Gartner Blog Network

Paul Proctor
VP Distinguished Analyst
10 years at Gartner
28 years IT Industry

Paul Proctor is a vice president, distinguished analyst, and the chief of research for security and risk management. He helps organizations build mature risk and security programs that are aligned with business need. Read Full Bio

Sony Pictures Hack: Advice-apalooza

by Paul Proctor  |  January 4, 2015

I have taken lead on organizing Gartner’s guidance to our clients following the Sony Hack revelations. Of course you have already read dozens of blogs and news articles packed with advice so why would you need more? The simple answer is that all the eyeball grabbers out there seeking to be first to print are […]

Read more »

People-Centric Security Can Help Limit Sony-esque Damage

by Paul Proctor  |  January 3, 2015

This is a guest blog entry by my colleague and friend Tom Scholtz. The compromise of several unencrypted files containing administrative passwords apparently exacerbated the impact of the Sony cybersecurity breach. Many commentators have argued that Sony should have mandated some kind of encrypted password vault solution that the sysadmins must use. The reality however […]

Read more »

Stop Picking on Sony Security over North Korea Hack

by Paul Proctor  |  December 9, 2014

It’s easy to pick on the security of a company that has just been hacked, but I don’t think it is fair, accurate, or defensible. Make no mistake, there are companies with terrible security practices who have been hacked and likely deserve derision, but I have trouble believing that Sony Pictures is one of them. […]

Read more »

Is the Internet Already Secure Enough?

by Paul Proctor  |  October 2, 2014

Is the Internet Secure Enough? How could it be? Have you read the headlines, seen the regulatory requirements, or experienced the hysteria? And yet those millenials will give away any information they have for a free taco. They seem to trust the Internet, and yet most of us don’t. Trust is an interesting concept in […]

Read more »

Gartner GRC Reset: And the Vendors are…

by Paul Proctor  |  September 8, 2014

We are 8 months in to our GRC process reset and we have selected the vendor participants for many of the use cases. For a complete discussion of our reset process, read this post. Brief context: GRC is one of the most flexible terms in the vendor lexicon, because most of them use it to describe whatever […]

Read more »

An Update on the Gartner GRC Reset

by Paul Proctor  |  July 1, 2014

This post is being updated periodically to address vendor categorization changes. Last update 9 July 2014 We are 6 months in to our GRC process reset and we have some progress to report. A quick disclaimer: This blog post contains no Gartner analysis, because to this point, our process has (mostly) been a self-selecting process. […]

Read more »

Digital Business Forever Changes How Risk and Security Deliver Value

by Paul Proctor  |  June 2, 2014

Risk and security teams are going through a major transformation. Mobile, social and cloud move business data and processes move outside of the perimeter, and outside of traditional enterprise control. Plus, these are dynamic environments with no stability or predictability. Managing appropriate levels of risk in this environment will require a new approach. Watch the […]

Read more »

Security and Privacy Remain Doomed with the Rise of Digital Business

by Paul Proctor  |  February 20, 2014

You think Target was a big deal? Get ready for more of the same thanks to the attitudes and understanding of consumers and corporate leadership. The cultural disconnect between business decision makers and technology risk remains epic. They still believe this is a technical problem, handled by technical people, buried in IT. You don’t need […]

Read more »

Information Security Headlines are Misleading

by Paul Proctor  |  February 11, 2014

The headlines are schizophrenic. One day it is “Oh no! Oh no! We’re all gonna die!” and the next day it’s “What? Me worry?” The more dangerous of these are the headlines that suggest that we are all going to be fine, because the FUD may be annoying, but organizations are always seeking an excuse […]

Read more »

Think Sochi is a Cyber-War Zone? Try Your Local Library.

by Paul Proctor  |  February 6, 2014

Richard Engle and NBC News recently posted several reports from Sochi, Russia based on an “experiment” they did. I applaud them for bringing attention to the critical condition of cybersecurity, but the report is misleading in two major respects. First, they have directly positioned this as just turning on your mobile device and computer will […]

Read more »