"Nexus of Forces" transforming information security
The "Nexus of Forces" is transforming the approach to information security as new requirements are brought about by social, mobile, cloud and information, according to Gartner, Inc., which predicts that traditional security models will be strained to the point that, by 2020, 60 percent of enterprise information security budgets will be allocated for rapid detection and response approaches -- up from less than 10 percent in 2013.
An increasingly mobile workforce is demanding access to systems and information at anytime from anywhere. In this interconnected and virtualized world, security policies tied to physical attributes and devices are becoming redundant and businesses must learn to accommodate new demands being made on IT while also maintaining more traditional security controls.
"We are faced with a 'perfect storm' -- the convergence of socialization, consumerization, virtualization and cloudification that will force radical changes in information security infrastructure over the next decade," said Tom Scholtz, vice president and Gartner fellow. "Organizations are changing radically -- tearing down and redefining traditional boundaries via collaboration, outsourcing and the adoption of cloud-based services -- and information security must change with them."
Scholtz added that rapidly changing business and threat environments, as well as user demands, are stressing static security policy enforcement models. Information security infrastructure must become adaptive by incorporating additional context at the point when a security decision is made, and there are already signs of this transformation. Application, identity and content awareness are all part of the same underlying shift to incorporate more context to enable faster and more-accurate assessments of whether a given action should be allowed or denied.
Bring your own device (BYOD) is one of the most significant IT transformations happening today, according to Gartner, driven by an intense desire among employees to use personally-owned devices.
Different types of organizations are likely to take advantage of different forms of externally provisioned cloud services, according to Gartner. Highly sophisticated organizations, with large amounts of data that would be of interest to either competitors or regulators, are naturally hesitant to hand over control of their data's destiny to external parties. Smaller and less sophisticated organizations not only have fewer concerns about being able to demonstrate their data protection, but they also have less ability to build and maintain their own IT infrastructure.
"The megatrends of consumerization, mobility, social, and cloud computing are radically transforming the relationship between IT, the business, and individual users. Organizations are recognizing and responding to the need to move from control-centric security to people-centric security," said Scholtz. "People-centric security focuses primarily on the behavior of internal staff -- it does not imply that traditional 'keep the bad guys out' controls have become redundant. Indeed, many of these will be essential for the foreseeable future. However, people-centric security does prescribe a major change of emphasis in the design and implementation of controls -- always trying to minimize preventative controls in favor of a more human-centric balance of policies, controls, rights and responsibilities. It tries to maximize human potential by increasing trust and independent decision making."
- get the report