How Do These CISO Priorities Align With Your Own?

Community Blog
Written by Laurel Hiestand

MARCH 23, 2021

There are no signs that the pace of threats, attacks and compromises bearing down on organizations will be slowing down anytime soon. With the perimeter rapidly dissolving and attackers upping the ante, CISOs must come together to push back against the tide. 

Organizations are overwhelmingly prioritizing the need for security measures across the enterprise, and security leaders are rising to face that challenge. In fact, in Evanta’s recent leadership perspective survey, 60% of C-suite executives rank ‘reducing risk’ as an enterprise top priority. The good news? You’re not alone in the fight. CISOs from across the globe have identified their top priorities and major goals for their programs in 2021. 

How do these priorities and goals align with your own?

Priority 1: Cloud Security, Strategy and Architecture

The cloud is perhaps the most complex aspect of any security program. As CISOs continue to enhance their cloud strategies, how can they ensure they’re maximizing the benefits of cloud computing while mitigating rapidly changing risks? In order to optimize their efforts, hundreds of CISOs have identified a few key areas of focus for 2021.

Top Goals:

  • Mitigating risks: In a recent Evanta survey, 78% of security leaders indicate that mitigating risks in the cloud is a top priority in 2021. CISOs are protecting against unauthorized access to critical data stored in the cloud, staying ahead of compliance and legal requirements, and being thoughtful about introducing additional third-party vendors into their networks. 
  • Expanding digital business & increasing maturity: Over half of CISOs surveyed identified increasing cloud maturity to better enable digital business across the enterprise as a goal for 2021. Companies that have a mature and agile cloud environment are better able to quickly bring new solutions to market, innovate faster and more efficiently scale the business. 
  • Improving processes & efficiencies: Organizations will reap tangible, financial benefits from using cloud services effectively and efficiently. There is no one-size-fits-all solution here; rather, CISOs should engage multiple stakeholders across the business to ensure an aligned strategy in pursuit of the enterprise’s strategic goals. 

Priority 2: Measuring and Communicating Risk

The CISO role continues to be integral to overall risk management within organizations, opening the door for security leaders to grow their influence across the business. But what does it mean to ‘own risk,’ especially as the move to digital accelerates? Below are the top three goals CISOs are looking to achieve as they support a rapidly evolving set of information risk decisions.

Top Goals:

  • Mitigating risks: CISOs should carefully watch how risks are evolving, develop relationships with risk-owners across the business and work together to solve them. Being proactive and communicating emerging risks to stakeholders is critical to a CISO’s success.
  • Improving metrics & KPIs: CISOs can’t effectively mitigate risks without the proper visibility. Compelling metrics should be created in tandem with non-IT executives to reflect the business strategy, drive desired results, and create leading indicators that influence decision-making at the business level. 
  • Making data-driven decisions: While security leaders have been tasked with protecting data, they also need to leverage that same data to make informed decisions. Enabling data-driven decision-making requires not only a strong data model but a fine-tuning of processes and culture. 

Priority 3: Identity and Access Management

CISOs are staring down increasingly complex IAM challenges - internally with remote workers, and externally with customer-facing interactions. There is extensive disruption on all sides, and many organizations are finding their IAM programs lacking. How are security leaders tackling the future of access management? Here are the top goals identified by our CISO communities. 

Top Goals:

  • Mitigating risks: Not surprisingly, 81% of security leaders indicate that mitigating user access risk is their top priority. Traditional approaches to IAM are no longer enough now that remote users exist outside the enterprise. In fact, in a recent Gartner publication, analysts predict that “By 2022, 30% of all security teams will have increased the number of employees working remotely on a permanent basis.” With this challenge top of mind, CISOs are tasked with creating agile and automated access management that the business can trust.
  • Improving processes & efficiencies: CISOs often lack the necessary talent and skills on their teams to implement comprehensive solutions, so they’re relying more on MSSPs; but providers and tools cannot replace a comprehensive strategy. Gartner recently published a research note stating, “By 2023, 40% of IAM application convergence will primarily be driven by MSSPs that focus on the delivery of best-of-breed solutions in an integrated approach, shifting influence from product vendors to service partners.” In the coming months, CISOs will focus on people and processes as the core mechanism for creating IAM efficiencies.


Laurel Hiestand headshot

Laurel Hiestand

Content Director at Evanta, a Gartner Company


by CISOs, for CISOs

Join the conversation with peers in your local CISO community.