Since I first became the research director of the Security & Risk team more than five years ago, security leaders have lamented the difficulty of aligning with the business and demonstrating real business value. Over the years, we’ve written an enormous amount of research about formal processes for aligning with business goals, provided key metrics to present to the board, and developed sophisticated models for estimating security ROI. Yet for many, demonstrating real business value continues to be a significant challenge. If it wasn’t for the 24 hour news cycle and a parade of high profile security breaches, chances are good, that security budgets would have been stagnant the last few years.
Why is business alignment and demonstrating business value so hard? It’s because for too long, security leaders have focused on managing regulatory risks at the lowest possible cost, and securing corporate perimeters, back-end systems of record, and data center infrastructure. Security leaders have not been working with counterparts in the business and marketing leaders to champion privacy, embed controls directly into customer-facing products and services as a competitive differentiator or to help them identify, analyze, and mitigate risks in the customer life cycle. If your security priorities and investments don’t focus on helping your firm win, server, and retain, customers, and thereby increasing your firm’s top line growth, then I’m not surprised if demonstrating business value is an issue for you.
Lucky for you, the S&R team is full of security & risk management experts that continually write a ton of research on how to both better and excel your security strategy with a customer-centric focus. Below, I’ve highlighted four of our most recent reports and shared a few of our words of wisdom:
- We are now living in an almost all digital, data-driven world and must adjust our security strategies and approaches accordingly. In John Kindervag’s “The Future Of Data Security And Privacy: Growth And Competitive Differentiation”, he explains how companies have to treat their data security and privacy as the golden competitive differentiators that they are. S&R pros must implement and practice a data-centric approach that ensures security travels with the data regardless of user population, location, or even hosting model. S&R pros who take this approach will help their firm build a new kind of customer relationship.
- Hoping to keep your job as the CISO of your digital business? Well Martin Whitworth’s “Evolve To Become The CISO Of 2018 Or Face Extinction” is a must read. When we speak with CISOs about their vision of the future, they list leadership, strategic thinking, and business knowledge as the top three skills they will need to succeed in the role in the next few years. Ultimately, the evolved S&R leader must be seen as a competent business professional
- There are 3 guarantees in life: death, taxes, and security breaches. Despite your most valiant efforts, you will experience a breach, so know how to treat your customers when all else fails with Heidi Shey’s “Market Overview: Customer Data Breach Notification And Response Services”. Customer-facing communication following a breach is a critical component of incident response and the first step in reassuring customers that you’re handling the incident appropriately. Botch the response, and you'll never be able to regain customer trust. Nail the response, and you have an opportunity to not only regain their trust but also strengthen the relationship.
- Manage and protect your customer identity and access management with Merritt Maxim and Andras Csers’ "Market Overview: Customer Identity And Access Management (CIAM) Solutions". Business leaders entrust their security teams to protect customers' privacy and shield them from fraud and other malicious activities. Part of this will require you to implement solutions that authenticate customers' identities across all channels — digital and nondigital — and help the firm manage their access to services and sensitive data. But deciding which vendors are best from your business can be a daunting task. Andras and Merritt have done the hard work for you in their seven-vendor market overview on CIAM solutions.