SAN FRANCISCO — The way analysts looked at the cybersecurity market five years ago is not the way they should be looking at it in 2018 and beyond. That’s the message from IDC’s annual RSA Conference breakfast meeting held on April 18.
Sean Pike, Program Vice President for Security Products at IDC, noted that for years, IDC has been talking about the idea of digital transformation. In 2018, IDC forecasts that $1.3 trillion will be spent on various digital transformation efforts, while at the same time, only $42 billion will be spent on cybersecurity.
Simply spending more is not what IDC is recommending, however. The analyst firm is now advocating for improved “cyber resilience.” Pike noted that as systems are increasingly integrated, one failure can cascade into a much larger problem.
The cloud also isn’t necessarily a solution, but rather is another potential attack vector. According to an IDC study cited by Pike, 23 percent of organizations were victims of a ransomware attack in 2017. Of those, 79 percent said that in some way the attack was cloud related.
“Part of moving to digital transformation is to enable developers to create services rapidly,” Pike said. “So enterprises will be spending in DevSecOps in the next few years.”
The goal of DevSecOps is to help to secure development, but the concept also involves operational aspects. To reflect that reality, IDC has coined the term AIRO – Analytics, Intelligence, Response and Orchestration.
The AIRO area of coverage for IDC will focus on differentiating analytic capabilities and platforms.
“DevSecOps is a window into the cloud,” Pike said. “Part of moving to the cloud is about how to move to the cloud and allow developers to participate at high speed but do it in a safe way.”
Frank Dickson, Research Vice President within IDC’s Security Products research practice, said some view DevSecOps as giving developers a free pass. So instead of needing to deal with a separate security team, they get to do security on their own.
Dickson noted that DevSecOps is not one product, but rather is about a tool set that enables common processes. Unless developers have common, repeatable processes, there is too much complexity to enable proper security, he said.
Enabling proper security isn’t about blockchain either, Dickson said. He echoed Pike’s views on resilience. Cyber resilience is not about about any one technology, blockchain or otherwise, it’s about architecting systems in a secure way, he said.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.