The digital explosion is reshaping organizational security and risk management. Mobile, cloud computing, social networking and the Internet of Things are just some of the factors driving this transformation.
Enterprises able to reap the benefits of digital tools and platforms will see a sustained competitive advantage over time; those unable to do so could experience a decline in their competitive ranking as early as 2017.
“This reality challenges the status quo in information risk and security management. Many conventions and technologies on which risk and security practices have been based do not scale in the new reality,” warns Tom Scholtz, research vice president and Gartner Fellow.
“IT risk and information security leaders must assess and transform their programs to become digital business enablers rather than obstacles to innovation,” Mr. Scholtz said. “Organizations that are able to successfully establish an ecosystem that balances protecting and growing the business will remain competitive and in a position to address cybersecurity threats.”
Digital business is pushing the environment for protecting data and infrastructure into the physical world, merging functions focused on data and information with those that make actual changes to people and their surrounding environments.
“Protecting information alone isn’t enough, and ensuring the confidentiality, integrity and availability of that information isn’t enough,” says Scholtz. “Risk and cybersecurity leaders must now assume the responsibility of providing safety for both people and their environments.”
Perfect protection is impossible
Most conventional security efforts and products have traditionally focused on blocking and prevention techniques (such as antivirus), as well as on policy-based controls (firewalls, etc.) to block threats.
Protecting information alone isn’t enough, and ensuring the confidentiality, integrity and availability of that information isn’t enough
But a foolproof defense is impossible. Advanced targeted attacks are easily bypassing traditional firewalls and signature-based prevention mechanisms. All organizations should now assume that they are in a state of continuous compromise. However, they may mistakenly believe that 100% prevention is possible. Many have become overly reliant on blocking-based and signature-based mechanisms for protection. As a result, most enterprises have limited capabilities to detect and respond to breaches when they inevitably occur, resulting in longer dwell times and increased damage.
To enable a comprehensive, adaptive security protection architecture, we believe that these 12 specific capabilities are necessary to augment the ability to block and prevent attacks, as well as detect and respond to attacks: