Gartner Blog Network


What’s the Future of Information Security As an Infrastructure and As a Profession?

by John Pescatore  |  October 2, 2008  |  3 Comments

Joeseph Feiman, Neil Macdonald and I have had fun at Gartner security conference closing presentations in Washington and London doing an audience participative debate of that the future will look like by trying to forecast along two axes:

  • Will business be more secure or less secure in 10 years?
  • Will Information Security be viable as separate infrastructure and as a profession 10 years from now?

If you play it out to the extremes you can do some scenaric thinking about possible future outcomes:

What do you see in the future?

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: 

John Pescatore
VP Distinguished Analyst
11 years at Gartner
32 years IT industry

John Pescatore is a vice president and research fellow in Gartner Research. Mr. Pescatore has 32 years of experience in computer, network and information security. Prior to joining Gartner, Mr. Pescatore was senior consultant for Entrust Technologies and Trusted Information Systems… Read Full Bio


Thoughts on What’s the Future of Information Security As an Infrastructure and As a Profession?


  1. Hi John!

    I believe, nothing will change dramatically. New technologies penetration will bring up new threats (VoIP -> spam via VoIP, for instance), new threats will cause security innovations, it will takes from 3 to 6 years for those innovations to be adopted by business people and… surprise, surprise, for all those years business will adopt more new technologies that will bring more new security threats. It’s a neverending story.

  2. Hi, Ilya – when we did this with the audience, we forced things to the extremes. The reality is as you point out: as in chess, the bad guys generally have the white pieces and get to move first. The good guys usually have to react – but, as in chess, it isn’t always the first mover that wins.

    However, there is a story to be spun that there could be a “Maunder minimum” for threats and vulnerabilities if software engineering does stop being an oxymoron. Also, many like to say that security will just be absorbed at the lower level into IT operations and at the higher level into Risk Management. I argued quite a bit on stage about why I believe the latter will never be true and we know on the former that only routine security functions will be operationalized – and the never ended threat parade means there will always be plenty of non-routine security functions. Of course, if we really did have that Maunder minimum…

  3. I think the strength of detection is in the correlation between these three use case categories. So this should also be a part of the selection process or at least some thing to keep in mind.



Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.