Insights from Gartner India Security Summit 2016Several Key Themes Emerge from Event in Mumbai
Gartner's second annual security and risk management summit, held Sept. 1 and 2 in Mumbai, offered a valuable opportunity to network with the security community and connect with Gartner's security analysts from around the world.
Most of the educational sessions were delivered by Gartner analysts, interspersed with sessions from sponsors. The exceptions to this were sessions featuring Bharat Panchal of the National Payments Corporation of India, cyberlaw expert Prashant Mali, and Aditya Menon, Citigroup's managing director of global digital strategy.
The evolving risk landscape is leading organizations to accept the inevitability of finally having to shed their longstanding focus on perimeter defense: Gartner
Menon touched on several hot trends, including use of big data analytics, blockchain in banking transactions, the evolution of identity and access management and other banking innovations.
I had plenty of opportunities to meet some old friends in security, attend some informative sessions and interview Gartner analysts, as well as security practioners. Here are some of my impressions.
Adaptive security, or context-aware security, was a key theme at this year's summit, starting with the opening keynote on the first day. Gartner believes this approach will prove essential to enabling organizations to react to continuous changes in business, technology and the threat environment.
The shift from prevention to detection and response was also a dominant theme. The analysts I spoke to believe that the evolving risk landscape is leading organizations to accept the inevitability of finally having to shed their longstanding focus on perimeter defense.
Other themes discussed in some detail included mobile security and the Internet of Things.
Trends in India
Gartner shared some revenue predictions for security for the Indian market, which I found to be particularly interesting. Gartner Principal Analyst Siddharth Deshpande said security spending in India is growing at an annual rate of about 10.6 percent, with spending for 2016 expected to total $1.12 billion. Spending is on a pace to hit $1.66 billion by 2020, he said. Security spending grew by 8.3 percent in 2015, Gartner had said last year (see: Gartner: Security Spending to Grow 8.3%).
The largest chunk of this investment pie is going to security services, including consulting, implementation, support and managed security services. Services accounted for 61 percent of spending in 2015, Gartner reported.
The growth of the services market is the result of Indian organizations' increasing dependence on third-party managed security service providers to keep pace with their digital transformation journey, Deshpande said (see: MSSPs, The Preferred Route to Skills Challenge).
The Indian market is responding to the industrialization of the cybercriminal underground and increasing volumes of cyberattacks. Organizations are increasing their security budgets to address the risks being brought on by the inexorable transition to a digital economy as well as new and evolving attack vectors.
Deshpande said organizations in India are now understanding that detection and response are increasingly more important than a focus on a defense-only strategy.
"I recommend that organizations shift their security budgets to have at least 60 percent to be spent on detection and response, up from the current 10 to 15 percent," he said.
Mature organizations that have begun to shift their focus to detection and response approaches are now looking to develop advanced capabilities, according to Gartner analysts. In addition, these organizations seem to be moving away from a technology-centric approach to security and paying more attention to people and processes.
While it's good to hear reports of progress in implementing appropriate security strategies in India, clearly most organizations still have a lot of work to do as the threat of cyberattacks continues to grow. I would wager that while vendors are pleased with the increased opportunity for business, practitioners are worried about the seemingly never-ending fight - or "security journey" as it's often put - in the months ahead.