Eight top trends in security and risk management

With the slowdown in global economic growth, the IT Risk Management Solutions industry has also suffered a certain impact. Still, it grew. And among the reasons for the growth is the difficulty of companies to reduce the security skills gap.

Other important challenges facing security and risk leaders in 2021 include the complex situation caused by the surge of Covid-19. The pandemic has exposed the vulnerabilities of a highly connected and interdependent world. At the same time it accelerated the digital transformation and provoked changes in social attitudes, it increased cyber risks, data privacy threats and resilience. From the risk management point of view, no scenario modeling or contingency plans were prepared to foresee something so disruptive and impacting, on a global scale.

Moving forward, what should be the major concerns of risk management teams? Which trends will have the greatest impact? Gartner bets on eight major ones. They are:

1 – Cybersecurity Mesh Architecture

Cybersecurity Mesh is a modern security approach that consists of deploying controls where they are most needed. Rather than running all security tools within a given silo, this approach allows tools to interoperate, providing basic security services, based on centralized management and orchestration policies. With many IT assets now outside traditional corporate perimeters, a cybersecurity mesh architecture allows organizations to extend security controls to assets distributed across the network.

2 – Identity-First Security

For a long time, companies have sought to give their users access, anytime, anywhere. Now, that is possible due to the materialization of the “identity as the new security perimeter” approach, which started to demand effective monitoring of authentication models.

The SolarWinds attack demonstrated that we are not doing a great job of managing and monitoring identities. Although a lot of money and time has been spent on multi-factor authentication, single sign-on and biometric authentication, little has been done to improve authentication monitoring.

3 – Remote is the new normal

According to Gartner’s CIO Agenda 2021 survey, 64% of employees in the nearly 2,000 participating companies are now able to work from home. Other consultancy studies indicate that at least 30-40% will continue to work from home in the coming months and years. For many organizations, this change requires a full reinitialization of appropriate security policies and tools for managing remote work. For example, endpoint protection services will need to migrate to protecting services delivered in the cloud. Security leaders will also need to review data protection, backup and disaster recovery policies to ensure that they still function in a remote environment.

4 – Cybersecurity experts added to the boards

According to the “2021 Board of Directors Survey” report, also from Gartner, directors assess cybersecurity as the second biggest source of risk for the company, after regulatory compliance. Because of that, most large companies have been setting up dedicated cybersecurity committees, usually led by a board member with security experience.

Gartner predicts that by 2025, 40% of boards will have a dedicated cybersecurity committee, overseen by a qualified board member. This rate is less than 10% today.

5 – Security product consolidation

In the “2020 CISO Effectiveness Survey”, Gartner found that 78% of participating CISOs maintained 16 or more tools in their cybersecurity providers portfolio; 12% had 46 or more. This large number of security products in organizations increases complexity, integration costs and personnel requirements. As a result, most IT departments plan to focus security efforts fewer vendors over the next three years.

“Having fewer security solutions can make it easier to configure them properly and respond to alerts, improving the security risk strategy of companies. However, buying a broader platform can have disadvantages in terms of cost and time to implement. We recommend focusing on TCO over time as a measure of success, ”says Peter Firstbrook, vice president of research at Gartner.

6 – Privacy enhancing computation

Computing techniques that enhance privacy are emerging to protect data while it is being used – as opposed to when it is at rest or on the move – to allow secure international data processing, sharing, transfers and analysis, even in unreliable environments. We’ve been seeing an increase in this sort of implementation in fraud analysis, business intelligence, data sharing, financial services (for example, combating money laundering), pharmaceuticals and healthcare.

By 2025, Gartner predicts that 50% of large organizations will adopt computing tools to increase data processing privacy in unreliable environments and in data analysis use cases.

7 – Breach & attack simulation tools

BAS (Breach and Attack Simulation) tools are emerging to provide ongoing defensive posture assessments, challenging the limited visibility provided by annual assessments, such as penetration testing. By including BAS as part of their regular safety assessments, CISOS can help their teams to more effectively identify gaps in their safety strategy, and more efficiently prioritize safety initiatives.

8 – Machine identity management

Machine Identity Management aims to establish and manage trust in the identity of a machine by interacting with other entities, such as devices, applications, cloud services or gateways. An increasing number of non-human entities are present in organizations today, which means that managing machine identities has become a vital part of the security strategy.