Dark Reading recently published an article describing the top five near-term priorities according to a group of seven CISOs. We think this compilation of concerns is pretty accurate—it certainly encompasses what we’re hearing from our customers.
This list is interesting not just because of its insight, but also because it signals progress. In general, organizations who are further along in their cloud journeys will share these concerns. Learn more about the four stages of the enterprise cloud journey by watching our recent webinar.
Not surprisingly, the CISOs’ first priority is identity management in a multi-cloud world. It seems like it’s an age-old problem: controlling who has access to your resources and ensuring the right users are accessing the right resources at the right time for the right reasons. But the problem is and continues to be complex, and CISOs are looking for answers.
Their second priority is protecting assets with encryption and zero trust. Zero trust is a model in which network insiders and network outsiders are distrusted equally—both are required to verify their identities in order to access resources on the network. With data breaches growing in number and intensity, more and more CISOs are moving toward this model.
Their third priority is the rise of DevSecOps. The intersection between IT security professionals and developers is happening. Security professionals are focusing on education instead of control. To support this trend, DivvyCloud is helping our customers align and integrate security into their continuous integration/continuous delivery approach so that potential vulnerabilities are detected before runtime.
The penultimate concern from the group of CISOs is responding to alert fatigue. The number of products that provide varying types of alerts for varying levels of threats can be overwhelming. Understanding which signals are important and having the ability and capacity to act on those signals is and will continue to be a challenge for CISOs.
The CISOs’ fifth and final priority is education. Educating employees to understand security from a CISO’s perspective is a tremendous organizational undertaking, but it’s of critical importance. Without providing awareness, building buy-in, and enabling capability among its people, the organization’s security will be incomplete.
Check out Dark Reading’s article: 5 CyberSecurity CISO Priorities for the Future.