Announcing Gartner’s New Impact Radar for Security

We recently published our annual Impact Radar for Security market. The radar maps the various emerging technologies and trends (ETTs) which would influence the security market. The impact of these ETTs may be immediate or it may go as long term as 8 years into future.

It is important to be aware of these ETTs to keep up against the ever evolving and advancing threat landscape. One must remember that today’s hacker is not some college guy in basement but rather a skilled expert operating at the forefront of the technology. They can launch sophisticated attacks such as AI driven large scale, automated DDoS. Or they may use machine learning to learn and mimic an organization’s environment and avoid detection by security systems.

It is unlikely that one can continue to fight such advanced attacks with legacy technologies. After all, as Gartner has always maintained, security is a never-ending game of chess. Your organization is safe and secure only till a more advanced and skilled hacker comes your way!

You can use the radar to understand the key technologies which we think will have a significant impact on the security industry and start identifying the ones which you can adopt and implement.

Reading an Impact Radar

To understand the placement of each technology, look at two parameters – 1. Mass (size of the bullet) and 2. Range (distance from the center). Higher the mass and closer the proximity to the center, the sooner a technology will make a sizeable impact.

For example, if we look at the ‘Now’ bubble, we can see that Cloud Workload Protection Platform (CWPP) is expected to make a significant impact in the near future. This is due to growing proliferation of the cloud services, both public and private, which offer substantial benefits to organizations albeit with increased risks. Thus, technologies such as CWPP will become necessary capabilities for most organizations migrating to cloud. While others such as ‘OT Security’ will likely have medium impact in similar timeframe.

Before we move onto some of the interesting technologies that are mapped on the radar, let us dive a little deeper into how exactly we have mapped each technology on the radar. It’s simple really – just throw in a bit of industry expertise, insights from hundreds of discussions with clients, multiple spreadsheets with data on industry adoption and voilà, you have an impact radar! I will still try and summarize the science behind it. Basically we have evaluated each technology on two aspects:

Mass – This quantifies the impact of the particular technology on existing products and markets. To do that we have factored in the technology’s breadth and depth.

• • Breadth analysis focuses on how wide is the impact across industries, business functions, geos, etc.
  • Depth analysis focuses on how disruptive is the ETT to the current state of products from minor evolution to full replacement

Range – This explains how close the technology is to early majority adoption. We have based this assessment on two factors:

• • Distance = number of customers as a % of the early majority target
  • Velocity = the % growth rate in investment, vendor growth and customer growth

Here are three technologies that I found most interesting:

Passwordless Authentication

Imagine a world without passwords! A wonderful world, isn’t it? And it looks even better when it comes with more security, reliability, and safety for our organizations and employees. This is exactly what the ‘Passwordless Authentication’ technologies strive to offer.

Passwordless authentication does not mean complete removal of anything like a password. Rather it may use alternate and more efficient ways to authenticate a user such as PINs local to the person’s device, and use of public key cryptography. This will improve the UX for customer use cases and reduce authentication burden on workforce in employees use cases. All this with the security benefit of not requiring a password which can be stolen.

The standards introduced by Fast IDentity Online (FIDO) Alliance are likely to accelerate interest and adoption of passwordless authentication methods.

Homomorphic Encryption (HE)

This technology enables arbitrary mathematical functions to be computed on encrypted data sets. Multiple parties can jointly work on a dataset without ever revealing their individual inputs.

For e.g. If I hire a cloud analytics vendor to run some computations for my organization then I am up against risk from two directions. 1. What if the vendor’s security is compromised? 2. What if the vendor itself turns malicious and steals my organization’s data? Homomorphic encryption techniques would be an answer to both cases. Since the data always remains encrypted, even when it is undergoing computations, the data remains encrypted throughout its lifecycle and is never revealed publicly.

Application of HE to practical problems has been limited due to computational costs. The technology is still in extremely nascent stages of adoption within commercial products. However, we are now seeing lot of interest in this technology due to the large potential that it holds in relation to addressing privacy concerns and regulations.

Digital Ethics

This relates to the ethical and moral consequences associated with digital offerings and users’ interactions with those. Digital ethics intersect with security at multiple nodes including privacy regulations and compliance and consequences of technology falling into hands of malicious agents or rogue governments to control, manipulate and influence citizens at large. There are large implications for all business disciplines and not just security as well as for each industry.

Use of emerging technologies such as AI, ML, robotics and facial recognition can have far reaching impact. Thus it is important that the actions of providers and users alike are bound by code of ethics. At the same time, one must ensure that innovation cannot happen in stifled and regulated environment. The key is in balance!