When securing the enterprise, it is not enough just to survive in the current environment.
Instead, Gartner vice-president, Andrew Walls, urged visitors to the Gartner Security & Risk Management Summit in Sydney to aim to thrive in it.
“Use change to your advantage,” Walls told attendees.
Walls used the growth of virtualisation and mobility as recent examples of change, as well as the worldwide success of Facebook.
“Facebook is now available in 70 languages,” he said.
“Eighty per cent of users are outside the US in countries such as Australia, and 425 million users worldwide use their mobile device to access the social network.”
BYOD was also highlighted as the big game changer in organisations.
“Sixty million smartphones have been sold this year, with a total of 118 million predicted for this year,” Walls said. “Contrast this with the 427 million smartphones sold so far.”
Walls announced that “people are using IT” and that “the IT revolution is over and we won,” though he admitted that not all was rosy with the picture.
In particular, he highlighted security as being the key issue, highlighted with the fact that 546 million private records released have been inadvertently released.
“The Stuxnet and Flame cyber attacks are a result of change and uncertainty,” he said.
“To enable the business transformation, you have to manage this uncertainty.”
The “big data” nexus is seen by Walls as being embodied by mobile, information, Cloud and social working together.
As such, Gartner has predicted that by 2014, 80 per cent of F2000 risk leaders will report at least annually to board directors on risk and security.
With new laws, added standards, and active enforcement permeating this security landscape, Walls recommends that security stays at the forefront, no matter where users go.
“Laws require constant improvement,” he said, “and users can leverage this change for success.”
Gartner VP and distinguished analyst, Paul Proctor, spoke about the reactive approach of businesses and how it hinders change.
“If there is an infected system, the typical response is to drop it from the network,” he said.
“If someone has a new business idea, the response is just to say no.”
According to Proctor, there is “no such thing as a residual risk”.
This statement was framed behind a prediction by Garter that through 2014, cyber insurance claims will not meet the insured expectations of 50 per cent of organisations.
For businesses to turn key risk indicators (KRI) to key performance indicators (KPI), Proctor recommended a “run, grow, and transform” strategy.
Gartner research director, Rob McMillan, sees the need for flexibility in pushing identity and access management into the Cloud.
“The mission has not changed,” he said. “Threats are everywhere, all the time.”
Thus, he says that it is not IT’s job to decide how much protection is necessary.
“For intelligent security and risk decisions, security information and event management should cover interaction, integration, collaboration and context,” he said.
If a two-way street between end user organisations and the Cloud exists, McMillan sees it bringing about positive change.
“We have a rich palette of tools and services available to us now,” he said.
“That’s why 52 per cent of enterprises currently use security services.”
When looking at security solutions, McMillan reminded the audience that with new mobile platform adoption, mobility, and Cloud computing adoption, they also need to be aware of the new delivery methods and market requirements that exist.