Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


6 Security Trends for 2018/2019

Speaking at the Gartner Symposium/ITxpo, analyst Peter Firstbrook's list of trends is likely to inform executive committee conversations for the next 12 months.

ORLANDO — Some 9,000 executives are gathered here this week at the Gartner Symposium/ITxpo to hear about trends, strategies, best practices, and technology developments in the computer and networking industries. This morning, Peter Firstbrook, vice president and analyst at Gartner, spoke to attendees about six security trends for 2018/2019. Short on specific technology and long on strategic issues, his list is likely to inform executive committee conversations for the next 12 months.

In fact, only one of the six trends deals with a specific area of technology. The remainder tackle how security is planned, purchased, and deployed.  

Trend 1: Senior executives are finally paying attention to security; now, security professionals will have to pay attention to senior executives.

Between GDPR, WannaCry, and a handful of other high-visibility incidents, dollar figures for security breaches have grown to the point that executives and corporate boards are forced to pay attention. That means they're asking questions about security using the language of business — and security professionals have to be ready to answer in the same language.

Security professionals must be able to discuss security needs and responses in terms of business risks rather than security threats, Firstbrook says. He also pointed out that embracing diversity will improve the ability to respond to a wider range of requests and needs while boosting the chances that the IT security team will be able to meet ever-growing staffing requirements.

Trend 2: Laws and regulations around data protection are getting serious and demanding a serious response from IT security groups.

The liability costs of security breaches are growing, whether you measure them in reputation and business loss or in direct fines from regulators and legislators. That changes the calculus on security and data protection costs by a bit, though everything will still need to be seen through the business-risk lens.

One of the results of the new wave of regulations is that customers are gaining far more direct control over the gathering, storing, and use of their personal data. As a consequence, many successful companies are now looking to offload some of that data gathering by, for example, using third parties for credit card payments rather than dealing with the transactions — and the data that results — themselves.

Trend 3: Security products are moving to the cloud and becoming more agile in the process.

The importance of this trend is in the implications of the move, Firstbrook said. He gave the example of the Prius — a hybrid car that's still firmly rooted in the classic automobile — versus the Tesla, which in many ways reimagined both the propulsion and degree of connection possible in a car. The Tesla, he said, opened the thinking of connected possibilities in ways that other manufacturers are using in their products.

Cloud security services are more agile and extensible than traditional on-prem offerings, Firstbrook said, plus they offer another advantage: staff augmentation. The key to taking full advantage is making sure that the services are complete with full APIs for real integration into larger ecosystems, he said.

Trend 4: Machine learning is providing real value to simple tasks and complex analysis.

The real problem with deploying machine learning in security, Firstbrook said, has been that it was possible to throw far too many false-positives, creating more noise than usable signal for the human analysts. Now, though, the same machine learning is helping to sort through the positives to increase the signal-to-noise ratio and successfully augment the effort of the humans involved.

That augmentation is where Firstbrook said he sees the real value of machine learning in security, though he admitted that one speed bump is in the training of machine learning engines — something other experts have warned about, as well.

Trend 5: Geopolitical factors are joining technology and business factors in guiding security purchases.

Companies are based in physical locations. It's an inescapable fact of living in the real world. That means the relationships between nations can have an impact on the relationships between companies, especially when it comes to trust in just how secure products can be.

In the security world, the market has seen that play out in purchasing decisions regarding companies such as Kaspersky and Huawei. And whether you trust products from those companies may not be the most important factor when it comes to purchases.

If your customer base includes government agencies or departments, then the companies they trust may define the limits of the companies from which you can buy. The fact that the cyberwar landscape is getting more, rather than less, active means this trend is likely to accelerate.

Trend 6: Concentrations of power and capability are leading to reactions of decentralization.

The security industry is in a period of concentration, exemplified by the fact that, essentially, two companies are issuing certificates for the world. Concern about this sort of concentration has led to the beginnings of a reaction in decentralizing power.

The most prominent example is blockchain technology, Firstbrook said. The distributed ledger is still in the early stages of security use, but many companies are looking for various ways to use the technology.

Another example of decentralization is the move to edge computing, where compute power is distributed to endpoint devices rather than being confined to a cloud at the center of the architecture.

For successful companies, Firstbrook recommended exploring a number of different decentralized architectures and providers, thereby avoiding concentrating on any one distributed model.

Related Content:


Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
John Lenn
John Lenn,
User Rank: Apprentice
1/2/2019 | 2:34:51 AM
Customer data security is a priority
Hi Curtis, I believe Cyber criminals will want to increase their malicious activity of using malicious code in increasingly cunning ways. Such ransomware variants have been found to use an innovative system to increase infection: the software turns victims into attackers by offering pyramid-mode discounts. I think keeping customer data secure is more important in 2019 whenever a data breach occur customer has to face the wrath, I read an article on it as well https://blog.loginradius.com/2018/12/put-customer-data-security-first-avoid-breaches-like-marriotts/ hope businesses can avoid such mishap after opting for a reliable cloud security service.
User Rank: Apprentice
10/16/2018 | 6:25:36 AM
Good read
Really interesting to see the trends that have been highlighted here
User Rank: Guru
10/16/2018 | 4:30:36 AM
The best information provided by you.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-11-24
499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.
PUBLISHED: 2020-11-24
An ACL bypass flaw was found in pacemaker before 1.1.24-rc1 and 2.0.5-rc2. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went throu...
PUBLISHED: 2020-11-24
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s):,,,
PUBLISHED: 2020-11-24
HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.
PUBLISHED: 2020-11-24
A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.