Gartner發佈2021年八大安全和風險管理趨勢

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根據全球領先的","attrs":{}},{"type":"link","attrs":{"href":"https://www.gartner.com/cn","title":null,"type":null},"content":[{"type":"text","text":"信息技術研究","attrs":{}}]},{"type":"text","text":"和顧問公司","attrs":{}},{"type":"link","attrs":{"href":"https://www.gartner.com/cn","title":null,"type":null},"content":[{"type":"text","text":"Gartner","attrs":{}}]},{"type":"text","text":"的報告,隨着新冠疫情加速","attrs":{}},{"type":"link","attrs":{"href":"https://www.gartner.com/cn/newsroom/press-releases/gartner_2021_0","title":null,"type":null},"content":[{"type":"text","text":"數字化業務轉型","attrs":{}}]},{"type":"text","text":"並給傳統網絡安全實踐帶來挑戰,爲了能夠快速重塑自己所在的企業機構,安全和","attrs":{}},{"type":"link","attrs":{"href":"https://www.gartner.com/cn/newsroom/press-releases/gartner_2021_0","title":null,"type":null},"content":[{"type":"text","text":"風險管理領導者","attrs":{}}]},{"type":"text","text":"必須應對八大趨勢。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Gartner研究副總裁Peter Firstbrook先生表示:“第一個挑戰是技能缺口。80%的企業機構告訴我們,他們很難找到和僱用安全專業人員,71%的企業機構表示這影響了他們在企業機構內部交付安全項目的能力。”","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2021年安全和風險領導人面臨的其他主要挑戰包括:複雜的地緣政治局勢和不斷增加的全球法規、工作空間和工作負載從傳統網絡遷移、端點多樣性和地點的迅速增長以及不斷變化的攻擊環境,尤其是勒索軟件和商業電子郵件入侵。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"以下八大趨勢反映了預計將對行業產生廣泛影響並具有巨大變革潛力的商業、市場和技術動態。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"趨勢一:網絡安全網格(Cybersecurity Mesh)","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"網絡安全網格是一種可以在最需要的地方部署控制措施的現代化安全方法。網絡安全網格不是讓每一個安全工具在“孤島”中運行,而是通過提供基礎安全服務以及集中策略管理和協調,使各工具之間實現互操作性。現在許多IT資產都在傳統企業邊界之外,而","attrs":{}},{"type":"link","attrs":{"href":"https://www.gartner.com/cn","title":null,"type":null},"content":[{"type":"text","text":"網絡安全","attrs":{}}]},{"type":"text","text":"網格架構使企業機構能夠將安全控制措施擴展到分佈式資產。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"趨勢二:身份優先安全機制(Identity-First Security)","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一直以來,“任何用戶都可以隨時隨地訪問”(常被稱爲“身份即新安全邊界”)是一個可望而不可及的目標。由於技術和文化的轉變,再加上疫情期間大多數人都在遠程辦公,這一理想已成爲現實。身份優先安全機制將身份置於安全設計的中心位置並要求大幅改變傳統的局域網邊緣設計思路。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Firstbrook先生表示:“SolarWinds被攻擊事件表明,我們在身份管理和監控方面做得還不夠好。我們在多重認證、單點登錄和生物識別認證上花費了大量的資金和時間,但卻忽視了通過有效監控身份驗證來發現針對這一基礎設施的攻擊。”","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"趨勢三:繼續爲遠程辦公提供安全支持(Security Support for Remote Work is Here to Stay)","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https://www.gartner.com/cn/newsroom/press-releases/gartner_2021_0","title":null,"type":null},"content":[{"type":"text","text":"Gartner 2021年首席信息官議程調查","attrs":{}}]},{"type":"text","text":"顯示,目前有64%的員工能夠在家辦公。根據Gartner的調查,疫情後至少有30%至40%的人會繼續在家辦公。爲了應對這一轉變,許多企業機構需要重新設計適合現代化遠程工作空間的政策和安全工具。例如需要將端點保護服務遷移至雲端交付的服務。安全領導人還需要重新審視數據保護、災難恢復和備份政策,確保它們仍然適用於遠程環境。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"趨勢四:對網絡敏感的董事會(Cyber-Savvy Board of Directors)","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在","attrs":{}},{"type":"link","attrs":{"href":"https://www.gartner.com/cn","title":null,"type":null},"content":[{"type":"text","text":"Gartner 2021年董事會調查","attrs":{}}]},{"type":"text","text":"中,董事們將網絡安全評爲僅次於監管合規的企業第二大風險源。現在,大型企業開始在董事會層面成立專門的網絡安全委員會,該委員會由具有安全專業知識的董事會成員或第三方顧問領導。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Gartner預測,到2025年40%的董事會將設立專門的網絡安全委員會並由一名具備相關資質的董事會成員監督,而現在這一比例還不到10%。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"趨勢五:安全廠商整合(Security Vendor Consolidation)","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Gartner ","attrs":{}},{"type":"link","attrs":{"href":"https://www.gartner.com/cn/newsroom/press-releases/gartner_2021_0","title":null,"type":null},"content":[{"type":"text","text":"2020年首席信息調查官效力調查","attrs":{}}]},{"type":"text","text":"發現,78%的首席信息安全官從其網絡安全廠商組合中獲得的工具達到16個以上;12%達到46個以上。企業機構中數量衆多的安全產品增加了複雜性、集成成本和人員需求。在Gartner最近的一項調查中,80%的IT組織表示,他們計劃在未來三年內整合廠商。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Firstbrook先生認爲:“首席信息安全官希望整合他們必須使用的安全產品和廠商數量。通過減少安全解決方案的數量,他們可以更加輕鬆地正確配置這些解決方案並對警報作出響應,進而改善安全風險態勢。但購買一個功能廣泛的平臺可能會帶來成本和部署時間方面的不利影響。我們建議關注長期總擁有成本(TCO),以此作爲衡量成功的標準。”","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"趨勢六:隱私增強計算(Privacy-Enhancing Computation)","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"隱私增強計算技術正在不斷湧現。這項技術可以在數據被使用時(而不是在數據靜止或移動時)保護數據,從而實現安全的數據處理、共享、跨境傳輸和分析,甚至在不可信環境中也不例外。該技術在欺詐分析、情報、數據共享、金融服務(如反洗錢)、製藥和醫療方面的部署量正在增加。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https://www.gartner.com/cn","title":null,"type":null},"content":[{"type":"text","text":"Gartner預測","attrs":{}}]},{"type":"text","text":",到2025年50%的大型企業機構將採用隱私增強計算來處理不可信環境或多方數據分析用例中的數據。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"趨勢七:入侵和攻擊模擬(Breach and Attack Simulation)","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"入侵和攻擊模擬(BAS)工具正在不斷出現,爲企業機構提供持續性的防禦態勢評估,挑戰滲透測試等年度定點評估所提供的有限可視性。如果首席信息安全官在其定期安全評估中加入BAS,他們就可以幫助他們的團隊更有效地識別安全態勢缺口並更高效地確定安全舉措的優先級別。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"趨勢八:機器身份管理(Managing Machine Identities)","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"機器身份管理的目標是爲與其他實體(如設備、應用、雲服務或網關)交互的機器建立和管理身份信任。現在,企業機構中的非人類實體日益增加,這意味着機器身份管理已成爲安全策略中的重要組成部分。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"關於Gartner","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Gartner,Inc.(紐約證券交易所:IT)是全球領先的","attrs":{}},{"type":"link","attrs":{"href":"https://www.gartner.com/cn","title":null,"type":null},"content":[{"type":"text","text":"信息技術研究和顧問公司","attrs":{}}]},{"type":"text","text":",也是標準普爾500指數包含的上市公司之一。Gartner爲企業領導者提供必不可少的見解、建議和工具,以幫助他們達成其優先處理的關鍵事項及建設在未來能夠取得成功的企業機構。Gartner完美結合了專家主導、來源於從業者的資源和數據驅動的研究,使客戶能夠在最重要的問題上做出正確的決策。Gartner的客戶遍及100多個國家的14,000個企業機構,覆蓋各行各業、各種企業規模的主要職能部門。這些客戶都深信Gartner是客觀的資源提供者和重要合作伙伴。欲瞭解更多Gartner如何幫助決策者推動企業未來發展,請訪問 ","attrs":{}},{"type":"link","attrs":{"href":"https://www.gartner.com/cn","title":null,"type":null},"content":[{"type":"text","text":"https://www.gartner.com/cn","attrs":{}}]}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章