Security Focus Must Shift From Policy To People: Gartner

by CXOtoday News Desk    Sep 02, 2015


With evolving business models, there is a shift in the way companies are devising data security strategies. It is no longer about the hardware, but it is now also about the people.

According to Gartner, by 2019, digital business adoption will compel 30 percent of organizations to implement people-centric security (PCS) strategies which is a steep rise from less than 5 percent in 2014.

Also read: Rethinking IT security in digital era

Gartner vice-president Tom Scholtz says: “PCS represents a major departure from conventional security strategies, but reflects the reality that current security approaches are increasingly difficult to manage in a digital environment.”

PCS is a strategic approach to information security that underlines individual accountability and trust, and de-emphasizes restrictive, preventive security controls.

While PCS is trust-based strategy, there are different ways proposed by Gartner analysts on building secured networks.

Endorsing the need for companies to move away from conventional strategies, Gartner research analyst Rajpreet Kaur says bringing new device will never solve the security issues in companies. It has to do with the organization’s mindset.

Speaking at the Gartner Security and Risk Management Summit in Mumbai on September 2, she said insufficient focus on users and business requirements was one of the worst security practices.

Instead of going for a new solution first check if the existing product provides the needed new solution as an add-on solution, she added.

Meanwhile, a slow transition is underway among enterprise security buyers in India. The realization is dawning on organizations that while preventive approaches to information security are important, they are not sufficient in themselves. They also need to focus on continuous monitoring and response as a central component of their security strategy.

At the summit, Kartik Sahani of RSA emphasized on the need to evolve existing tools with better visibility and workflow. “Investigate, prioritize and remediate incidents. Unleash the potential of your existing security team,” he said.

Risk-based approaches to security spending

Gartner says security spending (hardware, software and services) in India is on pace to reach $1.11 billion in 2015, up 8.3 percent from $1.02 billion in 2014.

“Security spending will continue to grow in 2016 when revenue is projected to reach $1.23 billion. Security services (that includes consulting, implementation, support and managed security services) revenue accounted for 57 percent of this total revenue in 2014, and this proportion will increase to 60 percent by 2019,” said Sid Deshpande, principal research analyst at Gartner.

“The strong growth in the security services market will be primarily because customers need external services to transform their security posture in the digital business era. Security services are typically categorized as either implementation, consulting or security outsourcing services, and many providers are beginning to offer all three categories to address customer requirements.”

“In 2015, we are beginning to see larger, more mature organizations in India focus on risk-based approaches to security spending, while smaller and midmarket organizations continue to ramp up their efforts to incrementally improve their security posture,” said Deshpande.

Key security initiatives for a majority of organizations in 2015 include: security monitoring, identity governance and administration, mobile and cloud security governance, advanced threat defense, application security, security policy and program development. And governance, risk and compliance (GRC).

“Risk and security leaders’ ability to steer their organizations through the intersection of digital business and increasing IT risk and cybersecurity threats will create resilience, differentiate their organizations, define their legacies and shape the ways that future enterprises apply technology,” said Deshpande.

“In the context of the Digital India initiative, the importance of digital risk management cannot be understated. In the era of digital business, security and risk management has to be front and center as a business imperative – this applies to the private sector (banking, insurance, telecom providers, retail, manufacturing), as well as government/public sector (smart cities, citizen services, state owned enterprises),” said Deshpande.