Q&A: Andrew Walls, Research Director, Gartner Australia

Why is data security the big issue?
Walls: “Data security in general is a big issue, primarily because it’s showing up the limitations of a purely technological approach to security. Much of the emphasis in the market in the last five years or so has been on buying new technology to solve your problems, but people are seeing in graphic detail that technology is not sufficient.

“It is a necessary part of a security program but it has to be coupled with good education programs; with compliance programs and with the things that work on user behaviour. This is motivating many of our clients to get much more serious about taking security upstream into the business and not seeing it purely as an IT concern.

“Our more mature clients particularly in the Australian area now have personnel that are permanently deployed in business divisions as employees to work on security risk, to liaise with the business, to interpret policy and figure out the best way to do business in a secure fashion. Which is a good sign of maturity, it means that security is moving out of the back room and becoming just a normal part of risk management in a normal business.”

Does data security also include identity management and access control?
Walls: “Most definitely. In fact, we’re featuring a number of talks on identity management. Identity and access management are the bedrock of most security infrastructure and process use. It’s simply fundamental, at the same time companies can often get it wrong.

“Particularly as users require more and more transparency and identity management protocol they don’t want to carry three different security tokens and have five different passwords and so forth.

“[Companies] are looking for a more seamless interaction with systems. So that’s motivated a constant chase on the part of the security professionals to find a better way to do things and that doesn’t necessarily need technology, sometimes it’s process.

“It’s finding that right blend of human behaviour and technological systems to provide the user with seamless security. Identity and access management is critical of that.”

What about risk management?
Walls: “Managing security compliance and risk is a higher end portion of the Summit. It’s looking at the issues of how you actually manage a risk program, how do you build security as a business topic and how do you integrate it to your other operational risk, business risk, technological risk and management strategies. So it’s much more about management of functions.”

gartnersecuritysummitsydney