Cybersecurity has been considered a cost center, an impediment, even an afterthought for some organizations. Fortunately, with the growth of technical platforms and an economy driven by digital technologies, this perspective is changing. Security in the acceleration economy is not only critical to success but it is an enabler and can often function as a competitive differentiator.
Security leaders can propel security to be recognized as an enabler by not only aligning with business objectives, but through use of metrics to illustrate how security contributes to those objectives.
It’s long been said that the CISO should be considered a peer in the C-suite. For CISOs to be as influential and effective as other corporate leaders, it requires executive support. CISOs must engage their fellow business leaders across the organization to get buy-in and support for key security initiatives, which ideally should be aligned with business objectives as mentioned.
It’s important that CISOs and security leaders avoid a “fear, uncertainty and doubt” approach when discussing cybersecurity with other business leaders. FUD associates cybersecurity with negative emotions, which can be deterrents. Instead, CISOs can call attention to the ways that cybersecurity has a positive impact on stakeholders and customers.
Frameworks and Tools for Stronger Defense
Some of the key frameworks, tools, and methodologies that can help cybersecurity functions include Zero Trust, DevSecOps, and Cloud Service Provider (CSP) native services. Organizations are progressively adopting Zero Trust frameworks, recognizing that legacy security measures are no longer sufficient. Leading organizations are striving to implement DevSecOps tools and practices, reducing costs, removing internal friction, and ensuring shorter feedback loops, ultimately expediting secure value delivery for customers.
Many organizations are also leaning into innovative services exemplified by leading CSPs. These enabling capabilities include AI/ML and Intrusion Detection/Prevention Systems (IDS/IPS) for near real-time compliance automation. These capabilities are driven by rapid elasticity and scalability that cloud computing offers organizations, which weren’t possible in legacy on-premise data centers.
Top 5 Cybersecurity Priorities for the Year Ahead
Heading into 2022, there’s no shortage of key topics in every business and technology leader’s minds. Following are five of the top cybersecurity priorities.
- Supply Chain Risk Management (SCRM) – During the last 18-24 months, the supply chain has become a hot topic, and for IT and cybersecurity, it’s no different. A number of publicly visible and impactful supply chain compromises have made headlines. Organizations have quickly realized that their business partners, vendors, managed service providers, and software can all introduce risk when not governed and managed appropriately. From the DoD’s Cybersecurity Maturity Model Certification (CMMC), DHS’s supply chain efforts and others, supply chain risk management (SCRM) is receiving a lot of attention. On the software side, we have seen efforts in both the public and private sectors to secure the software supply chain. Google has championed approaches such as Supply-chain Levels for Software Artifacts (SLSA), while organizations like CISA and NTIA have pushed for the use and adoption of a Software Bill of Materials (SBOM). All of these efforts are fortifying the broader software supply chain as well as the production and consumption of software.
- Workforce – The IT/cybersecurity workforce continues to be a challenge for many organizations. The problem is exacerbated by factors like remote workforce growth and widespread digital transformation initiatives. This has left many organizations struggling to attract and retain technical talent. Some of the most competitive areas are AppSec and cloud security, due to the continued proliferation of cloud-native environments and workloads. Leaders should have clear plans for up-skilling their existing workforce and contribute to quality of life, which can help retain existing talent. Organizations also need defined plans to address workforce gaps.
- Cloud Security – Cloud adoption has been accelerating for years, but with the Covid pandemic and wide adoption of remote work, many organizations are migrating critical functions and applications to the cloud, often without the relevant security measures in place. Leaders must focus on securing their cloud deployments and environments or risk inadvertent data exposure and potential compromise.
- Security Tooling – As organizations move to the cloud, adopt DevSecOps, and implement Zero Trust Network Architectures (ZTNA), new security tools must be adopted. This applies to securing modern compute abstractions such as containers and serverless solutions. That said, as organizations continue modifying their security tool portfolio, they should concurrently rationalize the portfolio and retire legacy tooling where appropriate. If not, sprawl can occur which causes a slew of issues: half implemented tools, burnout and fatigue among security staff, and an overwhelming level of telemetry (noise) which allows real risk and concerns to fall through the cracks.
- Endpoint Security – As noted, the past 24 months have seen tremendous growth in the remote workforce with many companies announcing adoption of long-term remote work. For many organizations, this means a distributed workforce, utilizing devices under the organization’s control and outside of it with Bring Your Own Device (BYOD). Security leaders must make efforts to secure these devices, their levels of access to sensitive data, and adopt tools and practices that establish a secure remote work environment. The traditional security perimeter is dead, and legacy approaches are no longer applicable.
2022 is poised to be another challenging year for organizations when it comes to securing data and assets, and protecting business reputation branding. That said, efforts such as elevating CISO reporting and effective relationship-building can raise leadership awareness of business security challenges.
Those changes, coupled with key focus areas such as supply chain risk management, building a robust and capable workforce, and shifting to a Zero Trust architecture, can put organizations in a position to become “anti-fragile” in a time of increasing chaos.
This article appears in the Predictions 2022 Edition of the Acceleration Economy Journal Download the Full Journal Here