Gartner's Security Top 10 Puts Solution Providers in Equation

The mobile and cloud movements have created a tremendous inflection point for the IT industry. The combination of these two technologies have forced businesses to rethink their business models, forced IT into different support and implementation roles and created more value for solution providers, who are the very linchpin of integrating them into business.

Elliot Markowitz

June 27, 2014

5 Min Read
Gartner's Security Top 10 Puts Solution Providers in Equation

The mobile and cloud movements have created a tremendous inflection point for the IT industry. The combination of these two technologies have forced businesses to rethink their business models, forced IT into different support and implementation roles and created more value for solution providers, who are the very linchpin of integrating them into business.

They also have brought forth new security concerns and vulnerabilities the need to be addressed constantly, and again the solution provider community is the center of the solution. Today’s smart solution providers know that whatever area of specialty they are focusing on—be it mobile device management and integration, cloud storage and back-up, remote management or server virtualization—they need to make sure all data, devices and systems are secure. That must be ingrained in everything they do.

Supporting this, tech research giant Gartner recently came out with its Top 10 Technologies for Information Security.

“Enterprises are dedicating increasing resources to security and risk. Nevertheless, attacks are increasing in frequency and sophistication. Advanced targeted attacks and security vulnerabilities in software only add to the headaches brought by the disruptiveness of the Nexus of Forces, which brings mobile, cloud, social and big data together to deliver new business opportunities,” said Neil MacDonald, vice president and Gartner Fellow, in a prepared statement. “With the opportunities of the Nexus come risks. Security and risk leaders need to fully engage with the latest technology trends if they are to define, achieve and maintain effective security and risk management programs that simultaneously enable business opportunities and manage risk.”

According to Gartner, here are the top 10 technologies for information security, in no particular order. The key here is solution providers can play a crucial role in each.

  1. Cloud Access Security Brokers: Whether on-premise or remote, cloud access security brokers deploy cloud security policy enforcement points wherever cloud-based resources are accessed. Initial adoption of cloud-based services has occurred outside the control of traditional IT, and cloud access security brokers enable enterprises to gain visibility and control as its users access cloud resources.

  2. Adaptive Access Control: This is a form of context-aware access control that acts to balance the level of trust against risk at the moment of access using some combination of trust elevation and other dynamic risk mitigation techniques. The use of an adaptive access management architecture enables an enterprise to allow access from any device, anywhere, and allows for social ID access to a range of corporate assets with mixed risk profiles.

  3. Pervasive Sandboxing and IOC Confirmation: Some sophisticated attacks will be able to bypass traditional blocking and prevention security protection mechanisms. That is a fact. The next measure would be to detect an attack as soon as possible so it causes the least amount of damage. Many security platforms now include embedded capabilities to run executables and content in virtual machines and observe them to see if they have been penetrated. Once an incident has been detected, the organization then needs to know the extent of the damage to be contained.

  4. Endpoint Detection and Response Solutions: The endpoint detection and response market is exploding as more mobile devices create more data entry points. Organizations need to step up their endpoint response security strategies, specifically around significantly around security monitoring, threat detection and incident response capabilities.

  5. Big Data Security Analytics: More data means more security measures. Going forward, all effective security protection platforms should include domain-specific embedded analytics as a core capability. An enterprise’s continuous monitoring of all activities will generate a greater volume of data that needs to be stored, secured, accessed and analyzed. In fact, by 2020, 40 percent of enterprises will have established a “security data warehouse” for the storage of this monitoring data to support retrospective analysis, according to Gartner.

  6. Machine-Readable Threat Intelligence, Including Reputation Services: Gartner believes the ability to integrate with external context and intelligence feeds is a critical differentiator for next-generation security platforms. Third-party sources for machine-readable threat intelligence are increasing and include a number of reputation feed alternatives.

  7. Containment and Isolation as a Foundational Security Strategy: Technology threats are increasing by volume and in sophistication every day. Organizations must be able to deploy a quick containment strategy to ensure the threats to not expand to other areas of the enterprise. Virtualization, isolation, abstraction and remote presentation techniques should be used to create this containment. According to Gartner, virtualization and containment strategies will become a common element of a defense-in-depth protection strategy for enterprise systems, reaching 20 percent adoption by 2016 from nearly no widespread adoption in 2014.

  8. Software-Defined Security: This is really changing an organization’s approach to how it looks at software. It is in software where security is going to be majorly implemented going forward, according to Gartner, which added that it doesn’t mean that some dedicated security hardware isn’t still needed, However, software-defined networking, the value and intelligence will move into software.

  9. Interactive Application Security Testing: Interactive application security testing (IAST) combines static application security testing (SAST) and dynamic application security testing (DAST) techniques, according to Gartner’s definition. The result is increased accuracy of application security testing. And makes it possible to confirm the damage of the detected vulnerability and determine its point of origin in the application code.

  10. Security Gateways, Brokers and Firewalls to Deal with the Internet of Things: All companies, regardless of industry, are in the process of moving their operating systems from proprietary communications and networks to standards-based, IP-based technologies. Everything is becoming more automated through software development. This needs to be managed, secured and provisioned appropriately for enterprises, especially in the new age of the The Internet of Things, comprised of billions of interconnected sensors, devices and systems, many of which will communicate without human involvement and that will need to be protected and secured.

Technology always moves forward. As it does, security needs and solutions need to evolve. Solution providers are at the critical junction to help their customers protect their data, systems, users and customers,

Knock ’em alive!
 

Read more about:

AgentsMSPsVARs/SIs

About the Author

Elliot Markowitz

Elliot Markowitz is a veteran in channel publishing. He served as an editor at CRN for 11 years, was editorial director of webcasts and events at Ziff Davis, and also built the webcast group as editorial director at Nielsen Business Media. He's served in senior leadership roles across several channel brands.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like