Great Technology Organizations Have Great Security Organizations
Forrester has been researching future fit organizations for the past few years, those organizations that have evolved their technology strategy to enable their firm’s customer-obsessed business strategy. Tech organizations fall into three tech strategy buckets: Traditional tech orgs are driven by cost, act as order-takers, and typically follow waterfall methodologies; modern tech orgs evolve to act as partners, focusing on customer value, delivering end to end on cloud and other platform architectures using continuous delivery; and future fit tech orgs extend modern tech strategies by focusing on flexible platforms and shared accountability.
How does security fit into this model? Chances are, if your firm’s technology organization is siloed, outdated, and waterfall (traditional), your security team isn’t going to be a model of agility and collaboration. Conversely, suppose that your technology organization is trying to evolve to be creative, adaptive, and resilient (future fit), and your security team hasn’t caught up to that. In that case, your security team is slowing down the technology organization’s transformation.
Our most recent research directly correlates future fit technology and security maturity, showing how future fit organizations score higher in security maturity assessments than modern or traditional ones. Other findings from recent and upcoming research include the following:
- Future fit tech orgs secure what they sell. Teams that embed security throughout the product lifecycle provide a trusted foundation and better protect the products and services that the business sells. Future fit tech organizations noted that their security teams were more likely to be involved in the early and late stages of the product lifecycle. In addition, future fit tech firms were more likely to appreciate the security team’s impact as critical to product success.
- Traditional, modern, and future fit tech orgs prioritize security initiatives differently. When asked to prioritize security initiatives for the upcoming year, traditional tech firms were more likely to focus on the basics such as cloud migration and security operations than their modern tech and future fit tech peers. By contrast, future fit tech firms have been successfully addressing the basics and were more likely than others to prioritize strategic initiatives like communications, metrics, and reporting.
- Future fit CISOs are more customer-facing. Today’s CISOs fall into six archetypes, but one of them — the “customer-facing CISO” — is particularly aligned with the future fit technology mindset. CISOs from future fit tech organizations were more likely to characterize themselves as sales leaders and revenue ops leaders and were much more likely to be involved in customer success.
Please join us on March 30 for our webinar, Your Security Organization’s Journey To Future Fit, where we will discuss these trends and relationships in more detail and offer guidance on how to evolve your security team to support your organization’s future fit initiatives.