Gartner: Security & Risk Leaders Must Embrace Automation to Drive Value

Automation is needed by security and risk management leaders.

Leveraging the ‘automation continuum’ is becoming a necessity for security and risk management leaders looking to create and preserve value at their organisation, according to Gartner.

Katell Thielemann, research vice president at Gartner, explained today to an audience of more than 3,500 security and risk management professionals at the Gartner Security and Risk Management Summit, that the automation continuum emerging in the security and risk landscape is one where new mindsets, practices and technologies are converging to unlock new capabilities. Using automation in areas of identity, data, and new products and services development were identified as three critical areas for the security and risk enterprise.

“We are no longer asking the singular question of how we’re managing risk and providing security to our organisation. We’re now being asked how we’re helping the organisation realise more value while assessing and managing risk, security and even safety. The best way to bring value to your organisations today is to leverage automation,” said Thielemann.

Automation is here and it’s all around us

Automation is already here and it’s starting to impact the security and risk world in two ways:

1. As an enabler to the security and risk function itself;

2. As new security frontiers that need to be acknowledged and understood.

“Automation follows a continuum of sophistication and complexity, and can use a number of techniques, either stand-alone or in combination,” said David Mahdi, senior research director at Gartner. “For example, robotic process automation currently works best in task-centric environments, but process automation is evolving to increasingly powerful bots, and eventually to autonomous process orchestration.”

Digital business

By 2021, 17% of the average organisation’s revenue will be devoted to digital business initiatives, and by 2022, content creators will produce more than 30% of their digital content with the aid of AI content-generation techniques.

“What this means to security and risk management professionals is that our organisations are likely building solutions and making technology-related choices often without realising the risk implications of what they are doing,” said Mahdi.

Emerging technologies and people — the great balancing act

“Automation is just the beginning. Emerging technologies will change everything and impact security and risk directly,” said Beth Schumaecker, director, advisory at Gartner. “Our reliance on data is ever increasing, yet it poses one of the largest privacy risks to organisations. In the next two years, half of large industrial companies will use some emerging form of digital twins, which will also need to be secured.”

According to Gartner, the demands of these emerging technologies and digital transformation introduce new challenges for security, altering how organisations expect security to be delivered.

“Digital transformation demands that security staff play a wider range of roles, from strategic consultants to threat profilers to product managers, which in turn require new skills and competencies,” said Schumaecker. “It’s already impossible to fill all our existing vacancies.”

Mission-critical areas in automation

Gartner suggests that the three mission-critical areas in today’s enterprises are automation in identity, data and new products or services development:

• Identity is the foundation for all other security controls, especially as the business increasingly moves to cloud environments. Identity decisions should always remain within the organisation’s control, whether it is about humans or machines.

• Data is what organisations now depend on for virtually every transaction, and it needs to be shared as much as it needs to be protected.

• New products and services developed as emerging technologies gain a stronghold, prompting organisations to adapt and push the envelope.