November 20, 2019

Gartner CARTA: Your Guide to Continuous Adaptive Risk and Trust Assessment

There's no point having great security if you're connected to another system that doesn't. We look at Gartner CARTA and what it entails.

In the first six months of 2019, cybersecurity breaches exposed more than 4.1 billion vulnerable records to unauthorized access. These breaches were rarely benign. According to experts, the top motivation for these malicious data incidents is money.


Your data is always at risk. No security system is perfect, but advanced methods of information security include an agile approach to stay ahead of the criminals. Cybersecurity giant Gartner wants to change the way people look at security.

Introducing Gartner CARTA, a new way to look at security in the age of mobile, cloud and multiple device access. Read on to learn more.

What Is Gartner CARTA?

The acronym CARTA is short for Continuous Adaptive Risk and Trust Assessment. It supplements Gartner’s Adaptive Security Architecture with agile, context-aware and adaptive methods. Instead of single allow/deny gating appropriate to legacy servers and desktops, the CARTA strategic approach uses:

  • continuous discovery
  • monitoring
  • threat assessment
  • risk prioritization

It is unique in its adaptive attack protection and access control.

The Security Ecosystem

Everything is interconnected. Unless you are the Air Force and still running your protocols on 8-inch floppy disks, your company IT infrastructure depends on inside and outside connections. 

Gartner CARTA takes the approach that the security of all systems you interface with adds a layer of complexity. It isn't enough for your internal controls to be good. Security efforts need to focus on three phases of risk management. 

  • Identify and control who has access
  • Vendor impact
  • Forward-thinking prevention

Security systems are more fragmented than ever. It's a big step to recognize threats today and anticipate them in the future.

Machine Learning and Analytics

The number of threats faced by your system grows every day. In fact, there is probably a cyberattack of some sort going on right now. Predictive analytics help adapt your security systems in real-time based on internal users and external threats. 

With CARTA for example, the adaptive analytics flag a person is logging in from an unaccustomed place or at an unusual time. It can halt the login, and alert a manager. It learns and adapts its rules based on behavior. If an ordinarily trusted employee suddenly changes behavior, the machine recognizes the threat. 

Define the Perimeter as Everywhere

Network-based security in a cloud-based world is insufficient. Trusted devices enter via VPNs and DMZs with malware. Your company employees do business everywhere. 

You have mobile devices on public library wifi, hotel lobbies, the coffee shop or the airport. Your private and proprietary apps run in the public cloud. Make your security perimeter exist everywhere. 

Gartner focuses efforts on just-in-time-, least-privilege access every time.  

Next Level Security

Gartner CARTA is about thinking bigger and smarter when it comes to cybersecurity. The mindset that data safety is an internal problem is over. Mobile devices, public wifi networks, and more fragmented systems easily avoid perimeter defenses.

With CARTA, you address threats swiftly and adapt your rules and access continuously. Let us help you evaluate your current cybersecurity plans. Contact us today!

Gartner Carta