LATEST INTELLIGENCE
THE STRATEGIC VALUE OF IDENTITY FOR CISOS
The vanishing network perimeter has made identity the critical cybersecurity control plane, dramatically changing security operations. This brief provides a summary of the research * into these changes by the Enterprise Strategy Group, conducted in partnership with Okta, which revealed five key insights on how identity security has become a foundational focus for CISOs:
1. The CISO has moved from defense to offense. 2. CISO responsibilities have shifted toward strategic business enablement. 3. CISOs recognize identity as their organization’ s biggest vulnerability. 4. CISOs see no easy fixes for identity security. 5. Tech bloat exacerbates identity security problems.
CISOs’ top“ Jobs to be done.”
• Better quantification and reporting on cyber risk 41 %
• Aligning the number and type of security tools with requirements 38 %
• Maturing / evolving policies related to data, security and privacy 36 %
Key insight # 2:
CISO responsibilities have shifted toward strategic business enablement
Based on the ESG research, the way CISOs think about their responsibilities is becoming more strategic in nature – and shifting toward more business-critical outcomes.
Key insight # 1: CISOs’ most important responsibilities.
PRESENTED BY
The CISO has moved from defense to offense Conventional perimeter-based enterprise security strategies have an inherently defensive nature, but that defensive stance cannot keep up with modern work. The ESG research showed that CISOs’ top“ jobs to be done” all center on proactive strategies – risk quantification / reporting, control rationalization, and data privacy:
Maturing / evolving policies related to data security and privacy( e. g., Zero Trust)
CISOs are redefining success metrics and moving beyond incident rates and response times to emphasize the business impact of security, such as how downtime frequency or duration connects to security events. p
22 INTELLIGENTCIO APAC www. intelligentcio. com