Security at the Speed of Digital Business

April 21, 2016

Contributor: Christy Pettey

Digital business is transforming the principles of security management.

The digital explosion is reshaping organizational security and risk management. Mobile, cloud computing, social networking and the Internet of Things are just some of the factors driving this transformation.

Enterprises able to reap the benefits of digital tools and platforms will see a sustained competitive advantage over time; those unable to do so could experience a decline in their competitive ranking as early as 2017.

Watch webinar: The New Risks of Digital Business

“This reality challenges the status quo in information risk and security management. Many conventions and technologies on which risk and security practices have been based do not scale in the new reality,” warns Tom Scholtz, research vice president and Gartner Fellow.

“IT risk and information security leaders must assess and transform their programs to become digital business enablers rather than obstacles to innovation,” Mr. Scholtz said. “Organizations that are able to successfully establish an ecosystem that balances protecting and growing the business will remain competitive and in a position to address cybersecurity threats.”

Digital business is pushing the environment for protecting data and infrastructure into the physical world, merging functions focused on data and information with those that make actual changes to people and their surrounding environments.

“Protecting information alone isn't enough, and ensuring the confidentiality, integrity and availability of that information isn't enough,” says Scholtz. “Risk and cybersecurity leaders must now assume the responsibility of providing safety for both people and their environments.”

Perfect protection is impossible

Most conventional security efforts and products have traditionally focused on blocking and prevention techniques (such as antivirus), as well as on policy-based controls (firewalls, etc.) to block threats.

“ Protecting information alone isn't enough, and ensuring the confidentiality, integrity and availability of that information isn't enough”

But a foolproof defense is impossible. Advanced targeted attacks are easily bypassing traditional firewalls and signature-based prevention mechanisms. All organizations should now assume that they are in a state of continuous compromise. However, they may mistakenly believe that 100% prevention is possible. Many have become overly reliant on blocking-based and signature-based mechanisms for protection. As a result, most enterprises have limited capabilities to detect and respond to breaches when they inevitably occur, resulting in longer dwell times and increased damage.  

To enable a comprehensive, adaptive security protection architecture, we believe that these 12 specific capabilities are necessary to augment the ability to block and prevent attacks, as well as detect and respond to attacks:

Gartner Outlines Twelve Critical Capabilities for Adaptive Security Architecture    

Gartner Security & Risk Management Summit

Connect with the world’s leading security and risk management leaders with Gartner experts to establish an agile security program and deliver business value.