Staying ahead of the competition with Continuous Adaptive Risk and Trust Assessment

Security – paramount to the connected organization

In a business world that’s becoming fully reliant on technology and non-stop connectivity, the importance of secure transactions, data and intelligence couldn’t be overestimated. Most enterprises today have their services, customer/business data, and other sensitive information stored on the cloud, readily available to multiple services and apps to access, analyze and make sense of. This level of accessibility is a blessing and a curse, as it represents a substantial security risk for enterprises. Connected IoT devices bring on additional risks, and so do smart contracts, managed mobile devices, and even corporate wireless networks.

New paradigm for managing risk

Until recently, corporate IT departments and security analysts applied events-based approaches to cyberattacks, largely relying on detection software identifying threats and neutralizing them in a timely manner. This strategy, however, has been rendered largely ineffective to addressing sophisticated, targeted security incidents. Building on its Adaptive Security Infrastructure introduced in 2014, trend leader Gartner has come up with a much more effective approach that organizations can apply to their entire cybersecurity strategy, known as CARTA, or Continuous Adaptive Risk and Trust Assessment. Because everything in a business ecosystem of tools and partners is now interconnected, to be effective, CARTA must be applied not only in- house but also to any externally managed assets, APIs, and systems.

Updating your security to match the latest threats

What does adhering to CARTA mean in terms of existing security practices? Like the Agile Manifesto and culture of working, CARTA permeates all levels of the organization, from software development to customer service, and extends beyond the walls of the corporate network – equally affecting external partners and their practices. The main premise underlying CARTA is that security is no longer passively anticipating threats in order to respond – instead, it must evolve in real-time — at the speed of cyber attackers and hackers, who frequently manage to stay ahead of prevention attempts.

Integrating Continuous Adaptive Risk and Trust Assessment in your processes

CARTA proponents have devised a three-step security management implementation program that you can use as a framework for integrating the concept into your own IT organization and processes:

• Run:focus on addressing threats and access protection (must be applied both internally and externally)
• Build:focus on ecosystem partners and the potential risks they bring
• Planning:focus on proactive prevention: improving governance and new vendor assessment

For CARTA to be effective, security prevention must be proactive and continuous vs. event-based. This means AI is a huge driver for effective CARTA processes – gathering, analyzing, and evaluating internal and external data real-time – to assess potential threats and unusual or unexpected patterns. Machine learning can continuously improve monitoring, prevention and incident management — without it, CARTA would be practically impossible to implement, no matter how capable the IT organization is.

How CARTA can impact your enterprise

At the very least, CARTA can help your organization avoid unpleasant incidents and stay ahead of creative cyber invaders, although it can do much more when fully implemented across the enterprise. Applying and following CARTA principles is not about acquiring new software or adding human resources to your IT org – rather, it is about considering the right changes and making the right decisions for ensuring impenetrability across the enterprise, across all levels and potential loopholes.

Integrating CARTA in your enterprise ecosystem can provide you with an important advantage over less security-concerned players in your industry. Most importantly, through technology and processes, it can prevent your organization, employees, customers, and partners from significant monetary losses, inefficiencies, and obstructions stemming from unwanted or accidental data breaches, system downtime, or resource hijacking. This alone should make CARTA an important part of your long-term IT security strategy.

Copywriter: Ina Danova