IDC FutureScape: Worldwide Security and Trust - 2020 ... · IDC Advice: Full data breach disclosure...
Transcript of IDC FutureScape: Worldwide Security and Trust - 2020 ... · IDC Advice: Full data breach disclosure...
IDC FutureScape: Worldwide Security and
Trust - 2020 Predictions
Bruno Horta Soares
Leading Executive Advisor
IDC Portugal
idc.pt
Multiplied Innovation Goes Mainstream:
Thriving in the Digital Economy
© IDC | 3
IDC FutureScape: Worldwide Security
and Trust 2020 Top 10 Predictions"Transformation in security and
trust will affect every business in
every industry; no one will be
Spared, embracing change and
getting ahead of the curve is the
best prescription to be in control
of your organization's destiny
and avoid being caught off
guard.“
Michael Suby, research vice president, IDC Security
and Trust.
RISK MANAGEMENT IS STRATEGIC
A "checkbox" mentality on security and trust is no longer acceptable, and the future
consequences of being unprepared are more severe. While board level attention has often
been spoken, strategic top-down action will become the new normal.
© IDC | 4
#1 RESOLVING SKILL SHORTAGES
Hampered by perpetual security skill shortages, by 2022, 50% of tier 1
security operations center (SOC) analysts in Europe will permanently
elevate their productivity and improve operational security metrics by
harnessing artificial intelligence (AI) and machine learning (ML).
IDC Advice: Cross-train personnel in both basic IT and security skill sets. Ideally, security analytics removes the drudgery of assembling
incident timelines, websites and IP addresses visited, and details on corrupted files and memory.
#7 CYBER-RISK MONITORING
Brand and attentiveness to cyber-risk have become tightly
entwined, and by 2021, 75% of large European companies
will embed cyber-risk monitoring into their business
planning and quarterly reporting.
IDC Advice: Prioritize risk profiles across the entire organization as risk can only be mitigated, it cannot be eliminated, create and
maintain a data map to bring visibility into the data within your organization and the risks associated with it and Plan for loss events by
earmarking funds in the event of a major data breach or administrative action.
OPERATIONALLY, SECURITY AND TRUST CAN NO
LONGER BE BOLTED-ON, THEY MUST BE BUILT-IN
The days of layering bespoke technological solutions to combat the latest cyberattack are numbered.
Organizations must take a more preemptive, holistic, and reasoned approach as they arm themselves.
The first step is to embrace the perspective of inside out to security and trust.
© IDC | 7
#5 TRUST FRAMEWORK
With the business criticality of digital trust rising,
55% of European spending on security services will
be devoted to developing, implementing, and
maintaining a ‘trust framework’ by mid-2023.
IDC Advice: Create trust roles within the organization with clear responsibilities and objectives to establish accountability for managing
and maintaining trust guidelines. Communicate trust objectives throughout the organization frequently to help develop an internal
"culture of trust."
#4 INDIGENOUS CYBERSECURITY
Driven by rising aversion to "foreign" technology, 20% of
developing markets in Europe will mandate the use of
indigenous cybersecurity vendors to secure government
and critical infrastructure by 2023.
IDC Advice: The IT security challenge will not go away, so this is a long-term play. Identify the local security vendors in your market and
start creating partnerships that address your specific needs for the future.
USER EXPERIENCE IS A PRIORITY
Whether employees or customers, their experiences drive their behaviors. If
the user experience is a secondary consideration, their behaviors can unravel
initiatives aimed to strengthen security and trust.
© IDC | 10
#2 IT/OT INTEGRATION
Advancements in operational technology (OT)
visibility tools will propel 60% of major European
industrial firms to adopt an IT-OT integrated
approach to security monitoring by 2024
IDC Advice: Think holistically before applying new policies. Security teams must first gain a clear understanding of what they are trying
to protect before creating new policies and their accompanying enforcement mechanisms to an OT environment.
#6 PASSWORDLESS
Intolerant of trade-offs between superior digital
experiences and identity assurance, consumers demand
both; by 2022, 30% of consumer online transactions in
Europe will be high trust and passwordless.
IDC Advice: Evaluate IAM solutions that can securely collect and retain consumer attributes, browsing habits, purchase histories, and
other metadata that improves the overall customer experience.
TECHNOLOGICAL ADVANCES ARE CHANGING THE
WHAT AND HOW OF SECURITY AND TRUST SOLUTIONS
Cloud and edge computing, data analytics, artificial intelligence, machine learning, distributed ledger, and everywhere
connectivity and everything connected are examples of technological advances that are changing what security and
trust solutions can do and how they are delivered and consumed. Moreover, these and other technological advances
are altering buyer expectations of security and trust solution suppliers.
© IDC | 13
#3 CLOUDIFIED MSS
Shifting of workloads to the cloud is shifting
consumption of managed security services (MSS),
and by 2023, 35% of European MSS customers will
be served by cloudified MSS providers
IDC Advice: Evaluate your IT infrastructure, assets, and environment, and carefully review which services are suitable as a cloud service
and which cloud environments are effectively serviced by managed security SPs.
#9 CLOUD-BRANDED SECURITY
Innovation, opportunity, and market demand collide
to place hyperscale cloud providers directly and
permanently in the security business; by 2025, 9% of
their revenue will be attributed to security.
IDC Advice: Reduce usage of long-term support contracts for security services or tools. The coming flood of security products and services
from these hyperscale cloud providers will follow other tech cycles with lower price points for as good as if not better quality than current
market offerings.
REGULATORY INFLUENCE IS GROWING
Governments have become increasingly aware of the consequential impacts of reacting to
issues of trust, privacy, and national sovereignty brought on by a thoroughly digitized world.
Governmental influence will be more substantial and pervasive in the years ahead.
© IDC | 16
#8 DISTRIBUTED LEDGERS
Explosions in data and analysis force the adoption of
edge computing; to guarantee data provenance and
security, 20% of European enterprise data will reside
in distributed ledger systems by 2025.
IDC Advice: Build a clear view of the data life cycle for the data that you plan to generate, store, and analyze within edge and distributed
ledger environments. You must understand how to classify, separate, and manage your data, especially when it comes to the appropriate
handling of personal data under regulatory requirements.
#10 LEGISLATED BREACH DISCLOSURE
Effectively combating attacks by nation-states and
cybercriminals is data dependent, and by addressing
this dependency, 70% of European markets will
legislate full cyberbreach disclosure by 2024.
IDC Advice: Full data breach disclosure will require organizations to demonstrate accountability for the robustness of their security
policies, procedures, and technology structures. Well-managed audit trails will be needed as proof of compliance, operational integrity,
and digital trust.