Gartner: IT should simplify security to fight inescapable hackers

Gartner: IT should simplify security to fight inescapable hackers

Gartner says by 2017 the typical IT organization will spend up to 30% of its budget on risk, security and compliance

On some level it may seem incongruous to many IT organizations but as security challenges mount, enterprises should take a look at their protection systems and look to simplify them — not make the more complicated — to battle hackers.

The Risk and Security officer in many enterprises today is mostly concerned with old technology risks. They’ve become obsessed with external hacks, chasing the impossible goal of perfect protection. However, 65% of CEOs say their risk management approach is falling behind, said Peter Sondergaard senior vice president of research withGartner at the consultancy’s Symposium/IT Expo this week.

“You can’t control the hackers. You can control your own infrastructure by using more automation, more outsourcing, and more network-based algorithms. Simplify your systems. We must move away from trying to achieve the impossible perfect protection, and instead invest in detection and response.”

As an example, average malware lies dormant, unnoticed, for more than seven months before it is activated or detected, Sondergaard said. IT leaders must get better at sensing these dormant threats.

Marc van Zadelhoff, vice president of IBM echoed a similar theme saying enterprises need to streamline their myriad security systems – the average large customer has 85 tools from 35 vendors — and treat security like “any other transformative problem they have.”

“Look at security as an integrated immune system rather than a random smorgasbord of capabilities. It’s a better metaphor than establishing a castle and a barricade,” van Zadelhoff said.

CIOs need to rethink their security and risk investments. Gartner recommends that enterprises move their investments from 90% prevention/10% detection and response, to a 60/40 split, added Sondergaard.

continue reading >>>