IDC FutureScape: Worldwide Security and

Trust - 2020 Predictions

Bruno Horta Soares

Leading Executive Advisor

IDC Portugal

idc.pt

Multiplied Innovation Goes Mainstream:

Thriving in the Digital Economy

© IDC | 3

IDC FutureScape: Worldwide Security

and Trust 2020 Top 10 Predictions"Transformation in security and

trust will affect every business in

every industry; no one will be

Spared, embracing change and

getting ahead of the curve is the

best prescription to be in control

of your organization's destiny

and avoid being caught off

guard.“

Michael Suby, research vice president, IDC Security

and Trust.

RISK MANAGEMENT IS STRATEGIC

A "checkbox" mentality on security and trust is no longer acceptable, and the future

consequences of being unprepared are more severe. While board level attention has often

been spoken, strategic top-down action will become the new normal.

© IDC | 4

#1 RESOLVING SKILL SHORTAGES

Hampered by perpetual security skill shortages, by 2022, 50% of tier 1

security operations center (SOC) analysts in Europe will permanently

elevate their productivity and improve operational security metrics by

harnessing artificial intelligence (AI) and machine learning (ML).

IDC Advice: Cross-train personnel in both basic IT and security skill sets. Ideally, security analytics removes the drudgery of assembling

incident timelines, websites and IP addresses visited, and details on corrupted files and memory.

#7 CYBER-RISK MONITORING

Brand and attentiveness to cyber-risk have become tightly

entwined, and by 2021, 75% of large European companies

will embed cyber-risk monitoring into their business

planning and quarterly reporting.

IDC Advice: Prioritize risk profiles across the entire organization as risk can only be mitigated, it cannot be eliminated, create and

maintain a data map to bring visibility into the data within your organization and the risks associated with it and Plan for loss events by

earmarking funds in the event of a major data breach or administrative action.

OPERATIONALLY, SECURITY AND TRUST CAN NO

LONGER BE BOLTED-ON, THEY MUST BE BUILT-IN

The days of layering bespoke technological solutions to combat the latest cyberattack are numbered.

Organizations must take a more preemptive, holistic, and reasoned approach as they arm themselves.

The first step is to embrace the perspective of inside out to security and trust.

© IDC | 7

#5 TRUST FRAMEWORK

With the business criticality of digital trust rising,

55% of European spending on security services will

be devoted to developing, implementing, and

maintaining a ‘trust framework’ by mid-2023.

IDC Advice: Create trust roles within the organization with clear responsibilities and objectives to establish accountability for managing

and maintaining trust guidelines. Communicate trust objectives throughout the organization frequently to help develop an internal

"culture of trust."

#4 INDIGENOUS CYBERSECURITY

Driven by rising aversion to "foreign" technology, 20% of

developing markets in Europe will mandate the use of

indigenous cybersecurity vendors to secure government

and critical infrastructure by 2023.

IDC Advice: The IT security challenge will not go away, so this is a long-term play. Identify the local security vendors in your market and

start creating partnerships that address your specific needs for the future.

USER EXPERIENCE IS A PRIORITY

Whether employees or customers, their experiences drive their behaviors. If

the user experience is a secondary consideration, their behaviors can unravel

initiatives aimed to strengthen security and trust.

© IDC | 10

#2 IT/OT INTEGRATION

Advancements in operational technology (OT)

visibility tools will propel 60% of major European

industrial firms to adopt an IT-OT integrated

approach to security monitoring by 2024

IDC Advice: Think holistically before applying new policies. Security teams must first gain a clear understanding of what they are trying

to protect before creating new policies and their accompanying enforcement mechanisms to an OT environment.

#6 PASSWORDLESS

Intolerant of trade-offs between superior digital

experiences and identity assurance, consumers demand

both; by 2022, 30% of consumer online transactions in

Europe will be high trust and passwordless.

IDC Advice: Evaluate IAM solutions that can securely collect and retain consumer attributes, browsing habits, purchase histories, and

other metadata that improves the overall customer experience.

TECHNOLOGICAL ADVANCES ARE CHANGING THE

WHAT AND HOW OF SECURITY AND TRUST SOLUTIONS

Cloud and edge computing, data analytics, artificial intelligence, machine learning, distributed ledger, and everywhere

connectivity and everything connected are examples of technological advances that are changing what security and

trust solutions can do and how they are delivered and consumed. Moreover, these and other technological advances

are altering buyer expectations of security and trust solution suppliers.

© IDC | 13

#3 CLOUDIFIED MSS

Shifting of workloads to the cloud is shifting

consumption of managed security services (MSS),

and by 2023, 35% of European MSS customers will

be served by cloudified MSS providers

IDC Advice: Evaluate your IT infrastructure, assets, and environment, and carefully review which services are suitable as a cloud service

and which cloud environments are effectively serviced by managed security SPs.

#9 CLOUD-BRANDED SECURITY

Innovation, opportunity, and market demand collide

to place hyperscale cloud providers directly and

permanently in the security business; by 2025, 9% of

their revenue will be attributed to security.

IDC Advice: Reduce usage of long-term support contracts for security services or tools. The coming flood of security products and services

from these hyperscale cloud providers will follow other tech cycles with lower price points for as good as if not better quality than current

market offerings.

REGULATORY INFLUENCE IS GROWING

Governments have become increasingly aware of the consequential impacts of reacting to

issues of trust, privacy, and national sovereignty brought on by a thoroughly digitized world.

Governmental influence will be more substantial and pervasive in the years ahead.

© IDC | 16

#8 DISTRIBUTED LEDGERS

Explosions in data and analysis force the adoption of

edge computing; to guarantee data provenance and

security, 20% of European enterprise data will reside

in distributed ledger systems by 2025.

IDC Advice: Build a clear view of the data life cycle for the data that you plan to generate, store, and analyze within edge and distributed

ledger environments. You must understand how to classify, separate, and manage your data, especially when it comes to the appropriate

handling of personal data under regulatory requirements.

#10 LEGISLATED BREACH DISCLOSURE

Effectively combating attacks by nation-states and

cybercriminals is data dependent, and by addressing

this dependency, 70% of European markets will

legislate full cyberbreach disclosure by 2024.

IDC Advice: Full data breach disclosure will require organizations to demonstrate accountability for the robustness of their security

policies, procedures, and technology structures. Well-managed audit trails will be needed as proof of compliance, operational integrity,

and digital trust.

bsoares@idc.com