The COVID-19 pandemic ignited an unprecedented wave of remote work adoption, forcing organizations to rapidly embrace remote collaboration tools. However, the transition to remote work came with its own set of challenges, especially in ensuring robust security measures for remote access. Today, CISOs face a new frontier — a borderless enterprise landscape — where they must forge a strong security posture to protect their organizations from evolving threats and vulnerabilities.
To better understand these demands, Cisco partnered with Forgepoint Capital, NightDragon, and Team8 to evaluate the evolving threat landscape and gather invaluable insights and takeaways that chief information security officers (CISOs) can leverage to prepare for the future. Together, we created the 2023 CISO Survival Guide, a simple framework for understanding how teams can secure modern enterprises by defining the security posture of identities, data, and code that are distributed across a hybrid infrastructure.
Identity management is a critical concern for CISOs, as the lack of a unified platform across identity access management (IAM), identity governance and administration (IGA), and privileged access management (PAM) leads to a fragmented identity topology within organizations. CISOs express the need for technology startups to address this pain point by offering solutions that are easier to deploy, provide comprehensive coverage, and offer rich integrations.
CISOs are no longer tasked with security alone. They are also now responsible for securely enabling overall collaboration and business operations. This means they must balance data protection and use. To do this, CISOs are breaking data down into four key categories:
As agile DevOps creates a more rapid software development life cycle, enterprise security will only be as strong as its weakest link: the software supply chain. To give an idea of how big a deal this is, 70% of CISOs surveyed say they are prioritizing securing the software supply chain. To do this, CISOs will need full visibility into the development pipeline so that they can adopt a holistic strategy, which includes open source governance, delivery pipeline management, and an understanding of risk in third-party software.
Third-party software is its own issue. It supports quick innovation while operating a distributed workforce, but it can be a black box for CISOs looking to secure their enterprise. Third parties should be held to the same security standards as the rest of the enterprise.
If it is connected, it needs to be secured, even if you can’t see it. This is the cloud. By 2025 more than 85% of enterprises are expected to embrace a cloud-first approach. That means cloud security must be near the top of any CISO’s priorities because attackers are shifting to the cloud just as quickly as enterprises. There are many tools out there that let enterprises address data challenges related to the cloud, but they don’t necessarily go far enough to help CISOs discover the who, what, and where in the event of a data breach.
CISO Survival Guide
There is a lot that CISOs must do to stay ahead of these constantly evolving cybersecurity threats. Thankfully, emerging technology startups are providing fresh solutions to help CISOs stay one step ahead of the game in securing their enterprises. Defining security postures of the identities, data, and code distributed across a hybrid infrastructure is just one part to having a secured network that can protect data with a distributed workforce.
For more information, with an in-depth look at survey results as well as insights and analysis from CISOs, read the 2023 CISO Survival Guide from Cisco.
About the Author
Janey Hoe is a Vice President of Cisco Investments. Previously, she held multiple product management, technical marketing, and business development leadership roles at Cisco, operating multi-billion-dollar product lines as well as pioneering new products in switching, security, data center, and video collaboration. Along with her team, she was recognized as a finalist for the Pioneer Award, the highest honor for innovation at Cisco.