Cloud Incident Response Blog | Cado Security

Highlights from London’s Gartner Security & Risk Management Summit

Written by jbowen@cadosecurity.com | Sep 29, 2023 5:16:56 PM

The Gartner Security & Risk Management Summit in London was a hub of cybersecurity insights and discussions. With a schedule packed full of informative sessions led by Gartner analysts, I was treated to a wealth of knowledge :) While it was impossible to join everything, here are the key highlights and themes from some of the sessions I had the privilege to attend:

Upleveling Skills 

One of the most prominent topics discussed focused on the persistent issue of the cyber security skills shortage, a challenge that has become even more pronounced in the context of cloud security. While in high demand, professionals with specialized cloud expertise are hard to come by. While organizations have an urgent need to adopt cloud technologies now, the intricacies of optimizing and managing these solutions are a hidden cost of adoption that may cause hesitation, thereby exposing the organization to risk. On the flip side, cloud security vendors have a significant opportunity to help organizations bridge the skills gap by making their tools easier to implement, use, and more accessible to security analysts without deep cloud knowledge. 

Shared Responsibility Model Confusion

The shared responsibility model in cloud security is a concept familiar to all, but what's truly intriguing is its intricate nature, which varies significantly among different cloud services. This complexity can give rise to confusion and misinterpretation, especially in domains such as container security. Shared responsibility model confusion was a challenge surfaced repeatedly during the cloud security-focused sessions at the Gartner conference.

Lack of Cloud Visibility has Led to Uncontrolled Attack Services

Many organizations lack visibility into what they have in the cloud. As Richard Bartley pointed out in his session, Outlook on Cloud Security, it's as if security teams "missed the launch" of their cloud migration and are now racing to secure the transformation. Development teams essentially have had the freedom to deploy resources in the cloud without robust security guardrails in place which has resulted in rapid, uncontrolled deployments, errors and misconfigurations, and security risks. It’s now critical that security teams keep pace with the speed of change and a “shift left” approach is required. Security operations (SOC) must work more closely with development operations (DevOps) to ensure security is embedded from the beginning.

Cloud Security Requires a Native Approach

In his session, Outlook on Cloud Security, Richard Bartley emphasized that while the risks in the cloud may be similar to those in traditional data centers, they require entirely different management approaches. While many organizations have taken a “lift and shift” approach to cloud security (attempting to rely solely on on-premises security tools), this is suboptimal, especially given the multitude of cloud providers and container technologies in play. Charlie Wincklesss’ session, Cloud Security 201: A Cloud Security Cookbook, also echoed this sentiment. He mentioned, for example, that cloud security demands a native approach, one that leverages APIs for visibility without the need for kernel agents. Further, automation in the cloud is essential and cloud forensics is an emerging need.

*SPM Market Convergence

Fred Sotolongo’s session, So You Need Posture Management in the “Cloud”, but Which *SPM is Right for you?, Covered the different Cloud Security Posture Management solutions and their overlap. Market convergence was a noteworthy theme. We've already seen this with Cloud Native Application Protection Platforms (CNAPP), which merges Cloud Workload Protection Platforms (CWPP) and Cloud Security Posture Management (CSPM). Smaller markets have also emerged and are growing quickly due to the expanding complexity of the cloud and the rapid adoption of cloud services. These include KSPM (Kubernetes Security Posture Management), which has exploded due to the rapid adoption of container technologies, and also SSPM (SaaS Security Posture Management) due to the number of SaaS applications in use and the complex and challenging nature of securing them.

AI and its Role in Liberating Human Capital

Artificial Intelligence (AI) was not surprisingly a hot topic at the event, with discussions covering both its benefits and its potential exploitation by bad actors. I really loved how Devo’s session broke down AI into the following groups for me:

  • Clustering: Analyzing behaviors and characteristics to identify anomalies
  • Labelling: Categorizing data based on patterns and characteristics
  • Computer Vision: Interpretation and analysis based of imagery and videos (used in various applications including self-driving cars)
  • LLMs (Large Language Models): Enabling sentiment analysis (e.g. summarization of recorded conversations)

Many industries have adopted AI for incredible use cases, for example, in the healthcare industry, AI is now utiliized for new drug discovery and patient diagnosis. However, bad actors are also using AI for creating more sophisticated phishing emails, developing more potent malware, bypassing CAPTCHA security measures and much much more. AI is powerful - full stop. And it has so many applications for security as well. Specifically, AI and automation can help free up human capital, allowing security professionals to focus on more complex and strategic tasks. This liberation of human resources is crucial in addressing the staffing shortage and upleveling security teams in general. It’s applicable across all areas in security and very powerful from a threat detection, investigation and response perspective.

The Gartner Security & Risk Management Summit in London was a testament to the ever-evolving and dynamic field of cybersecurity. Cloud security, market convergence, and the role of AI were key themes that underscored the importance of staying ahead of the curve in today's digital landscape. As organizations continue to migrate to the cloud and adapt to emerging threats, Garter insights will be invaluable for shaping the future of cybersecurity.

In case you missed it, we're so grateful to have been featured in Gartner's 2023 Hype Cycle for Workload and Network Security :)