Gartner research vice president, Greg Kreziman
A shift from protection to facilitation was the main message from keynote speakers at this year’s Gartner Security and Risk Management Summit in Sydney.
Keynote speakers, Gregg Kreizman, Earl Perkins and Tom Scholtz, said that the human element in security will remain the most important aspect of thwarting cyber threats going forward.
Garner research vice president, Greg Kreizman, told the packed hall that security professionals must shift their focus to desired business outcomes and that identity and access management could not be grasped too tightly.
“Legacy identity management (IM) has focussed on strong technical control, whereas new, customer focussed IM is far more concerned about business outcomes,” he said.
“A Bimodal approach is needed to facilitate digital business going forward.
“Forward-thinking security risk leaders seek methods that provide a level of trust appropriate to the risk, however, many factors they have., but they also need to meet expectations for good user experiences.”
Kreizman claimed that a people-centric approach reduced the burden of enforcing heavy controls within a business.
All three speakers stressed the importance of a shift from protection to a balance of protection, detection and response.
Gartner research vice president, Earl Perkins, stressed that this removes unnecessary restrictions on users and removes barriers to workflow and that overzealous security requirements were ineffective in the face of new malware and other forms of cybercrime.
“Cyber-criminals can either bypass the 2 factor or hijack pre-authenticated sessions,” he said.
“Legacy identity management programs focussed on workforce have concentrated on risk management and compliance, on tightly controlling access.
“This has meant that security and risk leaders have had a focussed on strong technical controls, on technology solutions.
“A customer focussed IM already has, as its starting point, a need to support business outcomes. It is wary of controlling access to tightly.
“Every company will need a unified IM program that will balance resilience, flexibility and agility, a lightness of touch to enable companies to seize new digital opportunities.
“Security and risk managers must shift their focus to desired business outcomes. The consequence of this is that security risk leaders must shift from being defenders to being facilitators. You must create IM programs that address forward-looking innovation to propel digital business”, Perkins concluded.
Sign up for CIO Asia eNewsletters.