SlideShare utilise les cookies pour améliorer les fonctionnalités et les performances, et également pour vous montrer des publicités pertinentes. Si vous continuez à naviguer sur ce site, vous acceptez l’utilisation de cookies. Consultez nos Conditions d’utilisation et notre Politique de confidentialité.
SlideShare utilise les cookies pour améliorer les fonctionnalités et les performances, et également pour vous montrer des publicités pertinentes. Si vous continuez à naviguer sur ce site, vous acceptez l’utilisation de cookies. Consultez notre Politique de confidentialité et nos Conditions d’utilisation pour en savoir plus.
Il bisogno di nuove tecnologie ha spinto IDC ad aggiornare le sue previsioni di spesa per le soluzioni e i servizi di sicurezza. La spesa mondiale in sicurezza supererà nel 2019 il tetto dei 100 miliardi di dollari, raggiungendo per l’esattezza i 103,1 miliardi di valore, in crescita del 9,4% sul 2018. Qui allegato un abstract della presentazione che Giancarlo Vercellino, Associate Research Director di IDC Italia, ha portato alla IDC Security Conference di Milano il 14 maggio 2019
Prediction 1: By 2022, enforcement of PII laws will severely impact at least 1 G2000 firm by imposing a huge fine and restriction of trading, raising C-suite concern, and inducing annual reporting on digital risk. Prediction 2: By 2021, fully 50% of legitimate security alerts will have an automated response, untouched by human analysts. Prediction 3: 90% of managed security services customers will adopt threat life-cycle services by 2024, rising from 50% in 2019. Prediction 4: By 2024, quantum computing will have evolved enough that 25% of nation-states will have the means to decrypt current public key infrastructure technologies. Prediction 5: By 2024, 20% of digital personae are linked to a verifiable government identity. Prediction 6: In 2019, there are roughly 1,400 companies offering cybersecurity services or products of significance; by 2023, the number of cybersecurity companies will drop by nearly 40% from 2019. Prediction 7: By 2021, demand for key management as a service will rise by 20%, with an emphasis on native encryption services from public cloud providers. Prediction 8: By 2022, anonymity will only exist on the dark web; 100% of those conducting commerce or social activities will be either pseudonymous (identity protected but available with court order) or identified. Prediction 9: By 2024, the United Nations will endorse an "internet blockade" as an economic sanction against at least one violating country or regime. Prediction 10: By 2023, data migration projects associated with adoption of big data analytics platforms will prompt security teams to eliminate siloed and encryption solutions and consolidate 30% of encryption spend.
The intelligent core provides the following DX security capabilities: Cognitive Security - security analytics that process and evaluate activity in seeking out attacks, malicious activity, and other threats. (Threat Management) User Behavior Analytics – leverages activity of users, data, and applications in support of digital transformation environments. (Identity Management) Hardened Components – the bastion of hope needs to be protected as a bastion host, so each individual component must be given a high level of focus to ensure that it is as secure as possible. (Vulnerability Management) Blockchain Services - capabilities to strengthen and protect the confidentiality and integrity to provide assurance and digital trust to activity driving digital transformation and ultimate business value. (Trust Management) Rights Management – adding least privilege, policy, and duration to encryption of unstructured data throughout its lifecycle. (Trust Management)
The DX security focus for integration services revolves primarily around threat and vulnerability management capabilities. Integration services incorporates the following security capabilities: Dynamic Authentication – applies various techniques for user and device validation during normal operations and use of systems, often in response to perceived changes in risk. (Identity Management) Security Orchestration - applying structure and rules for managing resources and processes through automation to meet the dynamic speed requirements of digital transformation. (Vulnerability Management) Security Information and Event Management – continued evolution to incorporate context, threat hunting, and security playbooks into a security operations center (SOC). (Threat Management) Roots of Trust and Certificate Management - Creates “tethers” of cryptographic integrity and confidentiality that tie ephemeral data and application components to more static, protected resources. (Trust Management)
DX Security solutions for Developer Services include the following types of solutions: Multifactor authentication with Federation – incorporating the capabilities of devices and third party services in a dynamic environment that validates the users. (Identity Management) PaaS / API Security and DevSecOps – rearchitecting IT application components to align security with development procedures and ultimately “build in” security to a solution. (Vulnerability Management) Threat Modeling – evaluating an application architecture by assessing the data flow and control flow for risks associated with confidentiality, integrity, and availability. (Threat Management) Bill of Materials and Software Safety Data Sheets – creating registers or manifests for software that defines appropriate use to build into security controls and meet security objectives. (Trust Management)
DX Security solutions for Engagement Services include: Federation and Notification Services – leveraging external resources for federated single sign-on and interactions with users for opt-in and consent. (Identity Management) Software-defined Security – creating architectures with increased separation and application-layer protection based on users rather than geographically-oriented perimeters. (Vulnerability Management) 3rd Party Risk Scores – external validation of the security posture of an organization based on publicly available configuration and activity information. (Vulnerability Management) Threat Intelligence and Deception – extending the capabilities of the SOC to incorporate information and techniques to more proactively address attacks and potential breaches. (Threat Management) Compliance and Cyberinsurance – employing business measures to address regulations and other policies associated with third party risks. (Trust Management)
In the Identity Management realm, consumer rights and privacy are of utmost importance, whether for direct or indirect consumers and other individuals. In the Vulnerability Management arena, organizations can often demonstrate an interest in strengthening their software by encouraging security research with bug bounties. In Trust Management, organizations must confer with business partners through business contractual and technical means to share information about each others’ risk management programs. In Threat Management, sharing information about attacks with the government and industry signals key willingness to maintain a system that is trustworthy overall.
The first two of these levels involve technical risk management and cybersecurity program requirements. These elements are necessary for any digital activity, as we’ve seen time and again when some breach leads to a loss of trust and ultimately lawsuits and other losses. These first two Levels have been described in more technical detail in DX Security: A Security Model for the DX Platform (IDC Doc #US43782818, Jun 2018).
While digital trust starts with cybersecurity in the form of technical risk management, the second two levels of the digital trust model involve reputation management for both discrete digital activities as well as the overall company. Reputation is often more ambiguous and challenging – like trust itself – and can be swayed in a number of ways. Positive and negative reputations often arise from information determined or identified in the first two Levels, though reputation can also be affected in other ways.
Le mutazioni del rischio IT nell’era della privacy e dell’intelligenza artificiale
Shapeshifting IT risk
in the era of Data Privacy & AI
IDC Security Conference
Milano, 14 Maggio 2019
What we are talking today
A STORY OF THREE SHIFTS
A WIDER NOTION OF IT RISK
� IDC 3
The future of IT Security is full of buzzwords
� IDC 4
What lies at the roots of business priorities
Ease of Access to
Source: IDC Italy, 2019 (respondents n=300, business over 50 employees;
FOCUS SHIFTS FROM DATA TO PEOPLE
� IDC 5
Security is still the enabler of business innovation
SECURITY AS EXPENSE CATEGORY
SECURITY-ENHANCED VALUE PROP
Source: IDC Italy, 2019 (respondents n=300, business with more than 50 employees; weighted extrapolation to N= 25.000)
� IDC 6
Changing from IT Security to Digital Trust
NEW SECOPS AREAS
� IDC Visit us at IDCitalia.com and follow us on Twitter:
SHIFT IN PROTECTION: FROM DATA TO PEOPLE
SHIFT IN TARGET: FROM IDENTIFICATION TO DE-IDENTIFICATION
SHIFT IN VALUE PROP: FROM RISK MGMT TO TRUST MGMT
Viale Monza 14
Tel: +39 02 28457339
Research & Consulting