A few weeks ago I attended the Gartner Security and Risk Summit in Washington, DC, where ALTR was sponsoring and meeting with analysts, customers, and prospects (ALTR is a Gartner client). As usual it was really interesting to see how the overall market is evolving and where the focus is. Here are a few of the major themes that I observed:
Automation as the way to cope with increasing complexity and a persistent labor shortfall. The opening keynote by Gartner focused pretty heavily here. I believe the key stat is that 70% of companies reported that they can’t even digest 60% of their event traffic (from a SIEM or SOAR perspective), meaning they actually aren’t watching parts of their network at all, despite all of the investment in tools. And that just gets worse when you consider that hiring to fill that gap is getting harder to do, not easier.
My take: I am reluctant here – the idea of automation is much simpler than the execution, and I am skeptical of this technology’s ability to close this gap. Today’s automation has very little real predictive ability, and often produces as much work in training and managing false positives as it does in saving work. I think the answer here is to focus what we are monitoring based on risk, not monitor everything and just turn it over to automation.
Identity is the new perimeter. This theme was dominant throughout and focuses on the fact that in today’s cloud-powered and mobile world, the traditional network perimeter has dissolved and been replaced by authentication and access management. It’s notable that user credentials are now far and away the most popular attack vector for bad actors, from credential-stuffing to phishing credentials out of users via email and other avenues.
My take: I agree. I think you must verify, and then re-verify that the person who is accessing resources is in fact who they say they are. Some encouraging statistics are that something simple like multi-factor authentication will stop 97% of credential-based attacks. Of course, even then that 3% is still a really large number in absolute terms, and pretty troubling.
Identity and data will always be your problem. A lot of the conference was about cloud security, and I saw some great sessions about trends in this space. But the thing that I found really compelling was a particular chart that showed how when you go from IaaS to PaaS to SaaS, you shed responsibilities for various parts of the stack . . . but managing identity and data remain your responsibility.
My take: I think this view was compelling because it separates the IT-driven benefits of cloud computing from the risks that holding data can pose, and makes the point that those risks are still there no matter where your application workloads and databases are hosted.
The rise of Data Security Governance. Gartner publishes a model on data security governance that is meant to focus on a risk-based approach to managing data across both security and privacy concerns. The emphasis is not to start with security products, but to consider data more broadly. This framework was present throughout the conference in various sessions.
My take: I think this is absolutely the right approach. Once you authenticate someone it is important to manage what data they have access to globally. However as with most great strategic concepts it has problems when it meets the real world. The “product first” mentality is driven by the fact that data security and governance products are isolated from each other in different quadrants like DLP or CASB tools and in market guides like DCAP, Tokenization, and Data Masking. I sense an opportunity for Gartner to collapse products into a Data Security Governance market that gives organizations more of a connection between the risks and the tools that address them. I believe that some of these tools, and even some of these categories, don’t actually do that much to decrease the risk to data – and Gartner could help clients differentiate the good investments from the not as good.