As businesses transform due to the digital revolution, approaches to security risk management will also need to change and, according to Gartner, continuous adaptive risk and trust assessment (CARTA) will be an important new development in this area.
To securely enable digital business initiatives in a world of advanced, targeted attacks, security and risk management leaders must adopt a CARTA approach to allow real-time, risk and trust-based decision making with adaptive responses, says Gartner.
As part of a CARTA approach:
- Organizations must overcome the barriers between security teams and application teams;
- Information security architects must integrate security testing at multiple points into DevOps workflows in a collaborative way that is largely transparent to developers, and preserves the teamwork, agility and speed of DevOps and agile development environments, delivering ‘DevSecOps’.
Gartner says that CARTA can also be applied at runtime with approaches such as deception technologies. Advances in technologies such as virtualization and software-defined networking has made it easier to deploy, manage and monitor ‘adaptive honeypots’ — the basic component of network-based deception.