Top 5 Security and Risk Management Trends- according to Gartner
Security and risk management leaders must address five top trends to enable rapid reinvention in their organization, as COVID-19 accelerates digital business transformation and challenges traditional cybersecurity practices, according to Gartner, Inc.
These trends are a response to persistent global challenges that all organizations are experiencing.
“The first challenge is a skills gap. 80% of organizations tell us they have a hard time finding and hiring security professionals and 71% say it’s impacting their ability to deliver security projects within their organizations.
Other key challenges facing security and risk leaders in 2021 include the complex geopolitical situation and increasing global regulations, the migration of workspaces and workloads off traditional networks, an explosion in endpoint diversity and locations and a shifting attack environment, in particular, the challenges of ransomware and business email compromise.
Over the course of the next 2 days we will be exploring each of these 5 Trends.
Trend 1: Cybersecurity Mesh
Cybersecurity mesh is a modern security approach that consists of deploying controls where they are most needed. Rather than every security tool running in a silo, a cybersecurity mesh enables tools to interoperate by providing foundational security services and centralized policy management and orchestration. With many IT assets now outside traditional enterprise perimeters, a cybersecurity mesh architecture allows organizations to extend security controls to distributed assets.
Trend 2: Identity-First Security
For many years, the vision of access for any user, anytime, and from anywhere (often referred to as “identity as the new security perimeter”) was an ideal. It has now become a reality due to technical and cultural shifts, coupled with a now majority remote workforce during COVID-19. Identity-first security puts identity at the center of security design and demands a major shift from traditional LAN edge design thinking.
The SolarWinds attack demonstrated that we’re not doing a great job of managing and monitoring identities. While a lot of money and time has been spent on multifactor authentication, single sign-on and biometric authentication, very little have been spent on effective monitoring of authentication to spot attacks against this infrastructure. This will remain an important consideration.