Leading research and advisory company Gartner recently wrapped up its 2017 Security and Risk Management Summit. A premier gathering of leaders and executives in the fields of security, risk management, and business continuity management, the annual summit focuses on helping businesses reinvent and refine their thinking on how to handle security and risk in the digital age.
In this era of ransomware attacks and privacy breaches, the issue of cybersecurity was unsurprisingly one of the defining themes of this year’s summit. In a presentation given on the summit’s first day, Gartner analyst and research vice president Earl Perkins outlined five key trends that are expected to shape the cybersecurity landscape in 2017 and 2018.
Changing skills and organizational requirements
Cybersecurity already has a zero percent unemployment rate, and that talent shortage is only expected to grow as the field evolves and the need for new skill sets arises. Data management in particular will become a significant challenge. The next three to five years alone will see organizations generating more data than they ever have before, and that unprecedented volume of information will require highly specialized handling. The need for new skills in data science and analytics will continue to grow, and the industry’s major concerns will include areas like data classes, data governance, and artificial security intelligence. To keep pace with this next phase of cybersecurity, adaptability will be essential, both for organizations and for individuals.
Cloud security as a top priority
Now that cloud computing has become a mainstream activity and the cloud environment is reaching maturity, the cloud is becoming a valuable—and potentially vulnerable—security target. The entire industry will need to work together to prevent a tragedy of the commons in which the stability and security of a shared cloud service is threatened by too many demands from too many different companies, without the corresponding sharing of responsibility for its upkeep. In addition, to keep data safe in the cloud environment, companies will need to make difficult decisions about who they can and cannot trust. Therefore, they should develop rigorous security guidelines for both private and public cloud use, and put in place a model to drive informed decisions concerning cloud risk.
Shifting focus away from protection and prevention
One of the biggest cybersecurity trends discussed at the Gartner summit is one that may be the most difficult for security professionals to accept: the idea that it simply isn’t possible to stop every threat. Executives need to accept that fact and focus their resources on what they can actually accomplish. As Earl Perkins argued in his presentation, it is very difficult to stop a dedicated, well-financed actor who is after something specific in an organization from getting what they want, especially as they can always resort to a company’s weakest link: people. Instead, enterprises should adapt their security setup to focus not on protection, but on detection, response, and remediation, which Perkins described as the new frontier for today’s cybersecurity fight. Indeed, as technology evolves further, we can even expect to see the focus shift yet again from detection and response to prediction, i.e., heading off threats before they even happen.
The development operations center as the leader of application and data security
Despite the fact that there is a new window of opportunity in application security, the associated expense makes most enterprises reluctant to take advantage of it. However, there’s never been a better time to bring together development and operations, and to figure out the best way not only of evaluating the value of security, but of explaining that value to the business. The anticipated result is a necessary shift from DevOps to DevSecOps. Now that an almost endless connection between development and operations is possible due to the drastically shortened time to market, focusing on security within the DevOps context, rather than running each element as an isolated unit, is the essential next step. If enterprises are not working with an internal DevOps team, it’s critical to have a conversation with their service provider about the kind of security they offer.
Digital ecosystems and next-generation security
Safety, reliability, and privacy are the key tenets of cybersecurity, but the interesting thing happening now is that these issues are no longer confined solely to the digital realm. As a result of the rapid rise of the Internet of Things and its millions of connected devices, cybersecurity is now directly linked to the physical safety of people and environments. Bluntly put, when you’re talking about things like self-driving cars or sensors that monitor health conditions and give alerts when it’s time to take medication, enterprises that don’t have a sufficient handle on cybersecurity may be putting people’s lives at risk. Therefore, the next generation of cybersecurity won’t just be about the digital world, but the physical one as well.