Story image

Digital businesses affecting information security, says Gartner

08 Oct 15

More than 20% of enterprises will have digital risk services devoted to protecting business initiatives used within the Internet of Things by 2017.

That’s according to analyst firm Gartner, who says changes brought about by digital business is continuing to shape risk and security landscapes.

"Business imperatives have driven the convergence of the internet of people, computers and things, transforming most enterprises into digital businesses and reshaping cybersecurity," says Christian Byrnes, managing vice president at Gartner.

"An inflection point in business and technological innovation has occurred, which we refer to as the 'digital explosion' and the 'race to the edge’,” he says.

Byrnes says the traditional model ascribed for decades to IT security has been one of confidentiality, integrity and availability (CIA). He says most organisations in 2015 have not shown a consistent ability to substantially mitigate those risks. He says that while the CIA model is still relevant and applicable in cybersecurity, it isn't enough.

"The race to the edge has pushed the environment for protecting data and infrastructure into the physical world, merging functions focused on data and information with functions that make actual changes to people and their surrounding environments," Byrnes explains.

"Protecting information alone isn't enough, and ensuring the confidentiality, integrity and availability of that information isn't enough,” he says. “Leaders in risk and cybersecurity must now assume the responsibility of providing safety for both people and their environments."

The digital explosion is moving technologies from core architectures to a highly distributed and fit-for-purpose edge, Byrnes says.

According to Byrnes, "Core" describes general-purpose technologies and services for computing, such as servers, laptops and mobile platforms, as well as cloud and mobile services. "Edge" is a term used to describe devices that aren't servers or laptops and perform specific functions in the business and are positioned at the boundary between the business and its customers, partners and providers. The core and the edge are mixtures of traditional IT, as well as IT and components of the IoT.

Byrnes says the digital explosion disrupts the foundations of services for technology and information and elevates traditional IT services, such as cloud computing and advanced analytics, to a mandatory status to support the scale and functional needs of the edge. “The edge itself is more physical than digital, with devices and physical assets becoming more intelligent to meet the shifting demands of business,” he explains. “This is the core-to-edge continuum.”

“The other continuum in the cybersecurity scenario is one of openness,” Byrnes says. “An organisation must decide, as part of its evolution in digital business, on the ultimate transparency of its services to its customers.”

Byrnes says the degree of openness depends on an organisation's approach to data accessibility, infrastructure used, culture, process and adaptation to change. “Gartner believes that the demands for transparency in the digital business of 2020 will drive more organisations toward openness as a strategy of priorities.”

According to Gartner, requirements for large-scale, real-time adaptive protection, safety and privacy at the digital and physical levels will drive new cybersecurity skills, practices and technologies. 

The race to the edge requires that organisations consolidate the prioritisation of cybersecurity efforts across broader technology areas that require protection and are interdependent,” says Byrnes.

Byrnes says in addition to a more comprehensive approach to digital risk, organisations must prepare for new cybersecurity skill sets in areas such as vendor portfolio management, safety engineering, machine-to-machine (M2M) communications, embedded software, and systems security and cyberphysical systems.

"Cybersecurity professionals are the new guardians of big changes in the organisation. Such professionals must practice business resiliency and adaptability, because they are now so integrated with digital business decisions that leaders cannot tell where business ends and cybersecurity begins," explains Byrnes.

"The digital explosion and the race to the edge have achieved what previous waves of technology evolution have failed to do — to integrate cybersecurity professionals and business leaders into effective teams for the protection and safety of the organisation."

How Adobe aims to drive digital transformation for financial services
Digital transformation is a requirement for ongoing competitiveness that clearly helps businesses run more efficiently.
Using blockchain to ensure regulatory compliance
“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it."
Human value must be put back in marketing - report
“Digital is now so widely adopted that its novelty has worn off. In their attempt to declutter, people are being more selective about which products and services they incorporate into their daily lives."
A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Microsoft NZ bids Goldie a “fond farewell”
Microsoft New Zealand director of commercial and partner business takes new role across the Tasman. The search for his replacement has begun.
Google says ‘circular economy’ needed for data centres
Google's Sustainability Officer believes major changes are critical in data centres to emulate the cyclical life of nature.
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.