Creating effective roadmaps and being adaptable to change were the key themes of the opening of the Gartner Security Summit.
Speaking at the opening keynote of the Gartner Security and Risk Management summit in London, Andrew Walls, research vice president in Gartner Research, began by talking about change and saying that "change is inevitable but can be good, as it drives improvement and refinement".
Referring to changes in the financial markets, politics and climate, Walls said that the species that thrive are those able to adapt to change, and compared this with security and risk managers that are able to change are those that enable a business to survive.
Walls said: “People are adapting to change in IT for personal objectives, this is a society based on change.”
He said that IT and security managers need to enable transformation and effectively manage uncertainty in a constantly changing world.
Gartner also launched its 'Nexus of forces' (pictured) that combines social, mobile, cloud and information and Walls said it "redefines forces and changes our role as risk and security leaders".
“By 2014, 80 per cent of risk leaders will need to report on risk compliance and security postures to the board of directors, not just the CEO. In order to stay relevant, security and risk leaders need to develop new abilities in the face of a drive in change,” he said.
“Security and risk managers face an exciting future – users and enterprises are racing ahead to mandate changes for success. To meet these challenges we need to redefine roles and deliver appropriate levels of security anywhere at any time. We must be there first to protect, detect and remediate and drive better business performance in the face of uncertainty.”
Also speaking was Paul Proctor, Gartner research vice president, who likened the reactive nature of security to the addition of safety features to cars, saying that it was a "requirement in response to government regulation".
He said: “Information security and risk management have a history of being reactive, we quarantine, block or 'just say no', so how can you say that is in-line with the business? The Nexus changes the role of security and risk management, it has to be integrated and promote desired business outcomes. You cannot align with the business; you need to be the business
“Risk management is the explicit recognition that you cannot protect yourself against everything. Make decisions about what [you are] going to do to protect yourself and what you are not going to do.”
Finally, Carsten Casper, a vice president with Gartner Research, echoed recent Gartner predictions that spending on security services will reach $49 billion by 2015, and also called on businesses to adapt to changes and promote business growth. He called the Nexus a "strategic roadmap to secure the enterprise and reduce risk".