Gartner Keynote: Building Trust and Resilience for Digital Business

Security professional must lead their business colleagues to understand and mitigate digital business risks.

Picture the scene: a car accident on a long country road. In the mock television advertisement for the fictitious “Connected Insurance” company that opened the keynote at Gartner Security and Risk Management Summit 2016 in National Harbor, MD, the driver was assisted by an interconnected mesh of services thanks to digital business. Her car alerted emergency personnel, towing services, her family and coworkers. Yet, how can these systems be trusted and will the driver’s data be secure?

“When a company promises to deliver the value of digital business to consumers, security professionals may be absent from critical conversations about protecting the enterprise and its customers,” notes Peter Firstbrook, research vice president at Gartner.

“Will you be in the boardroom and at the table when the tricky risk decisions are made?” he asks.

Gartner analysts Peter Firstbrook and Felix Gaehtgens discuss the major security tasks for organizations to mitigate risk.
Gartner analysts Peter Firstbrook and Felix Gaehtgens discuss the major security tasks for organizations to mitigate risk.

“Digital business” is defined as the creation of new business designs by blurring the physical and digital world. In previous business models, including e-commerce, people were the primary driver of transactions. But, In the future, “things” will be transaction drivers. Sensors and actuators will interact with people and other things creating meshed relationships.

By 2020, 60% of digital businesses will suffer major service failures due to the inability of security teams to manage digital risk.

Moving forward, numerous enterprises across industries will need to integrate into a digital business system. Those that don’t build their own system may get pulled into a system by one of their partners.

Gartner predicts that by 2020, 60% of digital businesses will suffer major service failures due to the inability of security teams to manage digital risk.

For Connected Insurance, that could result in brand and reputation damage, fraud and legal liability.

To mitigate these risks, security professionals must add value to the digital business planning team to help them build resilience. This begins an assessment of the business risk and the technical and procedural controls to minimize that risk.

Read related article: The Six Principles of Resilience to Manage Digital Security

Help the business mitigate risk

Keep in mind that the business needs a prioritized discussion of risk that highlights those areas that are mission critical and the range of impact they might have on business objectives. “We need to show them big ticket items and not a laundry list in a teeny tiny font,” says Jeffrey Wheatman, research director at Gartner.

“Simply stated, business leaders have a language with which they are comfortable and if we want to persuade them we need to use their language, not ours,” he says. In other words, use lexicon that is more familiar to the business around concepts such as brand, customer safety, liability, compliance, financial, and strategy.

To do that, security professionals must:

  • Understand the organization’s goals,
  • Identify the risk within those goals,
  • Quantify/qualify those risks,
  • Communicate them to internal “customers” in terms they understand and
  • Help them make decisions about how to treat the risks in an appropriate manner.

The CIO Executive Communication Guide

Speak the language of the C-suite to communicate the business value of IT

Get free e-book

The new microtrust platform

As organizations bring multiple parties together into a networked ecosystem, how can they determine the trustworthiness of new providers? Each of the entities in the Connected Insurance example (emergency services, police, auto repair shop, etc.) acts as its own microtrust platform and must establish trust through its behavior and context relative to the other providers. The towing truck needs geolocation to know where to go, as will the cab or the rental car that is to be delivered.

We need a standardized way for one party to access data on behalf of another party in a controlled and secure manner.

“We need a standardized way for one party to access data on behalf of another party – in a controlled and secure manner,” says Felix Gaehtgens, research director at Gartner. He noted the need to broker trust in a digital business mesh and allow others to broker their own digital mesh. Trust requires adaptive access control in which business moments, such as a car accident, require exchange of data on a temporary, need-to-know basis.

Gaehtgens describes the Trustable Application Overlay architecture or TAO strategy, which assumes a level of distrust in infrastructure but still securely delivers digital services.

“Security teams need to collaborate with developers to embed security functions into digital business,” he says.

Get Smarter

Gartner Security & Risk Management Summits

The latest insights on IT trends, evolving security tech and the ever-changing threat landscape.

Explore Gartner Conferences

Shift From Managing Risk and Security to Enabling Value Creation: SRM Leaders’ New Imperative

The moment has arrived for security and risk management leaders to act decisively to safeguard and support business objectives.

Read Free Gartner Research

Webinars

Get actionable advice in 60 minutes from the world's most respected experts. Keep pace with the latest issues that impact business.

Start Watching