Create and maintain a metadata database of all your cryptography.” 

• “Crypto-agility can fit into existing DevOps processes. Existing staff can code, test deploy and run new algorithms as part of their existing software development cycle.”

Presented by Avivah Litan, Distinguished VP Analyst, Gartner

AI applications add new attack surfaces and steps in the application development life cycle, requiring dedicated and new security practices. In this session, Avivah Litan, Distinguished VP Analyst at Gartner, discussed how to secure AI and generative AI (GenAI) applications, as well as how Gartner’s AI Trust, Risk and Security Management (AI TRiSM) can prevent AI failures.

• “Securing AI applications requires handling many potential attack surfaces.” 

• “Differentiate hybrid development models, such as frontend wrapping (e.g. prompt engineering), from GenAI applications, including in-house model design.” 

• “Data security is an entire field of work. The best data security practice is to avoid using the data. If not, ensuring data confidentiality and integrity will require technologies and processes.” 

• “Only expose data that is necessary. This is done at the application design phase and requires good collaboration with the data & analytics and other AI teams.”

• “If attackers can access your application through known and proven techniques, they’ll use them. This is why you’ll see many ‘AI breaches’ leveraging attack surfaces that are not AI specific.” 

• “Upskill your security champions as soon as training on secure GenAI coding is available.”