GARTNER Analysts Explore the New Risks of Digital Business at Gartner Symposium/ITxpo 2015, September 28-30 in Cape Town, South Africa
Gartner, Inc. today said organizations must invest in three risk disciplines to increase trust and resilience. Running a digital business presents business leaders with an increasing level of complexity and new threats, and this requires a change in their approach to IT risk and cybersecurity.
'We are at the intersection of two major macro trends,' said David Willis, Gartner vice president and distinguished analyst. 'The first is the transformation to a digital business. The second is the growing capacity and sophistication of digital adversaries to breach our defenses and cause major business disruptions in business operations.'
Gartner analysts are discussing the new risks of digital business during the annual Gartner Symposium/ITxpo 2015, which is taking place in Cape Town until September 30.
CIOs are feeling the impact of the digital business age. Of the CIOs in the 2015 Gartner CIO Survey, 89 percent said that digital business would create new types and levels of risk.
'Inside and out, organizations are architected for agility and convenience, not resilience,' said Mr. Willis. However, the architectures that offer agility and convenience to enterprises and their customers are the same ones that attackers use to gain comprehensive access to enterprise systems once they get a foothold anywhere in the extended value chain.
'Regulatory compliance is insufficient to protect the business and its customers,' said Mr. Willis. 'The emerging standard is resilience, meaning the ability to recover rapidly from unforeseen circumstances.'
Organizations must invest in three risk disciplines to increase trust and resilience:
- Rearchitect the foundation to make people, processes and technology more resilient:
The transformation to full-scale digital business extends well beyond the IT organization, impacting the design and staffing of nearly every business function. Its sheer scale underscores the importance of applying resilience to people, processes and technologies. In the next decade, trade-offs between convenience and resilience will be driven by increasing regulation. Significant investment will be required throughout the organization to meet the challenge of resilience, a much higher bar than regulatory compliance.
- Increase awareness to build trust and resilience:
Most of the high-profile cyberattacks on organizations in recent memory began with a 'phishing' attack - meaning a psychological manipulation - on a single enterprise employee, and only awareness on the part of the employee could have prevented the consequences. 'Technology alone cannot and will not protect the individual and the enterprise from carelessness or malicious actors,' said Mr. Willis.
Personal awareness and responsibility with respect to safety and propriety must become priorities for the business. 'Organizations must replace once-a-year compliance-oriented training with ongoing awareness campaigns. In addition, as the lines between personal and business technology are blurring, organizations should also consider extending protections to employees at home,' Mr. Willis added.
- Extend governance to build trust and resilience throughout the ecosystem:
Malicious actors now include nation states, and no single organization can successfully defend itself against such opponents, let alone against operational failures deep within the enterprise's ecosystem.
The risks to digital businesses go far beyond the walls of the enterprise, and governance processes must follow. 'Organizations must broaden and deepen internal governance, look to their ecosystems for additional support, and lend their influence to the creation of common defenses,' said Mr Willis.
Trading security in favor of convenience for employees and customers is routine in this era. Now the scale and ferocity of assaults on businesses - and the underlying interdependent complexities of digital business - should signal organizations to shift trade-offs toward resilience in both business and IT operations. 'Within a few years, regulation will speed that shift and organizations should expect the risks of digital business to increase in the meantime, and plan accordingly,' concluded Mr Willis.
Additional information for Gartner Symposium/ITxpo 2015 in Cape Town, September 28-30. Additional information from the event will be shared on Twitter at http://twitter.com/Gartner inc and using #GartnerSYM.
About Gartner Symposium/ITxpo
Gartner Symposium/ITxpo is the world's most important gathering of CIOs and other senior IT executives. This event delivers independent and objective content with the authority of the world's leading IT research and advisory organization, and provides access to the latest solutions from key technology providers. Gartner's annual Symposium/ITxpo events are key components of attendees' annual planning efforts. IT executives rely on these events to gain insight into how their organizations can use IT to overcome business challenges and improve operational efficiency.
Contacts
About Gartner
Gartner, Inc. (NYSE: IT) is the world's leading information technology research and advisory company. The company delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, Gartner is the valuable partner to clients in approximately 10,000 distinct enterprises worldwide. Through the resources of Gartner Research, Gartner Executive Programs, Gartner Consulting and Gartner Events, Gartner works with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, USA, and has 7,100 associates, including more than 1,500 research analysts and consultants, and clients in 90 countries. For more information, visit www.gartner.com.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an 'as-is' basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.
|
distributed by
|
