The Gartner benchmark validated that we were receiving competitive pricing for the service levels we expected. The benchmark was useful in paving the way for our contract extension.
Michael Gold
Director, European Services, Amway (Germany)
Gartner Consulting | FOR YOUR IT ROLE

Gartner Consulting engagements are relevant to the role you play in the IT landscape.

Security & Risk Management

Protecting information confidentiality is a critical security objective for every organization. Starting with a good understanding of the business, an organization must weave IT security and IT risk management into the executive levels of business planning. IT security objectives must be defined for the organization as a whole and fall within the following categories: integrity, availability, confidentiality, use control and accountability. The objectives provide the criteria used to determine whether the architecture is appropriate for the given task. Gartner has an established methodology for assessing and developing comprehensive IT security architectures and deployment strategies, including identity and access management (IAM) architectures. Our focus is on people, processes and technology, including benchmarking your IT security strategy and cost models.


We understand the key issues you are facing.
  • Sensitive data loss prevention is one of the key areas of focus in light of industry and government regulations and the potential for large-scale negative publicity.
  • A proper business case with financial analysis is necessary to spearhead and fund an IT security or IAM project successfully.
  • Outmoded user account management and access controls constrict your ability to know and restrict who has access to what.
  • Governance frameworks for IT security and IAM are necessary to be successful over the longer term.
  • Vendor hype and vaporware leads to paralysis by analysis, FUD or the implementation of the wrong set of solutions.


We have the data, tools and capabilities to help
  • Seasoned experts who apply best practices, business models and proven technologies to solve today�s most pressing IT security challenges
  • In-depth methodologies for assessing and developing the right strategy and architecture for your company in your specific industry
  • Workshop and training offerings to educate stakeholders and arm them with the information necessary to make key organizational, process and architecture decisions
  • Cost, price and process benchmarks to compare your IT security strategy and performance to industry peers
  • Architecture and vendor recommendations for provisioning, access control, roles, single sign-on, identity data integration, audit and certificate management
  • Assessment and recommendations for IT security management, policy, standards and procedures, legal considerations, encryption usage, training and education, security awareness, organizational issues, documentation, protection audit, protection testing, technical safeguards, personnel issues, physical security, incident response