Gartner Recommends CARTA Approach to Secure Digital Businesses

New security framework propounds continuous monitoring and risk assessing of business networks and ecosystem infrastructure

Photo Credit : Brian Pereira,

The CARTA security framework

Mumbai, 29 August: At the Gartner Security & Risk Management Summit 2017 (India), research firm Gartner shared a new framework for securing digital businesses. The new strategic framework is called CARTA, which is an acronym for Continuous Adaptive Risk and Trust Assessment. Traditionally security approaches like real-time monitoring and adaptive security architecture no longer work in a world of advanced and targeted attacks. And that's why a new approach to security is needed, said Gartner.

Partha Iyengar, Gartner India head of research and Gartner Fellow said the traditional "black & white" approaches to security like black & white lists; blocking access & authenticated access; identifying good or bad guys etc. are failing us and cannot protect us from targeted attacks. "The notion of good or bad can change at any moment when credentials are stolen. The world we live in is no longer black & white but has an infinite number of shades of grey. The challenge of embracing risk in digital business is even more complex, and we need more context to make adaptive, real-time, risk-based business security decisions," said Iyenger.

There are more parameters involved now in these decisions such as the time of the day, a person's location, the trust in the device, trust in the user, and the sensitivity of the information involved.

"Business leaders see digital opportunities, but there are also digital risks. Over the next decade, information security and risk organizations must look to embrace and balance both continuously. You do this by embracing a security approach where security is adaptive, everywhere, all the time," said Iyengar.


Gartner introduced the Adaptive Security Architecture concept in 2014 to detect and respond to security threats. While this architecture was about real-time monitoring, CARTA is about real-time, continuous assessment. Gartner is positioning CARTA as a new strategic approach or framework to information security that enables organisations to embrace the opportunity and risks of digital business. The key is to apply the CARTA philosophy across the business from DevOps to external partners.

What CARTA is proposing is that organizations must continuously assess the ecosystem risk and adapt as necessary. It also suggests that businesses should assess the risks in networks of partners and ecosystem players and vice versa. Continuous monitoring and assessing of the risk and reputation of major digital partners is essential, says Gartner.


Around The World