Advertisment

Security is a Fabric, Not a Bolted-On Piece

author-image
CIOL Bureau
New Update
Security is a Fabric, Not a Bolted-On Piece

Enterprise end-user security spends have been projected to rise by 9.5 per cent in 2021. But there’s more behind these numbers recently unravelled by Gartner. Prateek Bhajanka, senior principal research analyst at Gartner explains to Pratima H why humans would always stay integral even in the third wave of AI security tools, and why now traditional notions of data-centre security have gone completely out of vogue. Let’s understand some finer chinks and knots in this chain called security; or shall we say, the fabric called security.

Advertisment

The year that had gone by changed a lot of rules and games in the business world. What shift did it bring for IT security?

Enterprises may have been cloud-averse or cloud-uncomfortable to some extent before. Security was galvanised around the data centre. But now it has moved beyond the physical realm of servers. Now it has to come into action in the coffee-café where an employee opens the laptop for a meeting. The business space has become hybrid and remote and that is creating big changes for security architecture and approaches.

Has this accentuated the paradox between friction and safety? Especially now when people really need their apps or screens to be up and running in nanoseconds?

Advertisment

To a large extent, we have solved this dilemma. Now security is not applied at each level of access all the time. Single sign-ins and context-based access permissions are now taking over old models. Security is ingrained in the architecture itself. It can ensure safety without hampering user-experience and employee-experience. Security is a fabric and not something that is bolted on. What is also remarkable is that from 30 per cent in 2016, now about 100 per cent of organisations show a direct reporting line between security and the Board of Directors.

This has popped impressively in the recent Gartner report too. You mentioned that by 2025, 40 per cent of the Board of Directors will have a dedicated cybersecurity committee and teams (up from 10 per cent now). That’s encouraging. What else was interesting for you in the report?

Yes, and it solidifies the attention and importance that security-spends are getting. We estimate a figure of $2.087 million in terms of spending in 2021 but not every industry is spending with the same energy. Internet services and software publishing show 8.7 per cent of total IT spending going in security while for transport vertical it is 3.5 per cent of IT budget and BFSI shows six per cent of entire IT budget here. On average it makes up 4.9 per cent of IT budgets in India.

Advertisment

In BFSI, spending is going to go up for sure because of the hybrid workforce. Companies are ready to master the situation in case another crisis or lockdown happens. Indian organisations are now comfortable with Cloud, they are re-architecting their security from the data centre as a centre to identity and end-points as the centre of connectivity. Now identity is your perimeter.

So network security is undergoing a palpable change?

The change is in focus. Now most users are located outside the firewall so approaches like the zero-trust network access concept and continuous assessment concept are taking centre stage. Now access is based on context.

How much sense does AI make then? Especially the third-wave of AI which is highly unsupervised and claims to be proactive and ruthless to take care of adversarial AI also?

AI is witnessing a lot of interest in security uses – especially in solving the challenges of operational and routine tasks of collection from different sources, continuous monitoring, extraction, queries etc. – which can be suitable automated by AI. It can free up humans for threat-hunting and action on advanced attacks while commodity attacks can be taken care of by AI. But we would still need humans around. No tool can replace the human eye and decision-making. A human layer cannot be substituted- at least for now. Ex-in triage of attacks or acting on alerts or in creating approvals for exceptions. What is happening is that malware can reinvent itself rapidly and machine-learning spin-offs and patterns can be quite overwhelming. They can be detected in real-time with AI. But humans would stay around.

cybersecurity ai-security