Key Takeaways From Security Forum 2009 For Security Vendors, Consultants, And Service Providers
Shift happens. How to deal with the consequences?
Attendees at Forrester’s 2009 Security Forum in San Diego, CA September 10 to 11 gained many insights into how to deal, and
how to address the three main shifts in expectations (budgets, staffing,
responsibilities), ownership (tech populism/consumerization, cloud), and
architecture (building a security foundation, compliance). We heard what CISOs
and security professionals are being tasked with, what their concerns are top
of mind. Here’s a summary of what security vendors, consultants, and service
providers need to know about their customers:
- Addressing the shift in ownership is the most
important. CISOs will need to solve ownership challenges or else
risk being marginalized or replaced. CISOs must address consumerization
and mobility head-on, as businesses will increasingly embrace both. Security
can no longer be seen as simply as a documenter of concerns, but must become a
problem solver. You must show how your solutions and services help these CISOs
embrace these trends and deliver value to business stakeholders – who are
exerting greater influence over security strategy, project prioritization, and
product selection. - Business justification is a must.
It’s not just about security anymore. Product vendors, consultants, and managed
security service providers need to be able to present a clear business case to
CISOs, and be prepared to discuss value proposition with a host of other
stakeholders in the organization – line-of-business managers, legal, HR and
others. This is not about finding an ROI argument. Partner with and help CISOs
tie their security initiatives to business needs for internal stakeholders, and
give them the tools to sell your offerings internally - Cloud services can bring opportunity, but it’s no
magic bullet. There is still more hype than reality at the
enterprise level. It’s not enough for CISOs to assess what your – the security
vendor’s – current cloud strategy is; they need to understand what your future
plans are, and what you will be capable of doing for their industry. Security
product vendors are focusing too much on putting their offerings in the cloud,
but few if any are providing solutions to the issues of security cloud
computing services in general, and scant few are providing any solutions to help
protect organizations in cloud-enabling their IT infrastructure and
applications.
What do you think? And are there
trends and demands from your security customers that you see that aren’t
mentioned here?
For more color and to follow what analysts and
attendees on Twitter had to say, check out #FSF09.
– Heidi Shey and Jonathan Penn