A cross-functional committee (CFC) can help keep the data security strategy centered on the business. As the role evolves, CISOs must adapt to ensure that the organization can balance risk decisions with business goals. Vendors are merging data security capabilities into larger platforms to provide enhanced security beyond what each individual component could do alone. Attendees joined Gartner experts and peers and shared valuable insights into key strategic imperatives, such as establishing an agile security program; fostering a human-centric, security-conscious culture; devolving risk ownership; and establishing a new simplified cybersecurity mesh architecture. Do you buy SSE from CASB vendors or SWG vendors? And we are working on benchmarks for each.- What cybersecurity metrics should I measure?
This session will (1) debrief the three pillars in cyber risk management (2) summarize top risk projects for cybersecurity leaders with 'project cards' and (3) offer guidance on shortlisting projects. Join this session to learn of these significant evolutions, both from the regulatory as well as technology perspectives, Nahim Fazal, Learn how to fix this paradox by cocreating security standards, teaching secure coding practices, and automating security scans inside the Developers native environment. Vendors from CASB, SWG, and ZTNA markets are all marching toward this new market using different approaches.
Despite scarce resources and evolving threats, executive management and boards depend on your leadership and assurance. How organizations handle and consume data continues to rapidly evolve. Develop and maintain effective security governance across the organization. To what end? Neil MacDonald, There is no such thing as a perfect, universally appropriate model for security organizations. VP Analyst, Gartner. and Your executives only care about risk, value, and cost. Tap their unique expertise to make faster, smarter decisions. and This forms a new capability known as Data Security Platforms (DSP). Not all vendors have already achieved broad coverage. Thursday, June 09, 2022 / 10:30 AM - 11:15 AM EDT. Attendees had access to over 150 sessions of the latest Gartner research specifically designed to help security and risk management leaders meet the demands of the future. Change starts with people. From building to outsourcing to operating and evolving, this session addresses all attendees' questions on how to get started, what to evolve first and where to get the best value for their SOC investment. Endpoint now covers a wide variety of devices, and organisations invest heavily in trying to secure them. 2022Gartner, Inc. and/or its affiliates. Alex Stamos,
These sessions are available to end users only; space is limited. VP Analyst, Gartner, Thomas Lintemuth, John Collins, Christopher Ambrose,
(*Application is required.). This session will feature multiple Gartner analysts covering zero trust arguing for and against the zero trust security paradigm. This session will highlight the forces that shape network security, threats that need to be addressed, and how to think about zero trust and SASE as part of an overall network security strategy. This session highlights the importance of organizational resilience as a strategic imperative in the wake of the COVID-19 pandemic, the changing threat landscape, and the pace of digital innovation. During this presentation, we will provide insight into the new tactics being used by the bad actors not only to access your environment, but what they are doing with your data once exfiltrated.
2022 introduces new ways of working in cyber risk management -- a foundation built on adaptive governance, value generation, and cyber risk management. What are the unique security challenges of IaaS and how can they be mitigated? Director Analyst, Gartner.
Founder, Great Falls Ventures. Attendees will play a threat modeling game to learn how to identify weaknesses within an application design. We have already seen a unicorn in this space and there are a few on the bubble. VP Analyst, Gartner. Enterprises are shifting to hybrid work environments to enable anywhere, anytime access to resources that are located everywhere -- in SaaS, in public cloud IaaS with some workloads in the traditional data center. Hybrid work and cloud/everything as a service have reframed security around a zero-trust identity and API security. We will discuss the evolution of best-of-breed to the new CSMA along with pros and cons of each approach. Enable a tighter alignment between security and business. It is a series of pragmatic advice that can be implemented to improve security awareness and a better security posture throughout the business. Every year, Gartner produces impactful predictions across all practices. This track gives you practical guidance on how to manage security teams, and stakeholders, through the evolving threat landscape. When warfare happens by remote control, Net Superiority becomes the new Air Superiority, in this session Gartner and industry experts discuss the future of warfare in cyberspace, and how every enterprise is directly on the battlefield.
The design and effectiveness of risk controls can be significantly enhanced through an understanding of business processes using process mining. Our Gartner experts, who are at the top of their fields, helped attendees address their most critical challenges. VP Analyst, Gartner, Security and Risk Management (SRM) leaders should use process mining to assess risk by visualizing the logic of critical business process steps and their linkage to IT system dependencies. This session presents practical steps toward designing the right set of native and vendor layered cloud security components for your organization, Cloud security remains a challenge; we have to protect data when it is out of our control. and No one can tell you what your metrics should be until now. This session will guide you through best practices for Microsoft 365 IAM. Dale Gardner, This track helps you understand the expanding attack surface, use automation to standardize, and prepare to effectively respond to a security incident. With the rise of business technologists within global business security leaders find it hard to influence decisions being made, everywhere, all of the time. Please Note: Based on availability and eligibility you may sign-up for the session via Conference Navigator after you register for this conference. This session will discuss the reference architecture and dive deep into how to build the cybersecurity mesh architecture (CSMA). Gartner published a new Magic Quadrant for Security Service Edge (SSE) covering the cloud-delivered security services of a SASE architecture. Join us for a conclusion of the CISO Circle as our host recaps highlights and thoughts from our time together. Is there a single solution to solve all my security needs? Organizations struggle to keep the business as the focus of their data security program. Gartner has developed and vetted a prioritized list of metrics to describe the value of your cybersecurity program to satisfy the most challenging audiences including your board, CFO, COO, customers, partners and regulators. Ensuring equal but secure access to essential digital services should be a guiding principle of any digital identity initiative, and is possible with the right CIAM tools. This CISO Circle session will offer actionable insights for personal effectiveness and a beginner-friendly guided mindfulness practice. Ransomware attacks have been morphing. Every enterprise must develop its own model, taking into consideration basic principles, practical realities and the challenges of digital transformation. This track focuses on helping leaders simplify and reframe current product offerings to succeed in changed markets.
This track focuses on helping leaders simplify and reframe current product offerings to succeed in changed markets. Distinguished VP Analyst, Gartner. Join us for a discussion of the top trends that MSE IT leaders responsible for security and risk management should prioritize to stay current and proactive in protecting the organization and managing risk effectively. Assess and transform security programs to become digital business enablers.
By the same token, digital business has propelled security and risk to become a boardroom issue, business units have increased their expectations (and demand) of their leadership, and regulatory demands are often challenging. Wednesday, June 08, 2022 / 10:30 AM - 11:30 AM EDT, Dawn Hubbard,
This session will highlight the key components of tools and solutions available to security and risk leaders when managing third parties, 2021 showed that attacks are moving closer to operational or mission-critical environments where cyber-physical systems (CPS) live. The new data security law in China, effective as of September 1, 2021, has far-reaching impacts. Not to mention numerous countries who want data to be nationally processed. The presentation will define Threat Intelligence and its current adoption, provide examples of use cases and give some guidance on valuable approaches to follow to operationalize it. Cybersecurity is constantly evolving, but with it comes more complexity, which possibly gives malicious actors the advantage. MFA is still underutilized. In this session we will discuss what XDR is, how your organization might benefit from using it, and whether XDR matters to you. Security leadership must adapt and create an IT and security culture to uncover opportunities and overcome threats into our collaborative future. Tuesday, June 07, 2022 / 06:00 PM - 07:30 PM EDT. The bewildering array of cloud security patterns can make common approaches to cloud security daunting. Friday, June 10, 2022 / 10:30 AM - 11:00 AM EDT. The urgent question then, is what does "success" look like? Sr Principal, Research, Gartner, Beth Schumaecker, Privacy Policy. Wednesday, June 08, 2022 / 10:30 AM - 12:00 PM EDT. So, what will it be like in the future? Data loss prevention has always been a difficult subject to address, especially when budgets are concerned. VP, Advisory, Gartner. Balance the imperative to rapidly modernize applications with the requirement to protect them. Exchange ideas and experiences with others in similar roles or from similar organizations. Come see leading Gartner analysts discuss how the current world events are affecting the cyber threat landscape. Join us and form valuable connections with peers and Gartner experts. Bernard Woo, But do you really have what it takes? This is a must for security leadership, so that they can create an IT and security culture that leverages strengths and confronts weaknesses to uncover opportunities and overcome threats into our collaborative future. Emerging risks and top security trends are driving innovation in security and risk management. MDR is growing at more than 20% YoY on average. Sr Director Analyst, Gartner. Gartner introduces our cybersecurity value delivery benchmark. But, what is microservices architecture?
Distinguished VP Analyst, Gartner. Spanning the cycle from developers to customers, todays leaders face a wide, diverse array of both risks and ways to manage, mitigate and respond to them. Sr Director Analyst, Gartner. CIOs, CISOs and general counsel are teaming together to improve readiness for this reality. Bring your questions ranging from business process best practices, to implementation and rollout guidance. Why would you speak to them about anything else?
Keep pace with the changing technology application landscape and evolving data protection regulations. The pandemic has once again highlighted the importance of a robust endpoint security capability. Yet, day to day, seemingly small actions can collectively and progressively create a scenario where people feel marginalized. A SASE strategy enables users, devices and branches zero trust access to resources, regardless of location. Organizations of all types are having to allow work from home, some for the first time. (*Application is required.). Best speakers, brightest minds and the latest big ideas. So why is it that malware attacks such as ransomware are still so prevalent. In some industries, quarterly reports are standard. VP, Enterprise IT Leader, Gartner. Learn more aboutattending as a team. VP Analyst, Gartner. Nat Smith, Cloud-native applications are not inherently insecure, but are being deployed insecurely, driven by developers and a need for agility in service development and deployment. Identity is a critical foundation for the security of the systems that support our rapidly expanding virtual world. Motivated by financial gain, a greater volume and scope of targets means greater "success." IT leaders are seeing a proliferation of SaaS contracts. Share stories about successful security practices that enable process maturity and the move to DevSecOps, Attackers are targeting software development systems, open-source artifacts and DevOps pipelines to compromise software supply chains. Gartner published an update to the web application and API protection market last year. *Preregistration is required. Many organizations struggle to correctly implement a DLP solution or tool, keeping business requirements as the central driver for their data security initiatives. Hybrid work and cloud/everything as a service have reframed security around a zero-trust identity and API security. This session will shed light on the leadership traits that aide in a successful and balanced approach between the demands of the business and the effectiveness of the leader. Supporting these initiatives as well as delivering on business requirements for smooth, simple and secure access, and authentication decisions requires disparate IAM elements to work in concert. TechnipFMC CISO Angelique Grado decided to use the security champion model to create a master mind group, accelerating the opportunity and will share the brilliant results this has brought about over the last year.
Sessions provide advice on architecting, implementing and operating security controls for the hybrid enterprise. Organizations are building application access with Zero Trust principles. At Gartner Security & Risk Management Summit, you will hear from top Gartner experts on the best way to evolve your security strategy by reframing and simplifying your defenses to be ready for current and future attacks. Sr Director Analyst, Gartner. *Meet one-on-one with Gartner experts for tailored advice to help you achieve your most critical priorities.
One of the hottest buzzwords in the security marketplace in 2022, XDR is the must have solution for all software vendors. Check in to make sure you are current on network security offerings and how they complement each other, but stay to see how they are evolving and what new technologies will transform your current processes over the next few years. Just as COVID transitions from pandemic to endemic, the world is now gripped by the reality of hybrid warfare where kinetic actions may be local to the conflict, but cyber can impact anyone, anywhere. Your leaders are telling you they want microservices, your vendors are promising to deliver microservices, your developers want to create microservices. Where should you use it, and where should you not? Let's put SSE vendors to the test in a Showfloor Showdown! Science fiction storytelling allows security and risk management leaders, to use exciting and intriguing stories to explain the unprecedented levels of disruptions and how they will affect their organizations and industry. Facilitated by Gartner experts, these sessions challenged attendees to solve problems together, exchange their viewpoints and get to the core of the business imperatives that drive you and your peers. 2022 sits between major developments in Asia-Pacific and Europe in 2021 and the U.S. in 2023. Gartner for Technical Professionals research explores insights into the security best practices, methodologies and tools needed to ensure operational success. Distinguished VP Analyst, Gartner. Finally, we will discuss the vendor landscape from larger security vendors with full stacks to open source/distributed CSM solutions, How do you decide on which cloud security controls to deploy? In this presentation, we outline how the new approach is not only better for the revenue line, it is also better for organizational culture and employee effectiveness. This track highlights the latest trends and tools to help you improve automation and models. Reporting revenues in the $100s of Millions, todays threat landscape is witnessing a burgeoning "private sector" of threat actors with defense-grade techniques. Prepare for continuous change in the technology and threat landscape. Sr Director Analyst, Gartner. We will even discuss the management of mobile devices (iOS and Android) with MEM using MDM and MAM. TechnipFMC builds technology for energy projects, systems and services and provides expertise across subsea and surface energy engineering. Understand how the characteristics of digital business impact security architecture practices. Due to new challenges and lack of agility in program management, cybersecurity leaders struggle to mature their cyber and IT risk management practices beyond conducting assessments. With board-level interest at an all time high, leaders must be able to leverage principles of expected value and deterrence to provide assurance and value to the business. Tuesday, June 07, 2022 / 12:30 PM - 01:15 PM EDT, Bill Pray, We will examine why always-on VPN is often the wrong choice while determining what is the right one such as ZTNA, CASB, with the evolution to SASE, Friday, June 10, 2022 / 12:00 PM - 12:30 PM EDT. Techniques used by the bad actors are changing. Using data as the focus of security governance and architecture roadmaps is critical for any risk management program. Who are the new stakeholders in cloud-native security operations? Organizations have continually hoarded data because it is often considered the "new gold". This session will focus on addressing your questions when handling personal data in data lakes and data warehouses across geographies. How do you select and control service providers? Thursday, June 09, 2022 / 12:30 PM - 01:45 PM EDT. If we are to close the talent gap in cybersecurity, we must start thinking differently about how we select and cultivate talent. Deepti Gopal, VP Analyst, Gartner.
What if they suddenly announce a profound change in policy, like WhatsApp did for sharing data with Facebook? Thursday, June 09, 2022 / 10:30 AM - 11:00 AM EDT, Paul Proctor, Join us for an exclusive townhall session with VP, Distinguished Analyst Leigh McMullen as he shares Gartners latest research proposals on pricing and quantifying cyber risk. The goal is to extract the maximum value while maintaining a defensible posture and keeping privacy risk at bay. Find out how enterprise controls, cloud controls and the home office controls come together to secure the remote user experience. The network firewall market faces the challenge of fulfilling multiple use cases and overlapping requirements because of the growth of hybrid environments. Tom Scholtz, Privacy is profoundly impacting digital transformation priorities and lies at the core as organizations build new engagement models with consumers and relationships with employees. Unified endpoint management bringing together enterprise mobile and nonmobile platform management and security is one of the hottest topics in enterprise IT. Faced with a fragmented, interdependent world, cybersecurity leaders have less control over decisions around cyber risk than ever before. Security product leaders must transform their offerings to be relevant in a new world and culture, rethink strategies and anticipate new buyer needs. This session will lay out a strategic timeframe and roadmap for SASE adoption. This presentation will pragmatically explore zero trust and zero trust networking and extend these concepts to operating systems, applications, users and data. This presentation will focus on providing guidance on building an effective insider risk program. Director Analyst, Gartner. They develop OT and IOT products that need a very high level of security and risk management, the challenge to get all decentralised product teams across the business on the same level of maturity was the next leap for real improvements in this area. Instead of reactive talent planning, effective CISOs create forward-looking workforce plans aligned to strategic priorities. Security service edge (SSE) is an emerging technology that secures web, cloud services, and private apps from anywhere. Prioritize what to accelerate, unlock resources for digital investments, make meaningful cultural changes and so much more.
Instead focus on these areas: (1) What messages resonate best?
Getting control and managing a myriad of risks requires information, process changed, and automated tools to spot and help remediate problems. Come learn the future of cyber warfare and how to realize your Cybersecurity Mesh. The top trends in this presentation represent business, market and technology dynamics that security and risk management leaders cannot afford to ignore. Gartner for Technical Professionals research explores insights into the security best practices, methodologies and tools needed to ensure operational success. The number an complexity of tools and techniques that make up good application security practices can be overwhelming. John Watts,
During this session we will discuss the current market players, some key approaches to the market that are shaping its future direction and key trends that will influence how we consume SIEM in the future. Microservices architecture may be at the bottom of the Hype Cycle, but it's still wildly popular. Elle Finlayson, Tuesday, June 07, 2022 / 03:00 PM - 03:30 PM EDT, Jay Heiser,
This session will cover how to think about solutions and vendors represented in this market. Thursday, June 09, 2022 / 02:00 PM - 04:00 PM EDT, Thursday, June 09, 2022 / 02:15 PM - 03:45 PM EDT, Almost 100% of leaders have now reported to their board/executives at least once in the last two years. Paul Furtado, Ask the Expert sessions. Lean back and listen All rights reserved. Use metrics effectively to understand changes in risk exposure. This chat will be moderated by Gartner VP Distinguished Analyst, Paul Proctor. Deputy Executive Director, Technical Director, Naval Information Warfare Center Pacific. With employees using all sorts of instant messaging tools, from WhatsApp to texting, enterprises are finding challenging to protect enterprise data. Here is a spoiler, you don't need a third party to do it for you as long as you have some necessary tools and capable personnel. Join us to learn how to create a workforce strategy covering recruitment, development, retention and redeployment to meet long-term goals. Cloud-native security operations will evolve toward a federated shared responsibility model with shifting centers of gravity and ownership. Distinguished VP Analyst, Gartner, Katell Thielemann, Wednesday, June 08, 2022 / 10:30 AM - 11:15 AM EDT, Pete Shoard, In this keynote, Distinguished Gartner analyst, Paul Proctor, will share how this new standard will incentivize appropriate investments and execution leading to improved protection levels globally. Build an effective risk management program when investing in digital business. There are various application security testing tools, threat modeling processes, security requirements, as well as runtime security controls that need to be considered.
Security is seen as an obstruction to cloud adoption; this will show you how to enable without losing protection, This session will discuss the evolution of Office 365 into Microsoft 365 and the security, identity and compliance features that all organizations must implement. These sessions provided the inspiration and actionable insight to transform the most critical priorities into business results. Consistent, practical strategic planning is a prerequisite for security and risk management leaders establishing and supporting the credibility of their security programs. Dionisio Zumerle, VP Analyst, Gartner. Zero-trust strategies for network security have gained notable popularity in recent years.
Join your peers for a discussion on cloud security challenges and the solutions that have been most effective. Come meet and mingle with your peers in this welcome reception. CISOs keep generating detailed charts, dump them into 50-page decks and throw them at their executives, hoping that anyone knows what they are talking about or cares. Distinguished VP Analyst, Gartner. Among many new areas in security that are emerging, which ones should you focus on? This session introduces information-generating and decision-making techniques that architects can use to reduce risk and uncertainty in architecture decisions: Architectural Spikes, Decision Typing, Economic Frameworks, and Lightweight FMEA. Join this session to identify eight observable things that signal your SBCP is on the right path and helping to reduce human-born cyber risks in your organization. To some, zero trust is the best path forward for information security requiring a complete rethinking of security architectures. Michael Hoeck, VP Analyst, Gartner, The market for vendor risk management products and services is complex, diverse and evolving, making it difficult to know how to choose the right solution. Use our 5 step process for aligning your culture to your changing business needs.