Security at the Speed of Digital Business

Digital business is transforming the principles of security management.

The digital explosion is reshaping organizational security and risk management. Mobile, cloud computing, social networking and the Internet of Things are just some of the factors driving this transformation.

Enterprises able to reap the benefits of digital tools and platforms will see a sustained competitive advantage over time; those unable to do so could experience a decline in their competitive ranking as early as 2017.

“This reality challenges the status quo in information risk and security management. Many conventions and technologies on which risk and security practices have been based do not scale in the new reality,” warns Tom Scholtz, research vice president and Gartner Fellow.

“IT risk and information security leaders must assess and transform their programs to become digital business enablers rather than obstacles to innovation,” Mr. Scholtz said. “Organizations that are able to successfully establish an ecosystem that balances protecting and growing the business will remain competitive and in a position to address cybersecurity threats.”

The CIO Executive Communication Guide

Speak the language of the C-suite to communicate the business value of IT

Get free e-book

Digital business is pushing the environment for protecting data and infrastructure into the physical world, merging functions focused on data and information with those that make actual changes to people and their surrounding environments.

“Protecting information alone isn’t enough, and ensuring the confidentiality, integrity and availability of that information isn’t enough,” says Scholtz. “Risk and cybersecurity leaders must now assume the responsibility of providing safety for both people and their environments.”

Perfect protection is impossible

Most conventional security efforts and products have traditionally focused on blocking and prevention techniques (such as antivirus), as well as on policy-based controls (firewalls, etc.) to block threats.

Protecting information alone isn’t enough, and ensuring the confidentiality, integrity and availability of that information isn’t enough

But a foolproof defense is impossible. Advanced targeted attacks are easily bypassing traditional firewalls and signature-based prevention mechanisms. All organizations should now assume that they are in a state of continuous compromise. However, they may mistakenly believe that 100% prevention is possible. Many have become overly reliant on blocking-based and signature-based mechanisms for protection. As a result, most enterprises have limited capabilities to detect and respond to breaches when they inevitably occur, resulting in longer dwell times and increased damage.

 To enable a comprehensive, adaptive security protection architecture, we believe that these 12 specific capabilities are necessary to augment the ability to block and prevent attacks, as well as detect and respond to attacks:

Security_12steps

 

 

Tom Scholtz

Read complimentary research: Managing Risk and Security at the Speed of Digital Business, by Tom Scholtz, et al.

Watch the webinar: The New Risks of Digital Business.

 

Get Smarter

Gartner Security & Risk Management Summits

Attend a global Gartner Security & Risk Management Summits.

Explore Gartner Events

Top 10 Strategic Technology Trends for 2019

Strategic technology trends have the potential to drive significant disruption and deliver significant opportunity. Enterprise architecture...

Read Free Research

Webinars

Get actionable advice in 60 minutes from the world's most respected experts. Keep pace with the latest issues that impact business.

Start Watching