Analyst firm Gartner has identified what it thinks are the seven emerging security and risk management trends for this year, that are set to have an impact on security, privacy and risk areas.
The analyst firm said it defines these top trends as ongoing strategic shifts in security that are not yet widely recognised, but could have a broad impact on the industry, causing significant disruption.
First up in the list of the trends that were highlighted by Gartner research vice president Peter Firstbrook has to do with risk appetite statements becoming linked to business outcomes.
One area that is gaining importance is the ability for security and risk management leaders to effectively present security matters to key business decision makers.
Firstbrook suggested creating simple, practical and pragmatic risk appetite statements linked to business goals, and staying relevant to business decisions.
The next trend was focused on security operation centers (SOCs) being implemented with a focus on threat detection and response. According to Gartner, by 2022, about 50% of SOCs will be transformed with integrated incident response, threat intelligence and threat-hunting capabilities.
The third trend related to organizations addressing data security governance frameworks (DSGF) that will prioritise data security investments.
“DSGF provides a data-centric blueprint that identifies and classifies data assets and defines data security policies. This then is used to select technologies to minimize risk,” Firstbrook said. “The key in addressing data security is to start from the business risk it addresses, rather than from acquiring technology first, as too many companies do.”
Passwordless authentication such as touch ID on devices, was also continuing to gain market traction, the analyst firm noted.
“In an effort to combat hackers who target passwords to access cloud-based applications, passwordless methods that associate users to their devices offer increased security and usability, which is a rare win/win for security,” he said.
Another trend on the rise, noted by Gartner was the fact that security product vendors were increasingly offering premium skills and training services.
This comes as the number of unfilled cyber security roles is expected to grow from 1 million in 2018 to 1.5 million in 2020, the analyst firm said.
“We are starting to see vendors offer solutions that are a fusion of products and operational services to accelerate product adoption. Services range from full management to partial support aimed at improving administrators’ skill levels and reducing the daily workload,” Firstbrook noted.
The analyst firm estimates that the majority of cloud security failures will be because of customer faults in the next four years, therefore leading way to investments being made in cloud security competencies.
“Public cloud is a secure and viable option for many organisations, but keeping it secure is a shared responsibility,” he said. “Organisations must invest in security skills and governance tools that build the necessary knowledge base to keep up with the rapid pace of cloud development and innovation.”
Rounding out its top seven trends, Gartner put forward the increasing presence of its own continuous adaptive risk and trust assessment (CARTA).
“Even though it’s a multiyear journey, the idea behind CARTA is a strategic approach to security that balances security friction with transaction risk. A key component to CARTA is to continuously assess risk and trust even after access is extended,” he said.
Firstbrook pointed out that email and network security were two examples of security domains moving toward a CARTA approach as solutions increasingly focus on detecting anomalies even after users and devices are authenticated.