How Do These CISO Priorities Align With Your Own?
Written by Laurel Hiestand
MARCH 23, 2021
There are no signs that the pace of threats, attacks and compromises bearing down on organizations will be slowing down anytime soon. With the perimeter rapidly dissolving and attackers upping the ante, CISOs must come together to push back against the tide.
Organizations are overwhelmingly prioritizing the need for security measures across the enterprise, and security leaders are rising to face that challenge. In fact, in Evanta’s recent leadership perspective survey, 60% of C-suite executives rank ‘reducing risk’ as an enterprise top priority. The good news? You’re not alone in the fight. CISOs from across the globe have identified their top priorities and major goals for their programs in 2021.
How do these priorities and goals align with your own?
Priority 1: Cloud Security, Strategy and Architecture
The cloud is perhaps the most complex aspect of any security program. As CISOs continue to enhance their cloud strategies, how can they ensure they’re maximizing the benefits of cloud computing while mitigating rapidly changing risks? In order to optimize their efforts, hundreds of CISOs have identified a few key areas of focus for 2021.
- Mitigating risks: In a recent Evanta survey, 78% of security leaders indicate that mitigating risks in the cloud is a top priority in 2021. CISOs are protecting against unauthorized access to critical data stored in the cloud, staying ahead of compliance and legal requirements, and being thoughtful about introducing additional third-party vendors into their networks.
- Expanding digital business & increasing maturity: Over half of CISOs surveyed identified increasing cloud maturity to better enable digital business across the enterprise as a goal for 2021. Companies that have a mature and agile cloud environment are better able to quickly bring new solutions to market, innovate faster and more efficiently scale the business.
- Improving processes & efficiencies: Organizations will reap tangible, financial benefits from using cloud services effectively and efficiently. There is no one-size-fits-all solution here; rather, CISOs should engage multiple stakeholders across the business to ensure an aligned strategy in pursuit of the enterprise’s strategic goals.
Priority 2: Measuring and Communicating Risk
The CISO role continues to be integral to overall risk management within organizations, opening the door for security leaders to grow their influence across the business. But what does it mean to ‘own risk,’ especially as the move to digital accelerates? Below are the top three goals CISOs are looking to achieve as they support a rapidly evolving set of information risk decisions.
- Mitigating risks: CISOs should carefully watch how risks are evolving, develop relationships with risk-owners across the business and work together to solve them. Being proactive and communicating emerging risks to stakeholders is critical to a CISO’s success.
- Improving metrics & KPIs: CISOs can’t effectively mitigate risks without the proper visibility. Compelling metrics should be created in tandem with non-IT executives to reflect the business strategy, drive desired results, and create leading indicators that influence decision-making at the business level.
- Making data-driven decisions: While security leaders have been tasked with protecting data, they also need to leverage that same data to make informed decisions. Enabling data-driven decision-making requires not only a strong data model but a fine-tuning of processes and culture.
Priority 3: Identity and Access Management
CISOs are staring down increasingly complex IAM challenges - internally with remote workers, and externally with customer-facing interactions. There is extensive disruption on all sides, and many organizations are finding their IAM programs lacking. How are security leaders tackling the future of access management? Here are the top goals identified by our CISO communities.
- Mitigating risks: Not surprisingly, 81% of security leaders indicate that mitigating user access risk is their top priority. Traditional approaches to IAM are no longer enough now that remote users exist outside the enterprise. In fact, in a recent Gartner publication, analysts predict that “By 2022, 30% of all security teams will have increased the number of employees working remotely on a permanent basis.” With this challenge top of mind, CISOs are tasked with creating agile and automated access management that the business can trust.
- Improving processes & efficiencies: CISOs often lack the necessary talent and skills on their teams to implement comprehensive solutions, so they’re relying more on MSSPs; but providers and tools cannot replace a comprehensive strategy. Gartner recently published a research note stating, “By 2023, 40% of IAM application convergence will primarily be driven by MSSPs that focus on the delivery of best-of-breed solutions in an integrated approach, shifting influence from product vendors to service partners.” In the coming months, CISOs will focus on people and processes as the core mechanism for creating IAM efficiencies.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.
BLOG | APRIL 5, 2021
BLOG | APRIL 5, 2021
Keep on Building and Trust the Process
Do you have a negative view of the word “process”? Head of IT Gary Allwood of ABP explains how good processes enable you to demonstrate improvements, manage change and show the value of what technology delivers. Read his 3 steps to a better process.
BLOG | MARCH 31, 2021
BLOG | MARCH 31, 2021
Who’s Answering the Next Big Question? IT Leaders Anne Marie Richard & James Dudek
On The Next Big Question podcast, we interview C-level executives about a timely business question. Here are highlights from our conversation with CIO Anne Marie Richard & Organizational Strategist James Dudek of UC-Berkeley.
BLOG | MARCH 29, 2021
BLOG | MARCH 29, 2021
From HR Policies to Human-Centric Philosophies
It’s the dawn of a new war for talent as millions of workers put pressure on organizations to seize the moment and re-design how and where work gets done. How can HR adapt? Read how to focus on philosophies over policies.