构建云安全架构的蓝图

2024 PlanningGuide for SecurityExcerpt Richard Bartley, Patrick Hevesi, Jon Amato, Dennis Xu,Eric Grenier, William Dupre, Nahim Fazal, Anthony Carpino,Greg Harris, Fred Sotolongo, Mike Huskey, Steve Santos,Kevin Schmidt 2024 Planning Guide for Security Published 4 October 2023 - ID G00796440 - 81 min read By Analyst(s): Richard Bartley, Patrick Hevesi, Jon Amato, Dennis Xu, Eric Grenier, WilliamDupre, Nahim Fazal, Anthony Carpino, Greg Harris, Fred Sotolongo, Mike Huskey, SteveSantos, Kevin Schmidt Initiatives:Security Technology and Infrastructure for Technical Professionals; MeetDailyCybersecurity Needs; Security Operations for Technical Professionals The risk landscape remains in flux, with factors such asgeopolitical issues and generative AI disrupting business and ITplans. Security and risk management technical professionals mustunderstand the major security trends if they are to execute soundplans for security initiatives in 2024. Additional Perspectives Invest Implications: 2024 Planning Guide for Security(11 October 2023)■ Overview Key Findings Geopolitical risks arising from supply chain issues, regional tensions and expandingregulation are leading to strategic risks and the need to develop more efficient andeffective technical security programs.■ Layered defenses ranging from core capabilities through to highly advancedtechnologies such as machine learning (ML) help defend against modern threats.However, understaffing and immature practices will hinder any technical advantage.■ Generative artificial intelligence (GenAI) is being used to enhance products rangingfrom enterprise to security solutions. This is raising concerns about privacy,intellectual property (IP) and data leakage that are challenging security teams.■ Organizations face a security product landscape that is wide and varied, withdifferent levels of integration and interoperability. In this environment, organizationscannot make contextualized enforcement decisions fast enough to meet businessneeds.■ Ransomware gangs are using increasingly sophisticated techniques, butorganizations are not establishing necessary baseline security fundamentals. Toprovide effective defenses, organizations require a program of foundational securitytechniques and processes.■ Recommendations Security and risk management technical professionals should: Mitigate geopolitical risk by identifying challenges across the organization andincreasing internal visibility and governance of its locations and supplierrelationships. They should also audit their own organization’s cyberresilience plansand do the same for every part of their supply chain. Use of third-party riskmanagement tools and increased monitoring diligence will help identify potentialthreat behaviors across all supplied services.■ Define a GenAI governance policy to stipulate acceptable usage together with riskmanagement of GenAI in their organization. Provide end-user training and technicalcontrols such as security service edge (SSE) to prevent sensitive data leakage tounauthorized GenAI SaaS applications. Investigate the efficacy and efficiency gainsof using GenAI-enhanced security products.■ Gartner, Inc. | G00796440 Plan to implement tools that align with cybersecurity mesh architecture patterns bystarting with security intelligence layer capabilities that perform data analysis andrisk scoring. Adopt modern security patterns such as zero trust architecture (ZTA),and look for opportunities to consolidate security tools.■ Use security automation and orchestration to perform well-defined, repetitive tasksthat may be prone to human error when scripted playbooks are used. This willincrease efficiency and effectiveness in the security operations center. Do notautomate for the sake of it.■ Implement endpoint and mobile data security controls to provide data security andthreat protection. To combat the inevitability of ransomware and other advancedattacks, implement a mix of detective and preventive controls, as well as recoverymechanisms.■ Security and Risk Management Trends Geopolitical challenges have provided the backdrop for security risk globally over the pastfew years, with physical conflicts and cyberattacks having affected organizations directlyand indirectly. Many of these risks emerge as supply chain exposures and need to beaddressed with combinations of policy and technical controls. Alongside this, we observethe disruption caused and the potential opportunity created by ML, GenAI and dataanalytics capabilities. The technical upheaval caused by the introduction of thesetechnologies which are increasingly used by attackers, causes risk exposures. But thesame technologies also provide potential for enormous opportunities. ML and AIcapabilities are being offered as part of security tools, so organizations need to preparefor their rapid introduction. IT security risks emerge from sharing information with suppliers, from using sharedinfrastructure and services, and from ac