Gartner Top 9 Security and Risk Trends for 2020

The shortage of technical security staff, the rapid migration to cloud computing, regulatory compliance requirements and the unrelenting evolution of threats continue to be the most significant ongoing major security challenges. 

However, responding to COVID-19 remains the biggest challenge for most security organisations in 2020. 

“The pandemic, and its resulting changes to the business world, accelerated digitalisation of business processes, endpoint mobility and the expansion of cloud computing in most organisations, revealing legacy thinking and technologies,” said Peter Firstbrook, VP Analyst, Gartner, during the virtual Gartner Security and Risk Management Summit, 2020.

COVID-19 refocused security teams on the value of cloud delivered security and operational tools that do not require a LAN connection to function, reviewing remote access policies and tools, migration to cloud data centres and SaaS applications, and securing new digitisation efforts to minimise person-to-person interactions.

Gartner has identified nine annual top trends that are the response by leading organisations to these longer-term external trends. These top trends highlight strategic shifts in the security ecosystem that are not yet widely recognised, but are expected to have broad industry impact and significant potential for disruption.

“Gartner research shows that supply chain leaders perceive technology primarily as a competitive advantage — they focus on long-term value,” says Christian Titze, Vice President Analyst, Gartner. “Yet, 80% of organisations favour a cautious approach when it comes to adopting new supply chain applications and technologies.”

Despite possible C-level pressure to reduce costs or prove short-term ROI, it is important for supply chain technology leaders to adapt a mindset that accepts and embraces long-term perpetual change. The top strategic supply chain technologies are a critical ingredient for good technology decision making.

Extended detection and response (XDR) solutions are emerging that automatically collect and correlate data from multiple security products to improve threat detection and provide an incident response capability. For example, an attack that caused alerts on email, endpoint and network can be combined into a single incident. The primary goals of an XDR solution are to increase detection accuracy and improve security operations efficiency and productivity.

“Centralisation and normalisation of data also helps improve detection by combining softer signals from more components to detect events that might otherwise be ignored,” said Firstbrook.

The shortage of skilled security practitioners and the availability of automation within security tools have driven the use of more security process automation. This technology automates computer-centric security operations tasks based on predefined rules and templates. 

Automated security tasks can be performed much faster, in a scalable way and with fewer errors. However, there are diminishing returns to building and maintaining automation. SRM leaders must invest in automation projects that help to eliminate repetitive tasks that consume a lot of time, leaving more time to focus on more critical security functions.

AI, and especially machine learning (ML), continues to automate and augment human decision making across a broad set of use cases in security and digital business. However, these technologies require security expertise to address three key challenges: Protect AI-powered digital business systems, leverage AI with packaged security products to enhance security defence and anticipate nefarious use of AI by attackers.

In 2019, incidents, threats and vulnerability disclosures outside of traditional enterprise IT systems increased, and pushed leading organisations to rethink security across the cyber and physical worlds. Emerging threats such as ransomware attacks on business processes, potential siegeware attacks on building management systems, GPS spoofing and continuing OT/IOT system vulnerabilities straddle the cyber-physical world. Organisations primarily focused on information-security-centric efforts are not equipped to deal with the effect of security failures on physical safety. 

As a result, leading organisations that deploy cyber-physical systems are implementing enterprise-level CSOs to bring together multiple security-oriented silos both for defensive purposes and, in some cases, to be a business enabler. The CSO can aggregate IT security, OT security, physical security, supply chain security, product management security, and health, safety and environmental programmes into a centralised organisation and governance model.

No longer “just a part of” compliance, legal or auditing, privacy is becoming an increasingly influential, defined discipline of its own, affecting almost all aspects of an organisation. 

As a rapidly growing stand-alone discipline, privacy needs to be more integrated throughout the organisation. Specifically, the privacy discipline co-directs the corporate strategy, and as such needs to closely align with security, IT/OT/IoT, procurement, HR, legal, governance and more.

Consumers interact with brands through an increasing variety of touchpoints, from social media to retail. How secure the consumer feels within that touchpoint is a business differentiator. Security for these touchpoints is often managed by discrete groups, with specific business units focusing on areas they run. However, companies are increasingly moving toward cross-functional trust and safety teams to oversee all the interactions, ensuring a standard level of safety across each space where consumers interact with the business.  

Cloud-delivered security services are growing increasingly popular with the evolution of remote office technology. Secure access service edge (SASE) technology allows organisations to better protect mobile workers and cloud applications by routing traffic through a cloud-based security stack, versus backhauling the traffic so it flows through a physical security system in a data centre. 

Many organisations use the same security product on end-user-facing endpoints as they did for server workloads, a technique that often continued on during “lift and shift” cloud migrations. But cloud-native applications require different rules and techniques, leading to the development of cloud workload protection (CWPP). But as the applications grow increasingly dynamic, the security options need to shift as well. Combining CWPP with the emerging cloud security posture management (CSPM) accounts for all evolution in security needs. 

The COVID pandemic has highlighted many of the problems with traditional VPNs. Emerging zero-trust network access (ZTNA) enables enterprises to control remote access to specific applications. This is a more secure option, as it “hides” applications from the internet — ZTNA only communicates to the ZTNA service provider, and can only be accessed via the ZTNA provider’s cloud service.

This reduces the risk of an attacker piggybacking on the VPN connection to attack other applications. Full-scale ZTNA adoption does require enterprises to have an accurate mapping of which users need access to what applications, which will slow adoption.

This article has been updated from the original, created on 22 June 2020, to reflect new events, conditions and research.