Gartner claims new phase for security
SECURITY will become central to all new technology developments, according to analyst firm Gartner.
At the firm’s Symposium/ITxpo event in Orlando US, this month analysts from the firm claimed the security industry is moving into the third phase of its evolution and that this will involve it becoming an integral part of all new technology.
According to Gartner, the IT security industry has already been through two phases.
In phase one the security deployed by organisations was dictated by what users could do with computer power and data controlled by the IT departments.
In the second phase security fell behind user-driven IT trends resulting in the successful exploitation of technology vulnerabilities by hackers.
Now, it claims, it is moving into the third phase where security will be built into each new wave of technology when it enters the business as well as in each new business process.
“Going back to the first phase of security is not an option increased consumerisation of IT, increased mobility and new trends such as Web 2.0 mean users will gain more control, not less, at the most successful businesses,” said John Pescatore, vice president of Gartner.
“This next phase of security is about building security in as
the users’ needs move forward, not chasing them,” he stated.
According to Pescatore most businesses have responded to rising regulatory compliances by deploying one-off or reactive implementations.
However, he claimed that more mature organisations are now taking a more proactive approach to meeting compliance regulations. “This third phase of security focuses on protecting customer and business data first and then implementing automated processes and integrated compliance efforts to demonstrate how those security controls satisfy compliance requirements,” he said.
He went on to say that organisations should lay the foundation for an integrated compliance and operational risk architecture, which included integrated system controls.
According to Gartner, during this third phase, the goal for IT leaders will be to keep up with the pace of business while at the same time reducing the overall cost of security to the business.
They must also ensure that all new business systems can implement security controls and integrate into security processes.
“Companies should manage the selection of IT and IT security vendors to focus on the most
effective solutions, not the best of breed on a single product
basis, but not on a single vendor either,” Pescatore said.