What’s on CISO's Minds in 2018?

I’ve just begun a research project on CISO priorities in 2018. What I’m finding so far is that CISOs are increasing their focus in several areas including the following:

  1. Business risk. Yes, CISOs have always been employed to protect critical business assets but in the past, this was really executed with a bottom-up perspective – from IT and security infrastructure up to business processes. Fast forward to 2018 and CISOs are moving to a top down view from business processes down to the technology. This broadens their view of risk and mandates that security controls work collectively to protect ALL the technologies used to accomplish business processes. This is a profound change that challenges even the best CISOs and security organizations.
Topics: Cybersecurity risk management data security CISO identity management security awareness training

Cloud Computing Chaos Is Driving Identity Management Changes

I was recently reminded of something a CISO said to me a few years ago. This security executive mentioned that his organization was struggling to maintain tight security controls in an era of cloud computing and mobility. As a result, his organization had increased its focus in two areas: Identity management and data security. He stated, “with the rise of cloud and mobility, identity and data security are the new security perimeters.” 

I mentioned this conversation to my colleague Mark Bowker who covers identity management at ESG. Mark responded that the CISO's conclusions are clearly characterized in some recent ESG research data. For example, 61% of respondents believe IAM is more difficult today than it was 2 years ago. Why are things more difficult? Survey respondents pointed to cloud computing and mobility as two primary drivers but also mentioned increasing cyber-threats, and the lack of a comprehensive IAM strategy.

Topics: Cybersecurity identity management MFA SSO IDaaS

Security Requirements Are Driving Identity Management

Anyone familiar with identity management knows that it can be extremely messy — lots of tactical tools, access policies, multiple data repositories, manual processes, etc. Furthermore, user authentication continues to be anchored by user names and passwords making nearly every organizations vulnerable to credentials harvesting, identity theft, and cyber-attacks.

Topics: Cybersecurity IAM identity management

Workspaces and Identity Management

Elaborating on a point from a recently published blog, What’s a Workspace?

We like to think of this as a transformation from personal computing (PC), where a user was typically associated with a device, to PCS (productivity, communication, and security), where users are associated with a workspace that can be accessed from a variety of devices and locations.

The user should be at the nucleolus of a mobility strategy. In the past, we have really managed everything from a device perspective, but with the onslaught of businesses embracing mobility to enhance their employee productivity, the swing toward putting the user at the center of the workspace is upon us.

Topics: identity management workspace

The Enterprise Security Model Is Experiencing “Death by a Thousand Cuts”

If enterprise security were an automobile it would be a Ford Taurus circa 1995. Good car way back when and still running but burning oil, barely passing inspection, and held together by bondo today.

Topics: Network Security Cybersecurity Information and Risk Management Security and Privacy Security endpoint security enterprise security compliance CISO mssp security operations security services CISSP identity management