Gartner Top Security and Risk Trends for 2021
Main cybersecurity aspects that current companies and those in the middle of their digital transformation process should take into account.
Cybersecurity day by day is one of the main aspects that companies that are in the middle of their digital transformation process must
take into account. However, today, there is still much to improve, since it is usually associated with large corporations, regardless of the size of your business, there are certain guidelines that you must take into account.
Cybersecurity mesh, security-savvy boards of directors, and remote working all made this year’s security and risk trends.
As cybersecurity and regulatory compliance become the top two biggest concerns of corporate boards, some are adding cybersecurity experts specifically to scrutinize security and risk issues.
Adding a cybersecurity expert directly to the board is just one of the eight Gartner security and risk trends for 2021, many of which are driven by recent events such as security breaches and the COVID-19 pandemic.
“In the past year, the typical enterprise has been turned inside out,” says Peter Firstbrook, VP Analyst, Gartner. “As the new normal takes shape, all organizations will need an always-connected defensive posture, and clarity on what business risks remote users elevate to remain secure.”
This year’s security and risk trends highlight ongoing strategic shifts in the security ecosystem that aren’t yet widely recognized, but are expected to have broad industry impact and significant potential for disruption.
Trend No. 1: Cybersecurity mesh
The cybersecurity mesh is a modern conceptual approach to security architecture that enables the distributed enterprise to deploy and extend security where it’s most needed.
When COVID-19 accelerated digital business, it also accelerated the trend wherein many digital assets and individuals.
Additionally, cybersecurity teams are being asked to secure countless forms of digital transformation and other new technologies. This requires security options that are flexible, agile, scalable and composable, those that will enable the organization to move into the future, but in a secure manner.
Trend No. 2: Cyber-savvy boards
With an increase in very public security breaches and increasingly complex security setups, boards are paying more attention to cybersecurity. They recognize it as a huge risk to the enterprise, and are forming dedicated committees that focus on discussing cybersecurity matters, often led by a board member with security experience (such as a former CISO) or a third party consultant.
Trend No. 3: Vendor consolidation
The reality of security today is that security leaders have too many tools. Gartner found, in the 2020 CISO Effectiveness Survey, that 78% of CISOs have 16 or more tools in their cybersecurity vendor portfolio; 12% have 46 or more. Too many security vendors results in complex security operations and increased security headcount.
Most organizations recognize vendor consolidation as an avenue for reduced costs and better security, with 80% of organizations interested in vendor consolidation strategy. Large security vendors are responding with better integrated products.
Trend No. 4: Identity-first security
The perfect storm of several events made identity as the new perimeter a trend, including COVID-19’ resulting in remote work and technical and cultural shifts. Identity-first security has been considered the gold standard for a while, but because many organizations remained in more traditional setups, it wasn’t a focus.
Now that the pandemic has pushed organizations to fully (or mostly) remote, this trend has become vital to address. The result of these technical and culture shifts is that “identity first security” now represents the way all information workers will function, regardless of whether they are remote or office-bound.
Trend No. 5: Managing machine identities as a critical security capability
As digital transformation progresses, organizations are seeing increased numbers of nonhuman entities, which means managing machine identities has become a vital part of the security strategy. Included in machine identities (as opposed to human identities) are workloads (i.e., containers, applications, services) and devices (mobile devices, desktop computers, IoT/OT devices).
Trend No. 6: Remote working is now just work
According to the 2021 Gartner CIO Survey, 64% of employees are now able to work from home, and two-fifths actually are working from home. As a result of COVID-19, what was once only available to executives, senior staff and sales is now widely available, with plans to shift some employees to remote permanently post pandemic. From a security perspective.
Trend No. 7: Breach and attack simulation
A new market is emerging to help organizations validate their security posture. Breach and attack simulation (BAS) offers continuous testing and validation of security controls and tests the organization’s posture against external threats, as well as offering specialized assessments and highlighting the risks to high-value assets like confidential data. Plus, BAS includes training to enable security organizations to mature.
These tools will help immediately identify issues when it comes to the efficacy of security controls, configuration issues and detection capability.
Trend No. 8: Privacy-enhancing computation techniques
Privacy-enhancing computation (PEC) techniques are emerging that protect data while it’s being used as opposed to while it’s at rest or in motion to enable secure data processing, sharing, cross-border transfers and analytics, even in untrusted environments.
This technology is rapidly transforming from academic research to real projects delivering real value, enabling new forms of computing and sharing with reduced risk of data breaches.