Rethinking InfoSec in 'Digital Business' EraGartner Summit's Fresh Look at Security, Risk Management
The Gartner Security and Risk Management Summit being held this week in National Harbor, Md., outside of Washington, has the underlying theme of securing the digital business. Gartner defines digital business as the creation of new business designs by blurring the digital and physical worlds.
See Also: Attack Surface Management: Improve Your Attack Surface Visibility
Ask people what comes first to mind when they think about the blurring of digital and physical worlds, and many will reply the Internet of Things - a smart car that can be hacked, for instance.
Those new models are based on complete integration of business concepts and technological concepts.
For me, my thoughts go back to the mid-1980s, when I wrote a story about how Massachusetts Mutual relied on its IT department to help create insurance products, a revolutionary concept at the time. It was my first realization that a business (physical) depended on IT (digital) to succeed. Within a decade, in part because of the explosion of client-server computing, nearly all businesses (and governments and not-for-profits) depended on IT to function. Without it, most organizations could not effectively compete or exist.
As the old century turned into the new one, and the Internet outburst revolutionized computing, the risks posed to the Massachusetts Mutuals of the world, with the threat of intellectual property being stolen and other nefarious threats looming, organizations had to make sure their IT was secure. We're not at the point where organizations cannot function without IT security, but that's soon coming. Still, there's a big cost to them if they don't strengthen their IT safeguards.
In this new era, organizations must integrate information security and information risk management into their business processes; they need to see them as one, not as separate silos. The blurring of the digital and physical worlds means that finance, administrative, marketing, operations, personnel, information technology, information security and risk management will integrate.
It's a point alluded to by Gartner Summit Chairman Andrew Walls in a recent conversation I had with him (see Evaluating the Risk of 'Digital Business'). He says in the era of the digital business, organizations creating new processes do so while simultaneously acquiring technology needed to support those procedures. "We're seeing organizations where the barriers or silos of practice ... have eroded and broken down," he says. "And the IT people are working hand-in-glove with the business people and the operational technology people. ... Those new models are based on complete integration of business concepts and technological concepts."
If you look at the agenda for this week's summit, the session titles read much like those of past conferences. But that doesn't mean the Gartner analysts leading them are regurgitating the same advice. Walls explains that though the core practices of IT security and risk management remain the same, this year's summit will present them with a new perspective, taking into account the new adversaries and challenges organizations face. "This year, a lot of our time will be spent looking at what the future holds for us," he says.
And that future is one in which not only the physical and digital are blurred but the business, technology and security operations of the enterprise are fused, too.
As I meet with security experts at the summit, it's a subject to which I'll be paying close attention.
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.