A few days ago, Gartner highlighted its top 10 technologies for 2017 at the Gartner Security and Risk Management Summit.
I was delighted to see that Gartner is heavily promoting the need for organisations to evaluate and consider new innovative technologies, in order to address the constantly evolving threat landscape they face. Its Vice President, Neil MacDonald, said: "security and risk leaders must evaluate and engage with the latest technologies to protect against advanced attacks, better enable digital business transformation and embrace new computing styles such as cloud, mobile and DevOps."
This only compounds NTT Security's recommendation to adopt a security architecture that is resilient, can consume change and innovation, in order to keep pace with the new technology options available.
Whilst it is nice to have a top 10, how do you prioritise what your organisation should review first?
This starts with a small matter of classification. The first is to classify the technologies into one or more of the four key areas of our Resilient Cyber Defence Architecture (RCDA); Predict, Protect, Detect, Respond. Potentially, this could look like the following and, depending on the precise technology provider, some may have more or less attributes:
- Cloud Workload Protection Platforms - Protect
- Remote Browser - Protect
- Deception - Detect
- Endpoint Detection and Response - Detect and Respond
- Network Traffic Analysis - Detect and Respond
- Microsegmentation - Protect
- Software Defined Perimeters - Protect
- Cloud Access Security Broker - Protect and Detect
- OSS Security Scanning and Software Composition Analysis for DevSecOps - Protect and Detect
- Container Security - Protect and Detect
From here, you need to understand where your existing security architecture fits across the RCDA and identify your weakest areas. This should loosely identify where to start on the top 10.
Once you start to evaluate the technologies, you will need to consider the benefits they can bring to your organisation. I wrote about this in my previous blog here.
Once you have brought all of this together, you should know precisely where to invest in order to promote the greatest reduction in your risk exposure for minimal spend.
Sounds simple right!? Well, considering the number of technology start-ups each year is in its thousands, probably not. So, if you need a hand, you know who to call…NTT Security.
Security and risk leaders must evaluate and engage with the latest technologies to protect against advanced attacks, better enable digital business transformation and embrace new computing styles such as cloud, mobile and DevOps