Calling all CISOs: Budgeting season is upon us
Global businesses are hyper-aware of current economic conditions. With a looming recession, company leaders are now more cost-conscious than ever and have started to re-evaluate their spending and inventory. This means taking a closer look at technology expenditures like cybersecurity.
Over the next 6-12 months, decisions will be made about the future of many vendor relationships. Business leaders will group these relationships into two categories: the ones that deliver critical value to an organization and the ones that cost more than they are worth.
With budgets on the line, an organization must find ways to optimize its existing security posture without needing to invest in more security controls. Chief Information Security Officers (CISOs) will play a pivotal role in this decision-making process and must take a long, hard look at financials.
It’s safe to say that CISOs carry a tremendous burden. CISOs are expected to provide necessary levels of security without stifling business growth. They are responsible for mapping risk across the environment, this includes: protecting against major threats, monitoring suspicious behavior and recovering from cyber incidents. The management of these risk factors is complex and critical.
These responsibilities may seem daunting, especially since today’s modern technology infrastructure is a web of networks, clouds, applications and endpoint devices. Historically, business leaders have often thrown money at the problem. They have been chasing the last major breach by purchasing point solution after point solution. But today’s enterprise has gotten so complex that business leaders require new strategies, investments and technology to close the security gaps. According to Saviynt’s State of Enterprise Identity report, more than half of respondents (56 percent) claim their business had an average of three data breaches or other access-related security incidents over the last two years.
The answer here isn’t more siloed products -- in fact, it’s the complete opposite. For today’s modern CISO to properly manage risk, they must consider cloud-based platforms that can maximize investments and mitigate potential security pitfalls. And this is especially true in the world of identity. Modern identity security challenges left unresolved often lead to costly data breaches, cyber attacks and regulatory compliance missteps.
This piece isn’t meant to convince a CISO that they need another security solution to layer on. However, we do intend to educate CISOs on why making a shift towards cloud-first converged identity and security is a more sound investment -- the idea here is tool consolidation, not tool accumulation.
Intelligent identity solutions can prevent costly financial consequences. CISOs in the midst of budgeting should read on to learn why a cloud-based converged platform, one that brings together all aspects of identity, access and governance will help today’s modern enterprise tackle their most common security challenges.
Vendor Roll Call
To kick things off, CISOs should take inventory of all of their vendors. They will need to understand what the cost of each relationship has on an organization’s bottom line relative to how these relationships improve an organization’s security posture.
This kind of thorough assessment of a firm’s current security posture will naturally evaluate how security can contribute to business objectives and priorities. As a result, CISOs will better understand their organization’s key business drivers and become more aligned with the overarching business strategy. The goal here is to have cybersecurity be seen as a business enabler not a cost center.
Consolidate Your Tools and Embrace the Cloud
If we’ve learned anything from the last few years, it’s that we can certainly rationalize the cost of the cloud. But the rapid acceleration of digital transformation and cloud adoption comes at a price -- while most companies have been able to move faster at a lower cost, there are new security challenges for today’s modern business to consider.
Tool consolidation and platform evolution will help businesses as they proactively look for ways to secure critical data, systems and identities. We know that businesses need to adapt to changing times while also addressing business requirements. CISOs that need to eliminate multiple products and vendors without gambling with risk should consider platforms for their identity-related needs.
A CISO that wants to manage another type of identity does not need to buy another identity and access management tool. Instead, CISOs should be able to turn to a platform provider that can easily manage another class of identities (think internal/external, machines, humans, etc.) without needing to start from scratch. This is where converged platforms that can go beyond traditional IAM functionality to govern and administer all identity access whether it’s privileged or standard, human or machine, are most beneficial. We are seeing higher adoption rates of these platforms; in fact, our report findings also confirmed that 71 percent of respondents are actively considering, or plan to adopt, converged identity governance & administration (IGA) and privileged access management (PAM) solutions to reduce costs.
Business leaders will have to navigate forthcoming economic uncertainty. Strategic budgeting and cost-allocation will start with the most important priorities -- vetting company assets and risks, while gathering an accurate overview of IT assets and resources. As the protector of the enterprise, its people and its data, CISOs will be instrumental in finding ways that will demonstrate how cybersecurity can enable the business and digital transformation, while continuing to manage cyber risk and compliance. Find a platform that grows with the business and trust in the fact that tool consolidation, particularly in the cloud, can support this effort.
Photo credit: Den Rise / Shutterstock
Jeff Margolies is Chief Strategy Officer, Saviynt. Jeff spent over 25 years in the security and identity industry, as part of the security leadership teams of both Accenture and Deloitte and leading strategy, partnerships and corporate development for Mandiant.