As part of my job, I speak with lots of CISOs about their day-to-day activities, challenges, and responsibilities. Motivated by a few of these discussions last summer, I posted a blog called the CISO-centric Information Security Triad, which defined the three primary CISO priorities: 1) Security efficacy, 2) Operational efficiency, and 3) Business enablement.
How do these priorities influence network security? In a 2014, research report about network security, Network Security Trends in the Era of Cloud and Mobile Computing, ESG asked security professionals to identify the factors most influencing their organization’s network security strategies (note: I am an ESG employee). Interestingly, these factors align perfectly with CISO priorities as follows:
- 52% of security professionals said that the biggest factor shaping their organization’s network security strategy was, “preventing/detecting malware threats.” This aligns with the CISO’s focus on security efficacy from a risk management and incident detection/response perspective.
- 48% of security professionals said that the biggest factor shaping their organization’s network security strategy was the, “need to build an integrated network security architecture featuring central command-and-control and distributed policy enforcement.” By consolidating network security management and reporting, this one supports the CISO emphasis on operational efficiency.
- 46% of security professionals said that the biggest factor shaping their organization’s network security strategy was, “supporting mobile computing initiatives.” This parallels the CISO priority for business enablement by supporting secure mobile applications that automate business processes, improve customer support, generate revenue or cut costs.
Network security vendors (i.e. Barracuda, Check Point, Cisco, FireEye, Fortinet, HP, IBM, Intel Security, Juniper, Palo Alto Networks, etc.) often market their wares with an emphasis on security efficacy and speeds-and-feeds alone. Yes, these factors will always be important, but the ESG research indicates that vendors that extend their value to include operational efficiency and business enablement will stand out from the pack and certainly appeal to the biggest enterprise security kahunas -- CISOs.