The Lighter Side Of The Cloud: Intelligence
The Lighter Side Of The Cloud – 100 Lines
The Lighter Side Of The Cloud – Holiday Photos
Gartner Says Organizations Must Prepare For The Security Implications Of The Digital Workplace

Gartner Says Organizations Must Prepare For The Security Implications Of The Digital Workplace

PRESS RELEASE – STAMFORD, Conn., June 9, 2014

Gartner Says Organizations Must Prepare For The Security Implications Of The Digital Workplace

gartner-logo

Analysts to Focus on Top Security Trends at Gartner’s 2014 Security and Risk Management Summits, June 23-26 in National Harbor, MD, August 25-26 in Sydney, September 8-9 in London and September 15-16 in Dubai

Increasing adoption of a more mobile, social, data-driven and consumer-like workplace is causing the breakdown of traditional security models and strategies, according to Gartner, Inc. Gartner predicts that by 2018, 25 percent of large organizations will have an explicit strategy to make their corporate computing environments similar to a consumer computing experience. Security organizations and leaders that fail to alter strategies to accommodate a more consumerized workforce will be sidelined by engaged organizations.

Tom-ScholtzSignificant changes that impact an organization’s approach to security are underway,” said Tom Scholtz, vice president and Gartner Fellow. “Employee digital literacy has led to a growing consumerization movement within most enterprises, with employees using a wide variety of consumer-oriented apps for business purposes. Other workplace trends — such as out-tasking, globalization, networked reporting structures, shadow IT and a desire to foster employee engagement — are all impacting IT strategies. As organizations shift toward a more digital workplace, long-held approaches to security need to be re-examined.

“Implementation of a digital workplace exacerbates the IT department’s loss of control over endpoint devices, servers, the network and applications,” said Mr. Scholtz. “In a fully consumerized workplace, the information layer becomes the primary infrastructure focal point for security control. This reality necessitates a shift toward a more information-focused security strategy.”

The sheer volume of devices and access vectors implied by a digital workplace, coupled with the increase in sophisticated, dynamic attack methods and insider threats, makes the traditional approach of focusing on preventive controls (such as signature-based anti-malware, network and host intrusion prevention systems, pervasive encryption and continuous patching) increasingly ineffective. While the value of and need for preventive controls will never go away, the digital workplace reinforces the need to focus more on detective and reactive controls. In practice, this means increasing investments in context-aware security monitoring for internal and external environments, threat intelligence assessment capabilities and incident response. Pervasive, context-based monitoring and security information analytics will form the core of next-generation security architectures.

Strategies such as the digital workplace implicitly recognize that users will be given more freedom in how they use technology and information. This implies a higher level of trust that users will exhibit appropriate behavior in dealing with enterprises’ information resources. Key elements of a behavior-focused security communication strategy include considering “just in time” security awareness techniques, which remediate or reward user behavior based on the appropriateness of that behavior within the user’s context.

Effective behavior management is not produced by the mere deployment of an education program,” said Mr. Scholtz. “In addition to an education program that is focused on measurable behavioral outcomes, security leaders should develop their ability to collaborate with personnel and line-of-business managers to modify job descriptions and reward mechanisms so that they are aligned with desired security performance.”

Gartner believes that trusting the motives and behavior of individual users is a key enabler for the digital workplace. Conventional approaches to information security tend to treat everyone, including employees, with distrust. By implication, such an attitude will impede the digital workplace. However, a more people-centric approach to security will contribute to the potential success of the initiative. People-centric security (PCS) is a strategic approach to information security that emphasizes individual accountability and trust, and that de-emphasizes restrictive, preventive security controls.

PCS is based on a set of key principles, and on the rights and related responsibilities of individuals. The premise of PCS is that employees have certain rights — but these are linked to specific responsibilities. These rights and responsibilities are based on an understanding that, if an individual does not fulfill his or her responsibilities, or does not behave in a manner that respects the rights of colleagues and the stakeholders of the enterprise, then the individual will be subject to sanction. While a wholesale PCS strategy is certainly inadvisable for many organizations, it is certainly a viable concept that should be considered as part of the digital workplace.

The digital workplace implies new and different security risks,” said Mr. Scholtz. “Hence, it is imperative for the impact of the digital workplace to be properly risk-assessed. Owners of information assets involved in the initiative must be informed of the risks, and the security team must help them assess the potential impact of the risks against the expected business benefits of the digital workplace. Also, the affected information owners must sign off on any additional risk that they are willing to accept in the interest of the digital workplace.

More detailed analysis is available in the report “Prepare for the Security Implications of the Digital Workplace.” The report is available on Gartner’s website at http://www.gartner.com/doc/2720217.

This research is part of the Gartner special report “The Nexus of Forces: Social, Mobile, Cloud and Information.” The report is available on Gartner’s website at http://www.gartner.com/technology/research/nexus-of-forces. It includes links to reports, webinars and video commentary that examine the impact of the Nexus of Forces on enterprises.

About Gartner Security & Risk Management Summit

Gartner analysts will take a deeper look at the outlook for security solutions at the Gartner Security & Risk Management Summits taking place June 23-26 in National Harbor, Maryland, August 25-26 in Sydney, Australia, September 8-9 in London, U.K and September 15-16 in Dubai, UAE. More information on the U.S. event can be found at www.gartner.com/us/securityrisk. Details on the Australia event are at http://www.gartner.com/technology/summits/apac/security/. More information on the U.K. event is at http://www.gartner.com/technology/summits/emea/security. Details on the Dubai Summit are at http://www.gartner.com/technology/summits/emea/security-dubai.

Gartner, Inc. (NYSE: IT) is the world’s leading information technology research and advisory company. Gartner delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, Gartner is a valuable partner in more than 14,000 distinct organizations. Through the resources of Gartner Research, Gartner Executive Programs, Gartner Consulting and Gartner Events, Gartner works with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, USA, and has 6,100 associates, including more than 1,460 research analysts and consultants, and clients in 85 countries. For more information, visit: www.gartner.com.

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

Sorry, comments are closed for this post.

Support

Recent

Beyond Gaming: Three Practical Applications For Oculus Rift

Beyond Gaming: Three Practical Applications For Oculus Rift

Three Practical Applications For Oculus Rift  Since the announcement of the Oculus Rift in 2012 gamers and game developers alike have been frenzied trying to both get their hands on the unit or build their own proprietary VR machine. The VR gold rush has since lead to the announcement of Project Morpheus from Sony and…

The Lighter Side Of The Cloud – Due Diligence

The Lighter Side Of The Cloud – Due Diligence

By David Fletcher Please support our comics by sharing, licensing or visiting our cloud sponsors (Below). Your support goes a long way in allowing us to continue to produce our lighthearted comics each week.   About Latest Posts Follow Us!CloudTweaksEstablished in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information.…

Popular

The Cloud In 2015: Eight Trends To Look For

The Cloud In 2015: Eight Trends To Look For

The Cloud In 2015 For organizations of all sizes, in 2014 the cloud emerged as a critical part of the default consideration set when implementing any new application – in large part due to the cloud’s proven ability to handle data storage and processing demands in an elastic manner, improved verifiable standards around data security and…

Five Signs The Internet of Things Is About To Explode

Five Signs The Internet of Things Is About To Explode

The Internet of Things Is About To Explode By 2020, Gartner estimates that the Internet of Things (IoT) will generate incremental revenue exceeding $300 billion worldwide. It’s an astoundingly large figure given that the sector barely existed three years ago. We are now rapidly evolving toward a world in which just about everything will become…

Cloud Infographic: Corporate IT Security Stats

Cloud Infographic: Corporate IT Security Stats

Cloud Infographic: Corporate IT Security Stats Each week on CloudTweaks we provide a few shoutouts to companies who provide engaging and interesting infographics that reflect our readers interests.  In this case, we have an excellent infographic provided by the team at arellia.com which takes a closer look at cyber-security and some of the biggest malware threats…

Using Big Data To Make Cities Smarter

Using Big Data To Make Cities Smarter

Using Big Data To Make Cities Smarter The city of the future is impeccably documented. Sensors are used to measure air quality, traffic patterns, and crowd movement. Emerging neighborhoods are quickly recognized, public safety threats are found via social networks, and emergencies are dealt with quicklier. Crowdsourcing reduces commuting times, provides people with better transportation…

PaaS vs Docker – why is it such a heated debate?

PaaS vs Docker – why is it such a heated debate?

PaaS vs Docker Docker started as just a software container on top of a Linux operating system which seemed like a simple optimization for a fat hypervisor. Its disruptive force however comes from the fact that it does force us to rethink many of the layers of the cloud stack. Starting from the way we…

Sponsored Posts

How CYOD Helps Make Hybrid Cloud More Productive And More Secure

How CYOD Helps Make Hybrid Cloud More Productive And More Secure

How CYOD Helps Make Hybrid Cloud More Productive and More Secure Recent analysis by IDG/DELL has found that companies are expecting “increased IT efficiencies” and “lowering total cost of ownership (TCO) with optimized application delivery” as they move toward hybrid cloud and private cloud deployment. In short, they expect things to work better and cost…

Cloud Logo Sponsors

hp Logo CityCloud-PoweredByOpenstack-Bluesquare_logo_100x100-01
cisco_logo_100x100 vmware citrix100
Site 24x7


Contributor Spotlight

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Branded Content Programs

Advertising