Advanced methods of information security are more of a necessity than a business edge in today’s digital landscape. And as we continue to move through digital transformation, we’re learning more and better ways to keep our systems safe. Case in point: Gartner recently unveiled a new, more agile approach to security—CARTA. This new approach is about changing the way you look at security altogether. And if done right, it can give you the edge you’re looking for.
Making Security Adaptive—and Agile
In the past, I’ve talked a lot about the importance of agility in digital transformation. The pace of change in today’s business world is so fast that businesses need to be able to pivot quickly—and sometimes sharply—to stay afloat. It makes sense, then, that security must be agile, as well.
CARTA follows that logic by focusing on continuous adaptive risk and trust assessment. The approach—which is meant to apply to every level of the business, from development to HR—is meant to deliver “security that moves at the speed of digital business.” In other words: in real time.
So how does it work? CARTA recognizes that in today’s world, we’re all connected. One person’s problem is another person’s problem, whether we like it or not. That means, if your vendor is running lousy security, your system could be equally compromised because you regularly interface with them. Thus, security efforts must focus not just on internal security assessment, but on the company’s working “ecosystem” as a whole.
In effect, CARTA focuses on three phases of security risk management: Run, Build, and Planning:
- Run: threats and access protection (who is logging in, and where)
- Build: Ecosystem partners (how do they impact you)
- Planning: Governance and new vendor evaluation (forward-thinking prevention)
Yes, you understood that right: Today’s security professionals need to be thinking beyond their office or even their cloud. They need to be thinking beyond their gigantically fragmented security systems and into the hugely fragmented world. That’s a tall order.
Analytics for the Win
It likely goes without saying that analytics and machine learning play a huge role in CARTA. There is simply no way to manage the immense number of threats otherwise. Obviously: predictive analytics in the security realm are not new. In fact, you may already be using them in your business. But with CARTA, your analytic systems work to adapt to real-time information they gather from both outside threats and internal users. In so doing, it can change its security rules in real-time, as well.
For instance, one example would be a disgruntled employee who decides to hijack your network. Of course, he’s not going to do that right from his desk. He’s going to log in secretly from a remote location to reduce the chance of being found out. With CARTA, the adaptive analytics would recognize that this person is logging in from a weird location, or at a time they don’t usually work on that certain program. And in real time, it could prevent the log in, and send an alert to the employee’s manager. It’s kind of like your credit card company alerting you to weird activity on your card—it recognizes the types of things an employee usually does and adapts its security accordingly. In real time, no less! That’s the kind of security I want in my company.
Recognizing Trust is Temporary
CARTA recognizes that trust doesn’t last forever. Just like in the example above, we may trust one employee and change our opinions based on certain behavior. Thus, we can’t just have set-it-and-forget-it model of security within our organizations. That goes f or password protection, access protection, and everything in between. We need smart machines working on our behalf to find out when things are fishy—and to automatically stop them.
If you’re like me, you might be thinking this sounds a bit like DevOps or AI automation. You’d be right. The truth is, CARTA is just a new way of saying: “Hey, if we want to protect our information, we need to acknowledge that we are all connected—and that anything can, at some point, become a risk.” It’s not about buying new programs (unless you’re still in the dark ages on machine learning and analytics) or hiring more IT people. It’s about thinking bigger and smarter when it comes to IT planning. And, of course, it’s about keeping our information secure.
Daniel Newman is the Principal Analyst of Futurum Research and the CEO of Broadsuite Media Group. Living his life at the intersection of people and technology, Daniel works with the world’s largest technology brands exploring Digital Transformation and how it is influencing the enterprise. From Big Data to IoT to Cloud Computing, Newman makes the connections between business, people and tech that are required for companies to benefit most from their technology projects, which leads to his ideas regularly being cited in CIO.Com, CIO Review and hundreds of other sites across the world. A 5x Best Selling Author including his most recent “Building Dragons: Digital Transformation in the Experience Economy,” Daniel is also a Forbes, Entrepreneur and Huffington Post Contributor. MBA and Graduate Adjunct Professor, Daniel Newman is a Chicago Native and his speaking takes him around the world each year as he shares his vision of the role technology will play in our future.