HOW AUTOMATION
REDUCES COMPLEXITY
FOR CISOS
With so many threats to contend with and regulations
to adhere to, it’s no surprise that CISOs utilise multiple
different systems to ensure compliance. But this can
sometimes create tooling overload and complexity. Nik
Whitfield, CEO, Panaseer, tells us how CISOs grappling with
numerous disparate systems should consider automation
tools to help make their lives easier.
Nik Whitfield, CEO, Panaseer
C
ISOs are currently
suffering with
compliance
reporting
overload. This
is because
organisations are
subject to three critical market forces,
which are fundamentally changing
the cybersecurity sector. The first is
that cloud and IoT technologies are
significantly expanding and changing
the surface that requires monitoring.
The second is that regulatory
mandates, such as GDPR, the SHIELD
Act and the California Consumer
Privacy Act, are increasing reporting
requirements. Lastly, there is a skills
shortage, and security personnel are
becoming scarcer.
To counter this, budgets and tools are on
the increase. Analyst firm IDC expects
organisations’ worldwide spending on
security hardware, software and services
in 2019 to increase 9.4% increase over
74
last year. Spending will continue to grow
at a compound annual growth rate of
9.2%, IDC said, and will top US$133
billion in 2022.
Research we conducted last year
unveiled that the average enterprise
CISO is running 57 separate security
tools. Over a quarter (27%) claimed
to be running a staggering 76+
discrete security products. Also, in our
experience, major regulated companies
such are banks are running 200 tools and
more, and that this number is increasing.
So, we have an increasing attack
surface, increasing reporting
requirements and a major skills
shortage. That’s why CISOs and
their teams are suffering the tooling
overload. But is this effective? That’s
what we wanted to investigate when
we commissioned a report in July to
Forrester Consulting. The findings
outlined that CISOs have a misplaced
confidence that the abundance of
technology investments they have made
has strengthened their security posture.
As the study cites: “Rightfully, companies
are prioritising their security and risk
initiatives and investing in multiple
The complexity
of today’s IT
infrastructures and
the heterogeneity of
enterprise security
tools make it difficult
for security pros
to protect their
environments.
Issue 21
|
www.intelligentciso.com