On November 5th, on the second day of the 2018 Gartner Symposium/ITXPO in Barcelona, Bart Willemsen, Research Director with a focus on privacy compliance, risk management and all privacy-related challenges, took the stage for a presentation entitled "Top Trends in Security for 2018/2019".

"We are witnessing ongoing strategic shifts in the security ecosystem that are expected to have significant potential for disruption," started the Analyst, before adding that cybersecurity was one of the main concerns of CIOs, for the years to come. Bart Willemsen then listed the 6 trends that might have an impact on how companies deal with cybercrime, from preventing themselves to ensuring business continuity.


Awareness: "Senior Business Executives are finally aware that Cybersecurity has a significant impact on the ability to achieve business goals and protect the corporate reputation…"

But according to the Research Director, security organizations must now change in order to respond: they need to step up to fill the gap. Nowadays, only 12% of the security experts are part of the board of management, in a context where security has clearly become a board-level problem. He added: "companies now need to capitalize on this trend. As a matter of fact, leading security organization are understanding business risk appetite and risk tolerance, articulating all risks within the context of business objectives, developing better board and security partnerships, establishing service levels that align with business risk but also improving their digital business resilience". Yet, one challenge remains: security experts and board members actually do not speak the same language and the latter need to understand how important cybersecurity has become. On the other hand, CISOs need to demonstrate what the risk is…but also highlight the outcome and potential benefits of having a strong cybersecurity strategy. In other words, "know the business, the risk, and what you are trying to achieve".


Regulation: "Legal and regulatory mandates on data protection practices are impacting digital business plans and demanding increased emphasis on data liabilities"

In our current environment, data means risk, hence the creation of regional, local and international regulations such as the GDPR (Global Data Protection Regulation) which was implemented in Europe last May. "It started a tidal wave, as Brazil literally copied and pasted it, California also implemented a similar regulation and India is currently working on it," highlighted the Gartner cybersecurity expert. As we saw, notably with the Facebook/Cambridage Analytica scandal, controversy has an immediate effect on brands, therefore a massive change on how business handle data was/is still required. According to Bart Willemsen, "now, it's about people, they have been given new rights. They have control and transparency is the key. As a matter of fact, trust is the new power!". In this respect, leading business are using the full liability costs of data in digital business plans, eliminating or offloading data when liability exceeds value while also differentiating themselves from competitors with transparency and trust.


Cloud: "Security products are rapidly exploiting cloud delivery to provide more agile solutions"

Bart Willemsen then explained how Tesla changed the car industry: how cars are bought, sold, etc. "Tech and the Cloud enabled new service and product opportunities. Migrating to the cloud is more than moving the management interface. If secure, it can actually push knowledge immediately and allows a more direct delivery", he underlined, and then used the now famous quote: "Clouds are secure. Are you using them securely?". Current leading security organizations are critically reviewing new on-premises security solutions, investing in more agile cloud and service delivery solutions with a data management and machine learning competency, staff augmentation services and API-enabled services. Companies can therefore now better protect the data by using tech.


Machine Learning: "Machine Learning is providing value in simple tasks and elevating suspicious events for Human analysis"

The Gartner expert first explained that today, 80% of Artificial Intelligence is actually "just" Machine Learning, which adds a true value. Machine Learning can notably help and augment cybersecurity professionals when it comes to grouping files, fraud, adaptive authentication, insider threats, and more. "It is often more effective than what can be done manually. Yet, nothing is perfect: we cannot escape the fact that Humans and machines complement each other and together can outperform either alone," added Bart Willemsen. According to the latest Gartner survey, leading security organizations are implementing Machine Learning enhanced products to augment human resources, investing in skills to interpret and augment machine learning, but also demanding proof of vendor claims of Machine Learning based on measurable outcomes.


Geopolitics: "Security buying decisions are increasingly based on geopolitical factors along with traditional buying considerations"

Sharing many examples showing that geopolitical risks are highly important in today's digital world, from NATO to elections, Bart Willemsen highlighted the fact that leading security organizations are taking geopolitical risk into consideration in purchasing decisions. They are also more and more sensitive to the geopolitical security demands of business relationships, and are clearly aware that security and product buying decisions are based in trust in the integrity of the supplier.


Decentralization: "Dangerous concentrations of digital power are driving decentralization efforts at several levels in the ecosystem"

Both side are impacting cybersecurity strategies: "there is a current wave of centralization with digital trust, compute, content providers, access providers, social networks, digital advertising, etc. But we are also noticing an embryonic decentralization movement, notably through the Blockchain, but also edge computing, p2p, etc., giving more control to the user". Therefore, on the one hand leading security organizations are starting to understand and communicate the security implications of centralization on trust, availability, confidentiality and resiliency, and on the other, they are exploring alternative decentralized architecture in digital business planning initiatives where centralization increases the risks to the business goals.


Alexandre Keilmann

Publié le 13 décembre 2018