Skip to main content

Information Technology Security & Risk Management

Savvy enterprise security and risk management leaders will continue to protect their organizations against new and emerging threats in 2022 and beyond, according to the latest global market study findings by Gartner.

"Organizations worldwide are facing sophisticated ransomware, attacks on the digital supply chain and deeply embedded vulnerabilities," said Peter Firstbrook, vice president at Gartner.

The pandemic accelerated remote work adoption, challenging the Chief Information Security Officer (CISO) to secure the distributed workforce -- while dealing with a shortage of skilled IT security staff.

These big challenges create three overarching trends impacting cybersecurity practices: new responses to sophisticated threats; the evolution and reframing of an IT security practice; and rethinking business technology protection.

IT Security and Risk Apps Market Development

According to the Gartner assessment, the following IT security and risk-related issues will have a significant impact across those three domains. Digital transformation projects will likely drive change.

Enterprise attack surfaces are expanding. Risks associated with the use of cyber-physical systems and the Internet of Things (IoT), open-source code, cloud computing applications, and complex digital supply chains exposed surfaces outside of IT controllable assets.

As a result, organizations must now look beyond traditional approaches to security monitoring, detection, and response to manage a wider set of IT security exposures.

Digital risk protection services (DRPS), external attack surface management (EASM) technologies, and cyber asset attack surface management (CAASM) will support CISOs in visualizing internal and external business systems, automating the discovery of security coverage gaps.

Global cybercriminals have discovered that attacks on the digital supply chain can provide a high return on investment. As vulnerabilities such as Log4j spread through the supply chain, more threats are expected to emerge.

In fact, Gartner predicts that by 2025, 45 percent of organizations worldwide will have experienced attacks on their software supply chains -- that's a three-fold increase from 2021.

Digital supply chain risks demand new mitigation approaches that involve more deliberate risk-based vendor or partner segmentation and scoring, requests for evidence of security controls and best practices, a shift to resilience-based thinking, and efforts to get ahead of forthcoming government regulations.

Sophisticated threat actors are actively targeting identity and access management (IAM) infrastructure, and credential misuse is now a primary attack vector. Gartner introduced the term “identity threat detection and response” (ITDR) to describe the collection of tools and best practices to defend identity systems.

"Organizations have spent considerable effort improving IAM capabilities, but much of it has been focused on technology to improve user authentication, which actually increases the attack surface for a foundational part of the cybersecurity infrastructure," said Firstbrook.

Gartner's analysts believe that ITDR tools can help protect identity systems, detect when they are compromised, and enable efficient remediation of ongoing security threats.

Meanwhile, enterprise cybersecurity needs and expectations are maturing, and senior executives now require more agile security amidst an expanding IT infrastructure attack surface.

Thus, the scope, scale, and complexity of digital business make it necessary to distribute cybersecurity decisions, responsibility, and accountability across the organization units and away from a centralized function.

"The CISO role has moved from a technical subject matter expert to that of an executive risk manager," said Firstbrook.

By 2025, a single, centralized cybersecurity function will not be agile enough to meet the needs of digital organizations. CISOs must reconceptualize their responsibility matrix to empower Boards of Directors, CEOs, and other senior business leaders to make their own informed risk decisions.

Human error continues to be a factor in many data breaches, demonstrating that traditional approaches to "security awareness" training are ineffective. Progressive organizations are investing in holistic security behavior and culture programs (SBCPs), rather than outdated compliance-centric security awareness campaigns.

An SBCP focuses on fostering new ways of thinking and embedding new employee behaviors with the intent to provoke more secure ways of working across the typical enterprise organization.

Furthermore, security technology convergence is accelerating, driven by the need to reduce complexity, reduce administration overhead and increase the effectiveness of IT defense methodologies.

New platform approaches such as extended detection and response (XDR), security service edge (SSE), and cloud-native application protection platforms (CNAPP) are accelerating the benefits of converged solutions.

For example, Gartner predicts that by 2024, 30 percent of enterprises will adopt cloud-delivered secure web gateway (SWG), cloud access security broker (CASB), zero-trust network access (ZTNA), and branch office firewall as a service (FWaaS) capabilities from the same vendor.

It's predicted that the consolidation of IT security functions will lower the total cost of ownership and improve operational efficiency in the long term, leading to better overall security outcomes.

The security product consolidation trend is driving the integration of security architecture components. However, there is still a need to define consistent security policies, enable workflows, and exchange data between consolidated solutions.

A cybersecurity mesh architecture (CSMA) helps provide a common, integrated security structure and posture to secure all assets, whether they’re on-premises, in data centers, or within the public cloud.

Outlook for IT Security and Risk Applications Growth

“Gartner’s top cybersecurity trends don’t exist in isolation; they build on and reinforce one another," concludes Firstbrook. "Taken together, they will help CISOs evolve their roles to meet future security and risk management challenges and continue elevating their standing within their organizations."

That said, I anticipate large enterprise demand for qualified IT security practitioners will continue to rise. That growth trend will increase the rate of IT staff training and certification, in order to upskill more members of the IT infrastructure and operations team.

Besides, I predict that access to IT cybersecurity professional services will be a requirement for all IT vendors that are trusted advisors to their enterprise customers. This skill set is essential for CIOs and CHROs that need qualified and experienced guidance for their secure remote working enablement process.

Popular posts from this blog

How Data and Analytics Drive Business Growth

Senior executives in the world’s largest and most complex organizations will develop the insights required to achieve lasting Digital Transformation. Gartner has identified a model for digital business growth that binds together data, analytics, technology, and forward-looking transformation capabilities. The Gartner Research Board said that data and analytics (D&A) leaders are uniquely positioned to drive this strategic organizational change that will make their companies behave like 'digital native' leaders.  "The most advanced and successful D&A leaders are driving new opportunities to use digital capabilities – often data and analytics products – to capture value. Those opportunities should directly connect to the business priorities," said Mario Faria, vice president at Gartner . Digital Business Market Development At the same time, some leaders are using digital and D&A to create whole new business models. These leaders – which Gartner named the CxO

Anywhere, Anytime Workplace Demand for SASE

The ongoing adoption of flexible working models within the enterprise market has significant implications for typical IT organizations that must now support knowledge workers and front-line employees that operate outside the corporate network perimeter. The global COVID-19 pandemic created IT networking and security challenges. The expansion of the distributed workforce, an increasing reliance on cloud computing infrastructure, and the requirement to securely connect online employees -- wherever they choose to work, at any given moment in time. Legacy IT solutions that have rigid network underlays and a requirement for on-premises infrastructure cannot adequately deal with these trends. This 'Anywhere, Anytime Workplace' led to demand for new Secure Access Service Edge (SASE) solutions, with networking and security delivered as-a-service. Anywhere, Anytime Workplace Market Development   Although converging networking and security capabilities offer enterprises a promising solut

The Metaverse Raised Virtual Reality Interest

After years of slow growth and limited use cases, the Virtual Reality (VR) market is now forecast to grow significantly over the next five years. Consumer interest in VR games and media continues to grow after the COVID-19 pandemic accelerated activity. At the same time, the need for employee enablement and immersive content within the enterprise environment remains strong. According to the latest market study by ABI Research, over 90 million Head Mounted Display (HMD) shipments in 2027 will drive total VR market revenues to reach over $95 billion across hardware, software, and services. Virtual Reality Market Development "The virtual reality market is no stranger to false starts, with identifiable efforts in VR dating back to the 1980s and 1990s. While the technology never found purchase results, the increased capability of VR hardware combined with the demand for immersive content in numerous markets, presents a significant opportunity," says Eric Abbruzzese, research direc