The enterprise security tipping point
Enterprise cybersecurity continues to become increasingly more complex and stressful for CISOs and CIOs to successfully navigate. Take the recent SEC lawsuit against SolarWinds. For the first time, the SEC has brought charges against an individual—specifically a CISO—in connection with an enterprise cybersecurity incident. The ramifications based on this milestone moment are evident and causing CISOs and CIOs alike much consternation as they not only build comprehensive cyber security strategies but in selecting their business partners and understanding the risks in executing the strategy in a timely manner. This is all complicated by incremental focus and transparency required now with the C-suite and Board on enterprise risk and disclosure in the event of a breach. All of this is even more complicated by an ever-evolving threat landscape that will continue to progress.
For US-based public companies, recent SEC regulations around how quickly companies must now disclose a breach complicates things further. According to the regulations, companies must disclose a security breach within a matter of days of the event. Anyone who has faced a breach of any kind knows that having all the information regarding a breach in a matter of days is hugely challenging, in addition, it may complicate the situation of having to disclose as the breach is still being remedied. With these new regulations, what will prove important is not just sharing information early but updating often, particularly as more information comes to light, which is likely to happen outside of the initial disclosure period. I cannot overstate it — the ramifications around transparency, clarity and timeliness are extremely apparent here.
Last but certainly not least, is the complexity of the digital landscape. Understanding the “who” in “who has access” and the “what” (technologies, data and resources) they have access to has evolved tremendously. Without clarity on both areas AND a very focused, integrated, unified approach to managing all of that at the scale that today’s enterprise demands, it becomes very difficult for companies to be able to address the transparency, clarity and timeliness that the regulatory environment alone now demands.
So where does that leave today’s enterprise CISOs? Well, with the wrong cyber security strategy, that would leave them exposed! CISOs and CIOs, more than ever before, must be able to defend their cyber strategy, ensure they have the right approach, right execution, and a fortified enterprise that can withstand the never-ending cyber threats. They have to be prepared and equipped to disclose everything necessary in the event of a security incident. The reality is, that they simply cannot afford to make a careless mistake, the stakes are too high! One wrong (or delayed) decision is all it takes. It could mean a company lawsuit, a failure to meet regulatory requirements, and, of course, it could also put their job—and their reputation—in jeopardy.
The enterprise security tipping point
We’re faced with a real tipping point in enterprise security—organizations need a better way to see everything happening across their business so that they can manage it all, secure it all, and, importantly, react to it all—without pause, without delay. It is crucial to get this right. This is where we continue to see the relevance and business essentialism of unified identity security across enterprise security programs worldwide.
Unified identity security is about the right security policies that bring the clarity and control needed to safeguard the business. That means a holistic view into every identity type, every access type and every type of application and the sensitive data within. It’s not just that holistic view that puts the power back in the hands of the CISO, it’s also the element of AI that drives autonomous decisions based on a unified set of policies, thus freeing up security teams to focus on the bigger picture.
This is not the time to save a few bucks, nor is it a time to look for the seemingly easy way out with a converged approach to managing identities, which will almost always end up costing more in the long run. Given the layered dynamics—regulatory, reputational and landscape—that impact every enterprise worldwide, companies must look at securing their business through the right lens. With identities being the central thread that weaves the enterprise together today, the only way to truly secure it all is by taking a unified approach, backed by policy and underpinned by a unified data model. Simply put, enterprise security has to start and end with identities. This is no longer a niche or a nice-to-have buy for CIOs and CISOs, identity security is a strategic investment that will drive risk reduction and business resiliency. And ultimately, forms the foundation of enterprise security today.
Discussion