t cht lk businesses to undergo , but it ’ s well worth their efforts once they do .
t cht lk businesses to undergo , but it ’ s well worth their efforts once they do .
You will need to have the right tools and partners in place
It takes years for organizations to set up security teams and processes and it ’ s not possible to build all of that from scratch in a short time frame . To move quickly but steadily you need to choose the right tools with the right automation capabilities and create a clear plan with a specific scope .
Many times , businesses are really strong in one area and weaker in others , but they still try to get everything done themselves . To be successful you need to understand your weak spots and then find the right technology and partners to help you in those areas . When you do that your teams can move faster and your business will be strong on all fronts .
To be successful you need to understand your weak spots and then find the right technology and partners to help you in those areas .
The role of CISOs will expand
The job of CISOs has massively expanded over the past few years – it ’ s not all about budget and the scale of operations anymore . You ’ re in charge of ensuring that your business is compliant , hiring the right people , implementing strong threat management and getting vulnerabilities under control .
To balance all these responsibilities , CISOs will need to deeply understand the capabilities and strengths of
their teams . Acknowledging a weakness is actually a strength that gives you an opportunity to find the right partner to advance your company proactively instead of using additional time and resources to build all of those solutions yourself .
Proactive risk mitigation will be required
I ’ ve been seeing increasingly more business leaders express their desire to be secure from the beginning and prevent security issues from arising as opposed to only having aircover for when things go wrong . It ’ s exciting to see people motivated to take on a challenging task ; this is likely a result of new , stricter security requirements , more security-focused insights , and recommendations from advisory boards and an overall better understanding of how preventing security issues is more cost-effective than remediating them . Instead of companies striving only to meet the minimum-security requirements , I think we ’ ll continue to see them aiming for a higher level of risk mitigation .
Shifting left will be essential and supply chain risk will be a major concern
Ulfar Erlingsson , Chief Architect at Lacework
I like to use the phrase ‘ span left ’ instead of ‘ shift left ’ because we need to incorporate security from the beginning of the software development lifecycle and there isn ’ t an endpoint . We watch how the software executes and make continuous improvements . Shifting
76 INTELLIGENTCIO LATAM www . intelligentcio . com