Thoughts from Gartner’s 2018 Security & Risk Management Summit



Security Professionals Gather for Needed Insights

I always look forward to attending the annual Gartner Security & Risk Management Summit in National Harbor, Maryland. This event provides the latest insights from both Gartner and industry thought leaders, and is focused on many current challenges facing organizations today with key areas including agile architectures, business continuity management (BCM), cloud security, privacy and securing internet of things (IoT).”

In addition to the 200 vendors who showcased their security and risk related products and service offerings the event drew over 3,400 attendees, coming from a wide range of disciplines, business sizes and industry verticals. Attendees included CxOs, security and risk professionals, financial analysts, business consultants, governmental agencies and others who have a curiosity for this space.

Security Spending Projected to increase in 2018

Gartner has forecasted security spending to be “robust” in 2018, with growth expected to be in the high single digits. Areas highlighted as top priorities for this spending included identity related tools, such as the Identity Access Management (IAM) tools. Gartner has said that the most important element of any cloud and mobile security strategy is an appropriate IAM strategy.

As targeted attacks continue to plague organizations of all sizes and types, this unmet need has spurred investment across the security landscape. Spending in this area includes threat intelligence (TI), analytics, profiling and anomaly detection, and endpoint and network activity monitoring.

Key Takeaways Support Sumo Logic Survey

In March of this year Sumo Logic conducted a global survey of IT and Security professionals, the 2018 Global Security Trends in the Cloud report, to better understand the security challenges they are facing as they continue to adopt cloud architectures and invest in modern applications. The key findings from this survey boiled down to three areas:

• Security in the cloud creates new challenges and need for collaboration
• Traditional on-prem security information & event management (SIEM) solutions are not a fit for cloud
• New models are needed to break down silos of people, workflow, and technology

I guess it should have been no surprise that many of the Gartner session themes, guidance and recommendations were focused around many of the same pain points and observations.

Cloud Security Needs Collaboration

As with our global survey, collaboration was highlighted as a core competency needed to address the risks and security needs associated with digital innovation. The collaboration theme was apparent in a number of the sessions at the event, including:

“Digital Transformation Requires Integrated Risk Management” by Gartner analyst Earl Perkins. He stated that digital transformation is “the ultimate team sport” where “events and risks are shared.” He further emphasized that “effective risk management of a digital business is an interdependent connection of risk management systems.”

“The 5 Security Roles You Must Plan for in the Digital Era” by Gartner analysts Matthew T. Stamper and Sam Olyaei. They depicted collaboration as a critical criteria for selecting a successful security leader as well as becoming one yourself. According to Gartner, a successful security leader “Collaborates with other members of formal/informal teams in pursuit of common mission, vision, value and goals.”

“Security Strategies and Architecture for Hybrid Data Center Infrastructures” by Gartner analyst Neil MacDonald. Neil highlighted the benefits of development and operations collaboration (DevOps), with data showing that organizations who are adopting these methodologies are seeing “faster cycle times and realization of business value.” And further, “by 2019, more than 70 percent of enterprise DevOps initiatives will have incorporated automated security vulnerability and configuration scanning for open source components and commercial packages, up from less than 10 percent in 2016.”

SIEM Challenges in the Cloud

SIEMs were also a common area of focus due to the challenges many are facing with today’s modern cloud and application infrastructures. In Gartner analyst Toby Busa’s session titled “The Evolution of SIEM,” Toby stated that “SIEM technology buyers are still frustrated with the complexity of using the tools” and he also recommended that organizations “be prepared to embrace SaaS SIEM in the future as maturation and standardization occurs.” Interestingly enough, our cloud security survey revealed the same sentiment.

SaaS SIEM is a concept that Gartner analysts Anton Chuvakin and Augusto Barros covered in a recent publication “Selecting and Deploying SaaS SIEM for Security Monitoring” and is an area of expanding focus in Sumo Logic’s growing security product roadmap. A SaaS SIEM goes beyond cloud-based SIEM in that it follows the National Institute of Standard and Technology (NIST) model for SaaS.

• Delivered as a service when the infrastructure, application and licenses are maintained by a provider
• Delivered remotely over the internet
• Scalable and elastic, based on customer demand
• Priced by consumption — pay-as-you-go (PAYG) — and subscriptions

Like Sumo Logic’s key benefits, SaaS SIEM advantages include:

• Simplicity of deployment and operation
• Always-current capabilities
• Close vendor support and monitoring
• Beneficial economics
• Cloud-native functionality
• Easier managed service enablement
• Easier use-case expansion due to lack of hardware limits
• Faster product improvements, stemming from the vendor’s access to data
• Superior model for centralized log management (CLM)

Break Down Silos in the Cloud

As organizations move to the cloud to leverage the available scalability, agility and flexibility benefits, they are finding that legacy silos can slow the realization of those benefits. The concept and benefits of DevOps and DevSecOps was covered across many sessions at this year’s Summit. Here are a few of the highlights:

In Gartner analyst Michael Isbitski’s session titled “How to Adapt Application Security Practices for DevOps,” Michael shared results from a recent Gartner survey that showed that, “69 percent of organizations are evaluating or piloting DevOps and the other 31 percent are actively implementing or scaling DevOps.

In “Leadership Vision for Security and Risk Management, 2018” presented by Gartner analyst, Tom Scholtz, he suggests organizations implement the use of a Continuous Adaptive Risk and Trust Assessment (CARTA) approach to managing security. Tom highlighted seven imperatives (below) in this model that require the breaking down of silos for success in managing security.

In “10 Principles of a CARTA Approach and Implications for Your Security Organization” presented by Gartner analyst, Neil MacDonald, he suggested the use of a CARTA approach to managing security. Neil recommended to the audience that within the next 90 days they should “reimagine security as a set of continuously improving, data-driven processes with feedback loops.” Furthermore, he suggested that attendees take action and “stop slowing down the business and users in the name of perfect security, and to proactively get involved in DevSecOps projects.”

Stay Connected + Additional Resources

• If you would like to learn more about managing security and compliance with Sumo Logic, check out our Security and Compliance Solutions and Modern Cloud Security and Compliance solutions briefs.
• If you are already a Sumo Logic customer please join us at our upcoming user conference, Illuminate, September 12-13, to engage with peers and Sumo Logic experts on the value of a machine data analytics platform to deliver real-time insights for your operations, security, business and customer experience needs.