National Harbor, MD — At its Security & Risk Management Summit this week, analyst firm Gartner Inc. outlined the top ten information security tools it feels will most affect enterprises this year.
These technologies include cloud access security brokers, endpoint detection and response tools, security testing for DevOps (DevSecOps), and pervasive trust services.
In an opening keynote, Toronto-based Gartner Research vice president Peter Firstbrook noted that, from a security professional and chief security officer (CSO) perspective, it’s more than just keeping up with the latest security trends, it’s also about successfully developing a digital risk strategy — a “high level business plan and smart risk assessment” — that the executive team and board of directors can understand and sign off on.
As SaaS adoption is becoming pervasive in enterprises, security teams are looking for greater visibility and control; tools such as cloud access security brokers (CASBs) provide information security professionals with a critical control point for the secure and compliant use of cloud services across multiple cloud providers, according to Gartner. In addition, the analyst firm noted emerging DevSecOps tools — models that incorporate scripts, “recipes,” blueprints and templates to drive the underlying configuration of security infrastructure — can be helpful in delivering an automated and compliant configuration of the underlying security infrastructure based on policy reflecting the currently deployed state of the workloads.
Today’s world is about the digital business — new business designs that incorporate the physical and digital worlds. “In previous business models, including e-commerce, people were the primary drivers to transactions. But in the future, things will be transaction drivers: sensors and actuators will interact with people and things, creating a meshed relationship,” he said.
The question is when, not if, a security threat affects the organization, he offered. It’s about placing an emphasis on resilience and adaptive models. It’s not about 100 per cent enterprise protection — it’s more about being able to quickly respond to threats when they occur, Firstbrook added.
“By applying the principles of resilience to your digital scenario, you can enable new business opportunities and you’ll earn a place at the strategy table,” he said.
“Security and risk leaders need to keep up with current IT trends if they are to define, achieve and maintain effective security and risk management programs that simultaneously enable digital business opportunities and manage risk,” noted Gartner vice-president Neil MacDonald.
The top 10 technologies for information security are:
- Cloud Access Security Brokers
- Endpoint Detection and Response
- Nonsignature Approaches for Endpoint Prevention
- User and Entity Behavioural Analytics
- Microsegmentation and Flow Visibility
- Security Testing for DevOps (DevSecOps)
- Intelligence-Driven Security Operations Center Orchestration Solutions
- Remote Browser
- Deception
- Pervasive Trust Services