Skip to main content

Solving IT Security and Risk Management Challenges

Business and technology leaders must address the key IT Security and Risk Management issues, as the COVID-19 pandemic impact accelerates demand for digital transformation, and creates new challenges for traditional cybersecurity practices.

"The first challenge is a skills gap. 80 percent of organizations tell us they have a hard time finding and hiring security professionals, and 71 percent say it’s impacting their ability to deliver security projects within their organizations," said Peter Firstbrook, vice president at Gartner.

Other key challenges facing IT security and risk leaders in 2021 include the complex geopolitical situation, increasing government regulations, the migration of workloads off traditional data networks, more endpoint device diversity, and a shifting cyber-attack environment.

The following trends are expected to have a significant potential for disruption.

Comprehensive IT Security Market Development

A cybersecurity mesh is a modern security approach that consists of deploying controls where they are most needed. Rather than every security tool running in a silo, a cybersecurity mesh enables tools to interoperate by providing foundational security services and centralized policy management and orchestration.

With many IT assets now outside traditional enterprise perimeters, a cybersecurity mesh architecture allows organizations to extend security controls to distributed assets.

For many years, the vision of access for any user, anytime, and from anywhere (often referred to as "identity as the new security perimeter") was an ideal. It has now become a reality due to technical and cultural shifts, coupled with a now majority remote workforce during COVID-19. 

Identity-first security puts the user's identity at the center of IT security design and demands a major shift from traditional local area network (LAN) edge design thinking.

According to Gartner's survey, 64 percent of employees are now able to work from home. Gartner findings indicate that at least 30-40 percent will continue to work from home post-COVID-19.

For many organizations, this shift to a distributed workforce requires a total reboot of policies and security tools suitable for the modern remote employee workspace.

For example, endpoint protection services will need to move to cloud-delivered services. Security leaders also need to revisit policies for data protection, disaster recovery, and backup to make sure they still work in a remote environment.

According to Gartner's survey, boards of directors rated cybersecurity the second-highest source of risk for the enterprise after regulatory compliance. Large enterprises are now beginning to create a dedicated cybersecurity committee at the board level, led by a board member with security expertise or a third-party consultant.

Gartner predicts that by 2025, 40 percent of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member; that's up from less than 10 percent today.

Gartner's survey found that 78 percent of CISOs have 16 or more tools in their cybersecurity vendor portfolio; 12 percent have 46 or more tools. A large number of IT security products in organizations increases complexity, integration costs and staffing requirements.

In a recent Gartner survey, 80 percent of IT organizations said they plan to reduce and consolidate security vendors over the next three years.

New privacy-enhancing computation techniques are emerging that protect data while it's being used -- as opposed to while it's at rest or in motion -- to enable secure data processing, sharing, cross-border transfers and analytics, even in untrusted environments. 

Privacy-related implementations are on the rise in fraud analysis, intelligence, data sharing, financial services (e.g. anti-money laundering), pharmaceuticals and healthcare sectors.

Gartner predicts that by 2025, 50 percent of large organizations will adopt privacy-enhancing computation for processing data in untrusted environments or multiparty data analytics use cases.

New breach and attack simulation (BAS) tools are emerging to provide continuous defensive posture assessments, challenging the limited visibility provided by annual point assessments like penetration testing.

When CISOs include BAS as a part of their regular security assessments, they can help their teams identify gaps in their IT security posture more effectively and prioritize security initiatives more efficiently.

Machine identity management aims to establish and manage trust in the identity of a machine interacting with other entities -- such as devices, applications, cloud services, or gateways.

Increased numbers of non-human entities are now present in organizations, which means managing machine identities has become a vital part of the IT security strategy.

Outlook for IT Security and Risk Management Growth

Most enterprise CISOs, and even CIOs, recognize that the lack of skilled and qualified security professional candidates will increase the ongoing demand for IT security vendor professional services. I believe that this trend is, by far, one of the most pervasive and the most compelling challenges.

Clearly, the other key challenge that must be resolved is the abundance of stand-alone IT security software tools that the typical enterprise organization has acquired over the last decade. The migration to comprehensive cloud-based security offerings is part of the solution to this known problem.

There's also a growing mandate for new Hybrid Services that support both on-premises data centers and multiple public cloud use cases. However, very few IT vendors appear to have the ability to scale their global support of all customer needs and wants.

Therefore, I anticipate those unique vendors must demonstrate a proven track record of addressing complex enterprise networking and security environments. I envision this scenario as a 'Hybrid-Next' era that will further advance digital transformations across the globe.

Popular posts from this blog

Mobility-as-a-Service Creates Disruptive Travel Options

Building on significant advances in big data, analytics, and the Internet of Things (IoT), more innovative transit service offerings aim to increase public transport ridership and reduce emissions or congestion within metropolitan areas. By providing these services through smartphone apps, the transit services also significantly increase user convenience, providing information on different human mobility offerings -- including public transport, ridesharing, and autonomous vehicles. Mobility-as-a-Service Market Development According to the latest market study by Juniper Research, Mobility-as-a-Service (MaaS) subscribers will generate $53 billion in revenue for MaaS platform providers by 2027 -- that's rising from $5.3 billion in 2021. Let's start with a basic definition. MaaS is the provision of multi-modal end-to-end travel services through single platforms, by which users can determine an optimal route and price. The study identified a monthly subscription model as key to incr

Robocall Mitigation Solutions to Halt Criminal Threats

If you answer the phone and hear a recorded message instead of a live person, it's likely a robocall. A robocall is a phone call that uses a computerized autodialer to deliver a pre-recorded message. In 2020, the U.S. Federal Trade Commission (FTC) received 2.8 million consumer complaints about robocalls. Offering solutions to robocalling and associated fraudulent business practices, computerized mitigation platforms are an integral part of the solution. Platforms that are focused on actionable systems to disrupt unsolicited and potentially criminal phone calls help telecom service providers and industry regulators. Issues of whether one-size-fits-all developments are sufficient to be effective across the spectrum need to be addressed, and whether a single telecom network operator working unilaterally with a third-party platform could compromise desired or mandatory industry-wide standards. Robocall Mitigation Market Development According to the latest worldwide market study by Jun

Upside for New 5G Network Transport Infrastructure

The global mobile communication sector is in the midst of a significant network infrastructure upgrade to support the introduction of new high-bandwidth and low-latency broadband service offerings.  Telecom service provider data centers have an important role in fifth-generation (5G) network deployments. Providers undergoing their transition to Stand-Alone (SA) 5G must understand the technical demands of telco data centers and the key enablers of those offerings. According to the latest worldwide market study by ABI Research, the major prerequisites of 5G and the emerging transport solutions would help operators position themselves to successfully capitalize on the new revenue opportunities from delivering differentiated 5G connectivity services. 5G Transport Network Market Development "The rise of the telco data center has a high degree of confluence with the requirements of SA 5G architectures. SA 5G and its increasing reliance on telco data centers can be attributed to the incr