Gartner presentation risq dec 2016 jie zhang

CONFIDENTIAL AND PROPRIETARYThis presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other intended recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.

Top Security Trends and Take-Aways

Jie Zhang

1 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.

Security for the Next Generation of Threat

A pervasive digital presence is expanding into business, industry

and society

Once networked, this digital presence substantively alters risk

for digital businesses

Digital security is the next evolution in cybersecurity

to protect this pervasive digital presence


Security Macro Trends You Face in the Ageof the Pervasive Digital Presence

Risk and Resilience Seek Balance

Security Disciplines Converge

Secure Digital Supply Chain Needs Grow

Security Skills Options Expand

Adaptive Security Architecture Embraced

Data Security Governance Arrives

Digital Business Drives Digital Security


Risk and Resilience Seek Balance


Security Moves to an Embedded State in the Organization

Governance

Compliance

Control

Protection

Reliability

Speed

Assurance

Transparency

RISK RESILIENCE

PrivacySafety

ValueCost


Security Principles for Trust and Resilience

Business Outcomes

Risk-Based

Data Flow

Facilitator

Detect and Respond

Principle of Trust and Resilience

People-Centric


Take-Aways for Risk and Resilience Balance

Revisit the security organizational structure to ensure it reflects current mission

Revise the methods used to calculate IT risk to incorporate new variables and factors

Refine the security communication and education process to emphasize agility


Security Disciplines Converge


Digital Security for the Pervasive Digital Presence

Defense

Offense

Reactive

Proactive

IoT Security

Information Security

IT Security

OT

Security

Physical

Security

You Are Here

Digital Security


"Digital Safety" Becomes a New Force and Responsibility

The CIAS Model of Digital Security

Integrity

Data

People

Environments

Confidentiality

Availability

Safety

Graphics: Can Stock Photo


Take-Aways for Security Convergence

Establish security governance and

planning relationships with physical

and industrial counterparts

Improve cross-discipline procurement

methods for security requirements

Modify security architecture to include

additional layers where required

Investigate changes in security

management and operations that may

be required to accommodate

convergence


Secure Digital Supply Chain


Integrated Digital Security for the Supply Chain(s)

SUPPLY CHAIN

DIGITAL SUPPLY CHAIN

DIGITAL SECURITY FOR THESUPPLY CHAIN(S)

IoT Security

Information Security

IT Security

OTSecurity

PhysicalSecurity

Digital Security


SIEM

Software Asset

Management

Expanding (and Confusing) SaaS Control Add-On Markets

Today's enterprise suffers from coordination frustration. Encouraging evolution of multicloud, multifunction management consoles.

Activity Threat Control

Archive and Recovery

Cloud Access Security Broker

EMM

Confidentiality

IDaaS

SaaS

Aggregation

Tool

Mobile Device Management

Before and During Login

After Login

Service Monitoring

Malware Control


Take-Aways for Securing the Cloud (Supply Chain)

Develop an enterprise public cloud strategy.

Implement and enforce policieson usage responsibility and cloud risk acceptance.

Follow a cloud life cyclegovernance approach.

Develop expertise in the security and control each cloud model used.

Implement technologies to fight cloud diffusion complexity.

Conduct Risk Assessment(decision establishesrequirements for technical andprocess controls)

Medium

Exposure

Potential Impact of Security FailureB

usin

ess C

ontr

ibution

(Valu

e o

f S

erv

ice)

Low High

Always Allowed

Low

High

Do N

ot A

llow

Do N

ot A

llow


Security Skills Options Expand


Assess the Most Critical Skills Impacts of Digital Security

Already, Traditional Security Strategies Are Shifting To:

Contextual Security Monitoring and Response

Ubiquitous Identity Management

Data Classes,Data Governance

Security Awareness, Privacy & Behavior

01011Embedded Security

Network Segmentation, Engineering

PhysicalSecurityAutomation


Key Take-Aways to Accelerate Skills Generation and Convergence

Build a long-term security

workforce plan.

Make coaching and skills development

first task.

Embed security skills within

the lines-of-business.

Change security specialists

to "versatilists."

Mix traditional and agile

recruitment techniques.

Evaluate current skills gaps.


Adaptive Security Architecture Is Embraced


Software-Defined Everything, Including Security

"Data Plane"

"Control Plane"

APIAPI API API

APIAPI API

Southbound APIs

Northbound APIs

Layers of Abstraction

APIPlatform

APIs

Applications


Respond Detect

Detect incidents

Prevent attacks

Confirm and prioritize risk

Contain incidents

Isolate systems

Predict Prevent

Harden systems

Compliance

Policy

Monitor posture

Adjustposture

Implementposture

Adjust posture

ContinuousVisibility and Verification

Users

Systems

System activity

Payload

Network

Investigate incidents/retrospective analysis

Remediate

Anticipate threats/attacks

Risk-prioritizedexposure assessment

Design/Model policy change

Baseline systemsand security

posture

Develop an Adaptive Security Architecture


Threat Intelligence Platforms Allow You to Visualize, Correlate and Gain Context

EmergingThreats

ShadowserverZeuS

Tracker

Abuse.ch

Open-Source MRTI Feeds

Norse

IIDCyveillance

Malcovery

Commercial Feeds

GeoIPMalwareLookup

Domain Tools

Enrichment Services

News RSSFeeds

Websites

OSINT Sources

Threat Intelligence Platform

Analytics Threat IntelligenceProcessing

VisualizationReporting

ForensicsThreat Intelligence

Sharing

IncidentResponse

SOCAnalyst

Fraud ThreatAnalyst

Management MalwareAnalyst

HelpDesk

People

Process

Circle ofTrust Sharing

Workflow/Escalation

Communication Fraud

Technology

Secure WebGateway

NGFW

IPS/IDS Logs


Take-Aways for Adaptive Security Architecture

Shift security mindset from "incident

response" to "continuous response"

Spend less on prevention; invest in detection,

response and predictive capabilities

Favor context-aware network, endpoint

and application security protection platforms

Develop a security operations center

Architect for comprehensive, continuous monitoring at all layers

of the IT stack.


Data Security Governance Arrives


Develop a Data-Centric Audit and Protection Approach

ActivityMonitoring

Assessmentof Users

and Permissions

User Monitoringand Auditing

Data SecurityPolicy

Data Classificationand Discovery Policy

Data SecurityControls

Protection

Analysis andReporting

Blocking, Encryption,Tokenization

and Data Masking


Take-Aways for Data Security Governance

Prioritize organization-wide data security

governance and policy.

Identify and implement risk-appropriate

data security controls by data type

where possible.

Implement a DCAP strategy that includes

disciplined and formal product selection.

Incorporate big data plans and unique

requirements into security strategy.


Digital Business Drives Digital Security


Securing a Pervasive Digital Presence(the Internet of Things)

Gateways

Things Agents

AnalyticsApplications

Data

Cloud Mobile MES,

ERPPartners

IoT Platform Middleware

Core Business Processes

IoT Edge Processing

CommunicationsIntegration

Integration Communications

Security requirements:

– Policy creation and management

– Monitoring, detection and response

– Access control and management

– Data protection

– Network segmentation

Key challenges:

– Scale

– Diversity (age and type)

– Function

– Regulation

– Privacy

– Standardization

Recommendations: Focus on small scenarios. Use risk-based prioritization. Emphasize segmentation and access initially.


EnterpriseConsumer

Business Disruption

Espionage and Fraud

Financial Waste

Cyber Risks and Consequences in an IoT Solution

IoTPlatform

Platform Hacking

Data Snoopingand Tampering

Sabotaging Automationand Devices

Edge

Device Impersonation

Device Hacking

Device Counterfeiting

Snooping, Tampering, Disruption, Damage

Dev. Prod.


IAM Trends of 2015-2016 That Include an Identity of Things

IAM Program Managementand Governance

(Digital)Business and Operational Needs

(Digital)Risk Management and Compliance

Things

People

Apps andData

Relationships

Interactions


Take-Aways for Digital Security

Balance Risk and Resilience

Make the Security Discipline Decision

Enhance Digital Security Supply Chains

Retool Security Skills

Embrace Adaptive Security Architecture

Selective Improve Security Infrastructure

Embrace Data Security Governance