The Public Eye with Eric Chabrow

Rethinking InfoSec in 'Digital Business' Era

Gartner Summit's Fresh Look at Security, Risk Management
Rethinking InfoSec in 'Digital Business' Era
Andrew Walls (right) with fellow Gartner analysts at the 2014 Security and Risk Management Summit.

The Gartner Security and Risk Management Summit being held this week in National Harbor, Md., outside of Washington, has the underlying theme of securing the digital business. Gartner defines digital business as the creation of new business designs by blurring the digital and physical worlds.

See Also: New OnDemand | Reacting with Split-Second Agility to Prevent Software Supply Chain Breaches

Ask people what comes first to mind when they think about the blurring of digital and physical worlds, and many will reply the Internet of Things - a smart car that can be hacked, for instance.

For me, my thoughts go back to the mid-1980s, when I wrote a story about how Massachusetts Mutual relied on its IT department to help create insurance products, a revolutionary concept at the time. It was my first realization that a business (physical) depended on IT (digital) to succeed. Within a decade, in part because of the explosion of client-server computing, nearly all businesses (and governments and not-for-profits) depended on IT to function. Without it, most organizations could not effectively compete or exist.

As the old century turned into the new one, and the Internet outburst revolutionized computing, the risks posed to the Massachusetts Mutuals of the world, with the threat of intellectual property being stolen and other nefarious threats looming, organizations had to make sure their IT was secure. We're not at the point where organizations cannot function without IT security, but that's soon coming. Still, there's a big cost to them if they don't strengthen their IT safeguards.

New Era

In this new era, organizations must integrate information security and information risk management into their business processes; they need to see them as one, not as separate silos. The blurring of the digital and physical worlds means that finance, administrative, marketing, operations, personnel, information technology, information security and risk management will integrate.

It's a point alluded to by Gartner Summit Chairman Andrew Walls in a recent conversation I had with him (see Evaluating the Risk of 'Digital Business'). He says in the era of the digital business, organizations creating new processes do so while simultaneously acquiring technology needed to support those procedures. "We're seeing organizations where the barriers or silos of practice ... have eroded and broken down," he says. "And the IT people are working hand-in-glove with the business people and the operational technology people. ... Those new models are based on complete integration of business concepts and technological concepts."

If you look at the agenda for this week's summit, the session titles read much like those of past conferences. But that doesn't mean the Gartner analysts leading them are regurgitating the same advice. Walls explains that though the core practices of IT security and risk management remain the same, this year's summit will present them with a new perspective, taking into account the new adversaries and challenges organizations face. "This year, a lot of our time will be spent looking at what the future holds for us," he says.

And that future is one in which not only the physical and digital are blurred but the business, technology and security operations of the enterprise are fused, too.

As I meet with security experts at the summit, it's a subject to which I'll be paying close attention.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.