June 13, 2017
June 13, 2017
Contributor: Kasey Panetta
How AI, automation, and cloud visibility will shape the future of IT security.
While automation and artificial intelligence (AI) offer endless possibilities for digital business, they also create complexities. The 2017 Gartner security predictions highlight potential business benefits, such as faster, better penetration tests. But they also showcase the potential dangers of automation when it comes to real-life safety incidents. One thing is clear, enterprises need to be prepared for a complex, connected future.
Explore the latest: Gartner Predicts for the Future of Privacy 2020
Rob McMillan, research director, presented the security predictions during the Gartner Security & Risk Management Summit 2017 in National Harbor, Md. Gartner predictions are designed to help organizations prepare for the future and identify where they might need help tomorrow.
Airlines lose more time to outages and have more operations interruptions due to IT than due to the weather. Part of the reason is that emerging ecosystems means more interdependencies so a failure cascades and recovery must also cascade. Automation is tailor-made for identifying where the failures might be, where they might be felt, and to build strategies for recovery. To get the business buy-in, link the security failure to the business impact.
It’s easy to get caught up in the notion of zero-day attack, but the vast majority of attacks that are successful exploit well-known vulnerabilities. Zero-day attacks are what people tend to worry about, but it’s not a typical case. It’s important that security teams combat existing vulnerabilities and ensure basic security is effective.
Penetration testing today utilizes some level of automation, but still has a high degree of human involvement. However, machine learning has evolved to real-life applications. This means penetration tests can be done at the speed of a machine instead of being restricted to the rate of thinking a human offer.
This prediction is tied to connecting security outcomes to business outcomes and applying value to the work of the security teams in terms of mitigating risk and enabling business function. When protecting data, it becomes a question of net value of the date compared with the cost of protection. What’s the value the data has to the organization, what’s the cost of protecting that data and is it viable? Look at the the investment and potential liabilities and make the decisions.
A temporary loss of power from a failed power grid is inconvenient, a loss of control by an automated medical device administering a drug could be dangerous. It is easy to imagine a scenario that an IT failure could have a physical safety outcome. The increasing complexities of connections means things and infrastructure with different levels of security are now interacting. It will be difficult to predict the risk that will arise.
Adding telemetry to cloud workloads will be important to manage security failures. Even if the vendor is safe, telemetry and documented testing will allow security teams to show the business proof the cloud is working and is safe. Telemetry allows organizations to see the danger signs and allow for a quick--and possibly preventative--response.
Boards are now taking a greater interest in security and risk. This means there is a greater onus on security to translate the work they’re doing into a business context. Without the communication there is a misalignment between security and what’s going on in the rest of the organization .This is when you see the rise of things like shadow IT. With the alignment, the organization will stand or fall together, putting them in a better position than those who are siloed.
Join your peers for the unveiling of the latest insights at Gartner conferences.
Recommended resources for Gartner clients*:
*Note that some documents may not be available to all Gartner clients.