Skip to main content
close search
site logo
Opinion

Gartner's top 10 security projects for 2019

Published March 11, 2019
By Brian Reed
An illustration of cyber security, showing a padlock over a circuit board.
Getty

Editor's note: The following is a guest article from Gartner drawing on analyst insights from the top 10 security projects for 2019.

Security and risk management (SRMs) leaders often struggle with balancing and prioritizing investments across technology, people and processes. Security teams incorrectly assume they can successfully implement new projects without first properly verifying that they have foundational security capabilities and risk assessments in place.

Here are the top 10 security projects for 2019, five of which pictured in the second row of the graphic below are brand new or modified projects from last year:

Project No. 1: Privileged access management (PAM)

PAM projects should help organizations discover and apply appropriate controls to privileged accounts so hackers have a hard time accessing them.

PAM projects must support on-premises, hybrid and cloud environments and, at a minimum, use multifactor authentication (MFA) for all administrators and third-parties. SRM leaders can prioritize privileged access accounts through a risk-based approach (high value, high risk).

Project No. 2: Continuous adaptive risk and trust assessment (CARTA) Inspired Vulnerability Management

Based on the continuous adaptive risk and trust assessment (CARTA) approach, SRM leaders need to embrace a strategic approach where security is adaptive.

Obviously, security teams cannot patch every single vulnerability that pops up, but can significantly reduce risk by properly prioritizing the crossroad between the business value of IT and the risk associated, rather than the vulnerability alone. Look at current threat and vulnerability management products and processes to accomplish this.

Project No. 3: Detection and responses

There is no such thing as "perfect protection," but detection and response projects that consider data management and indicators of compromise (IOCs) are certainly heading that way.

Look to endpoint protection platform (EPP) vendors to provide endpoint detection and response (EDR) capabilities, then determine which capabilities will best integrate with the rest of the security program.

Project No. 4: Cloud security posture management (CSPM)

The vast majority of successful attacks on cloud services are the result of customer misconfiguration, mismanagement and mistakes. SRM leaders should invest in CPSM processes and tools to proactively and reactively identify and remediate these risks.

Project No. 5: Cloud access security broker (CASBs)

Organizations that have adopted multiple software as a service (SaaS) applications can use CASBs to increase visibility and control across multiple cloud-based services.

Project No. 6: Business email compromise (BEC)

This is the first of the new wave of security projects for 2019. SRM leaders who have problems with both phishing attacks and poorly defined business processes could benefit from a BEC project.

BEC projects should focus on both email technical controls and a better understanding of organization-specific process breakdowns, such as email-only approvals for financial transactions or data disclosures.

Project No. 7: Dark data discovery

While it's natural for SRM leaders to have an unknown amount of dark data — data that provides little value and an unmeasured amount of risk — they can still work toward reducing their data footprint and looking at vendors that support data consolidation and storage.

One strong driver for dark data discovery is gaining the ability to reduce organizational risk exposure to the General Data Protection Regulation (GDPR) and other privacy regulations.

Project No. 8: Security incident response

Since security incidents are a natural byproduct of today's digital business, a security project in 2019 should include updating security incident response policies and procedures, or completely reworking those responses based on a variety of evolving factors.

Ongoing assessment of an organization's current level of incident preparedness is never a waste of time.

Project No. 9: Container security

To ensure all containers are scanned for vulnerabilities and configuration issues automatically before being released into production, security teams tasked with securing containers must harden the continuous integration/continuous delivery (CI/CD) pipeline.

Look at container security that can secure multiple container deployments, especially emerging container as a service offerings.

Project No. 10: Security ratings services

As digital transformation matures, the risks associated with complex ecosystems become an integral part of the business. It is no longer just about the internal security and risk posture of an organization, but about the posture of suppliers, regulators, customers, business partners and platforms.

As a result, SRM leaders should leverage security rating services as an additional data point to provide continuous, independent scoring for their overall digital ecosystem — public facing assets and otherwise.

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell