Gartner on the Future of Endpoint Security and the Strategic Role of the OS Layer

[00:00:04] What does the future of endpoint computing and cybersecurity really look like? Especially when seen through the lens of a Gartner analyst. Well, in this episode recorded at the iGel Now and Next 2025 event in Miami, I'm joined by Marissa Schmidt, Senior Director Analyst at Gartner. And she's going to be bringing her deep expertise in cloud networking and security.

[00:00:31] And she's someone at the forefront of one of the most critical conversations facing IT leaders today. Because as IT digital transformation continues to accelerate and hybrid working has become the norm, the cloud has become the backbone of the modern business. But of course, with this shift comes a whole new set of challenges, especially in how you secure multi-cloud and hybrid environments and how you ensure consistent policy enforcement

[00:01:01] and rethinking how endpoint operating systems fit into the broader zero-trust strategy. So Marissa is going to help me in unpacking these dynamics and offer a few practical takeaways that business and technology leaders alike can apply immediately. I will also explore some of the biggest shifts reshaping cloud security this year, the common pitfalls enterprises are facing when moving away from traditional endpoint architectures,

[00:01:29] and of course the growing role of AI and what that is playing in both defending and attacking cloud infrastructure. So if you're wondering what's real, what's next, and what's just hype when it comes to cloud security, this episode is a must-listen, even if I do say so myself. But enough from me. Time to get Marissa onto the podcast now. So thank you for joining me today. For everyone listening, could you tell everyone a little about who you are and what you do? Thank you.

[00:01:58] Marissa Schmidt, Senior Director Analyst at Gartner. I've been there two plus years, and I cover the cloud networking and application security space. Since Gen.AI is part of the app, I also provide the Gen.AI security aspect in my research. So, yeah, I cover helping the provide strategy differentiation from the vendor side, and as well as helping in the end user side.

[00:02:29] And you've been incredibly busy today. You were hosting a panel on women in tech, and also you were on stage doing a keynote. So I'm curious, from all the conversations that you're having and everything that you're reading, what are the biggest shifts happening in cloud networking security right now, that IT leaders that might be listening, what they should be paying attention to this year? Yeah, there's quite a few. Besides Gen.AI being the most critical in terms of priority,

[00:02:56] there's also the executive orders that has made a lot of changes. And so there's about 50 plus Gartner Research notes, just specific on all the different U.S. federal policy changes based on those executive orders. So those are top of my in the past few weeks. And are there any other key challenges that organizations are facing in securing multi-cloud, hybrid cloud environments? Because the stack's getting more and more complex in some areas.

[00:03:24] Yeah, there's definitely a challenge of the multi-cloud in general, just for visibility and monitoring what's happening in a hybrid environment plus the on-prem. And there's so many different tools. And, you know, when our research will show there's about between 43 to 73 tools in a security environment. So it's a lot.

[00:03:52] And so there's a lot more that needs to be more converged or integrated so we can have more cohesive solutions for our clients. With endpoint security playing an increasingly crucial role in cloud-based workspaces, how does the OS layer impact overall security and indeed user experience? There's often a balance between the two, but how are you seeing it evolving?

[00:04:20] I think OS plays a big role in the endpoint perspective. It adds another resilience that's required to the endpoint and really provide that preventive security model, which was discussed today, right? To really help in terms of that end-to-end solution, right? With the endpoint.

[00:04:43] Because the endpoint is a critical element in the enterprise attack surface. So it needs to be part of making sure it has the security endpoint controls, the user access controls, governance and so forth. And what would you say are the most common security pitfalls that organizations are encountering at the moment,

[00:05:11] especially when transitioning from traditional endpoints to cloud-first architectures? What are you seeing here? The needs for agility has become an important aspect. The resilience by architecture, by creating that architecture, security architecture, network architecture,

[00:05:31] whether it's on-prem or cloud, and having it security by design approach with that zero-trust principles in mind. It's a critical component. And we've done really well here. Well, I think we're, what, 12 minutes into a tech podcast and we've not mentioned AI yet. So we've got to go there. What role do you see AI playing on securing cloud networks and remote work environments? It plays a big role in many areas.

[00:06:01] We talk about some of them today, you know, in the SecOps automation AI capabilities with cybersecurity AI assistance that will help with detection of automation. And it also plays a role in behavioral analytics, analytics where you can really determine more quickly based on AI where you can pinpoint some of the issues.

[00:06:26] And AI will play a big role as well in connecting the dots of all the tools that we just discussed. There's 50 to 70 tools. Imagine a time where they all can be integrated with one into a Gen AI or machine learning repository that can really connect all the different data points and synthesize the troubleshooting, right? And really simplify things.

[00:06:54] That would be, that's another area. So there's many areas actually, besides the analytics and helping in the cybersecurity. And just even in, and why there, why is being used today is from a productivity perspective. And people are seeing the gains in productivity with using Gen AI. And you even see it in our work, right?

[00:07:20] And even with people that are using this, just the OpenAI, chat GPT, just for their normal everyday work. And one of the things that I always try and do on this Daily Tech Podcast is give listeners, business leaders, IT leaders to some kind of takeaways or some valuable information they can go away and take action.

[00:07:44] So with that in mind, what would you say are the most practical steps that organizations can take to implement a zero trust security model? Because there's a lot of myths, a lot of misconception, a lot of confusion. Any practical steps that you would offer there? Yeah, there's definitely a need to define and protect the surface, really categorizing the data. Yeah, I always think the NIST framework would be a good start for just five tenants, right?

[00:08:14] From the device, the app, the network, and so forth. And so having the zero trust principles for each of the tenants in the NIST framework, it's a great start to get going. Especially in the endpoint, the endpoint is also, again, that's part of that tenant, right? So that helps a lot.

[00:08:35] And then as well as doing micro segmentation and monitoring and analytics, all of that plays a big role into the zero trust. I'm curious, from what you're seeing, are there any particular industries or types of organizations that are a little ahead of the game here, that they're leading the way in adopting secure cloud-based endpoint solutions? And what can other businesses or business leaders listening learn from some of those examples? Good question.

[00:09:03] I see finance have done a great job because they do a lot more of the compliance and the requirements and the needs to do that. And then healthcare, with the HIPAA compliance and all those things, requires them to be also needing to adapt more secure, and especially for the endpoints, right?

[00:09:25] And the third one I would say is either the tech, technology, tech services, or retail is another big one, especially retail with the PCI compliance requirements and making sure that you can cover all the endpoints in each of the branches.

[00:09:48] And I think it was in November last year that Gartner predicted that agentic AI would dominate conversations in 2025, which it has done. And if we look further ahead, are there any innovations in endpoint security and cloud networking that you expect to have the biggest impact in the next few years? Anything catching your eye here? Besides the AI? The zero-trust architecture, I think, will play a big role.

[00:10:15] Adapting that zero-trust model from all five tenants. And then the security access service edge that I went over today, the SASE, combining the network functions with the security, will help quite a bit in part of that strategy that we discussed on the key trends in 2025, right? And then quantum cryptography would be another big one that we see, especially in the data security front.

[00:10:45] And for any IT leaders listening that are trying to navigate hybrid work and cloud security challenges right now, big question for you here. What's the one piece of advice that you'd give to them listening as they plan their own future roadmaps as well? Leverage data-driven insights.

[00:11:05] Really provide that into the training and adapting more training employees and awareness of all these different things that they can do. Because a lot of that's also because the employees they serve may not be well aware, right? And then focus on scale and flexibility.

[00:11:30] Flexibility in terms of designing and processing the systems and adapting that architecture, methodologies, that allows them to scale beyond what they're currently doing today and really thinking into the future, right?

[00:11:50] Flexibility in terms of design and understanding.

[00:12:20] Adaptable and flexible and be a learner, right? We're all learning how to do the AI piece. But, you know, connecting using that AI to our everyday work will help us considerably.

[00:12:36] And then the one in the keynote really is the big one is that making that zero trust principle a part of the security architecture and security by design and really help with securing the endpoint with a preventive security model. And I think that's what we discussed earlier today. And I think that is a beautiful moment to end on.

[00:13:01] But before I do let you go, anyone listening wanting to find out more information about you, anything we talked about? Is there anywhere you'd like to point everyone listening? Yeah. Yeah. All our research is at Gartner.com. And we have very, very active clients. And so any research that you see is based on the readings, you are welcome to have an inquiry with us.

[00:13:31] I had one that was published Friday. By afternoon, I already had an inquiry. And then they wanted more data by yesterday while I was in the plane. So I made sure I got some data points for them before I get in the plane. But, you know, it just gives you an idea how fast people are reading. It really does.

[00:13:56] And I could learn a lot about your productivity because today you've recorded a podcast, been on a panel, hosted, done a keynote on stage as well. Who knows where you're going next? But just thank you for joining me today. I love it. I love it. I think I said this at one of the events. I love my job.

[00:14:16] And I think it's because I feel like I'm making an impact in the industry and across the world because of all the clients that we serve in every industry that we serve. And I feel honored to be a part of this where I can help and shape where I can with companies and where they're going, their strategy moving forward.

[00:14:41] So a massive thank you to Marissa there for joining me here at IGEL Now and Next 2025. I think her insights into the evolving landscape of cloud networking and endpoint security, I think they highlight just how much the rules of the game are changing and how organizations must adapt accordingly. One key message that stood out, endpoint security isn't about just devices anymore.

[00:15:09] It's a strategic decision that will impact the user experience, the cloud performance and the viability of zero trust initiatives. And whether that is understanding how the OS layer can influence your security posture or how AI is introducing new possibilities, new opportunities, along with new threats. I, for one, think that Marissa's perspective today brought welcome clarity to an incredibly complex space.

[00:15:38] So if you're leading cloud transformation in your organization or navigating hybrid work at scale, the steps you take today around multi-cloud architecture, secure access and endpoint resilience, these are the things that could define your success in the years ahead. But over to you. You've heard from me. You've heard from Marissa. What's your take? Are your cloud endpoint strategies ready for what's next? Let me know. I want to hear your thoughts on this.

[00:16:07] Tech blog writer at outlook.com, LinkedIn, Instagram, X, just at Neil C. Hughes. But that's it for today. Time for me to get back out there on the show floor and find somebody else that is willing to sit down and have a conversation with me. Why not join me again? I'm glad you said that. I'll return again tomorrow. Bye for now.