Our IT Executive Roundtables are invite-only events hosted by peers for peers that bring together a select group of senior IT leaders from across industries for topic-driven, intimate dialog on current trends and topics. The group met remotely to discuss cybersecurity staff turnover and burnout led by the VP & ISO of a leading dental support organization. This Session was sponsored by Cloudflare.
More cyberattacks are happening today than ever before. Security can no longer be an afterthought; it must be shifted left and made an intrinsic part of your applications and infrastructure. But it can be hard to align your security initiatives with your business objectives. How do you enhance your security posture without compromising user experience and productivity? What is the importance of identity in this regard?
At the start of the discussion, attendees were asked if their business goals were at odds with their security initiatives. Everyone responded in the affirmative. A CISO remarked that several companies don’t have the money or resources or both to implement security projects. Moreover, it can be hard to get budget approvals when your CFO doesn’t understand security risks. Or if they think that security objectives don’t translate into business goals. An InfoSec specialist added that security initiatives don’t always align with the speed at which the business wants to operate.
A participant mentioned that it’s hard to control and define your security perimeter in today's digitally connected world. The internet is now the corporate network. Resources are spread across private and public clouds, employees access internal systems from different remote locations, and customers log in from multiple digital touchpoints. The traditional methods of using endpoint-centric controls, firewalls, and VPNs are no longer effective. The modern way of securing your systems and users is via identity. It allows you to enforce fine-grained access control across your infrastructure. It enables your users to log in to most SAAS applications, directly from the browser, in a frictionless manner. We can expect identity and the browser to be the new frontier for security, replacing the static controls of the past.
An attendee shared that forward-thinking companies are using IAM solutions to implement advanced authentication techniques, like password-less authentication, continuous authentication, and adaptive authentication based on behavioral analytics. Identity is also at the heart of most zero-trust implementations. It allows you to define granular policies for controlling who has access to which resources and under what circumstances.
A speaker told the audience that you shouldn’t sacrifice user experience for security. Security controls shouldn’t create more hoops or roadblocks for your users to jump through. Improving your security posture shouldn’t increase your time to market. Your identity strategy should enable your business strategy. Use frictionless authentication to achieve easier workflows, and increase productivity. Implementing SaaS-like seamless login experiences for your legacy apps is also important.
A contributor said it’s important to take a value-centric approach to change culture. Most organizations fail to change the culture because they take a control-centric approach, e.g., asking people to reset their passwords fortnightly because it’s considered a best practice. Control-centric approaches typically face a lot of opposition. In a value-centric approach, you identify business problems and solve them under the guise of security. You encourage people to change because it will generate more value and make their lives easier. In addition to the what, you also talk about the why.