For the past year, I have been doing a deep dive into Forrester’s future fit research and its intersection with security and risk. As a quick refresher, technology organizations fall into one of three categories in their technology strategy: traditional tech, modern tech, and future fit tech. Modern and future fit technology organizations transform technology to support their organization’s business strategy. Rather than acting as siloed, waterfall order-takers, modern technology teams embrace automation, cloud, and continuous delivery. Future fit tech orgs up the ante even further with a focus on flexible platforms and shared accountability.

What does all of this have to do with security? Earlier this year, we published a report showing the connection between technology maturity and security maturity — simply put, modern tech organizations scored higher on the cybersecurity and privacy maturity assessment than traditional tech organizations, and future fit tech organizations scored even higher. But it’s not a matter of doing every aspect of security a little bit better or a little more — as organizations move from traditional tech to modern tech or from modern tech to future fit tech, security teams make specific investment choices, such as shifting everywhere, that support the organization’s technology evolution. Of note:

  • Modern tech orgs are most likely to prioritize appsec. While all security decision-makers viewed improving application and product security as a top tactical priority, those in modern tech orgs were even more likely to do so.
  • Future fit tech orgs get strategic. Security decision-makers at future fit tech organizations were much more likely than their traditional tech and modern tech peers to prioritize initiatives like improving security communications and building better security metrics and reports.

Our upcoming research into future fit and product security supports and expands upon the trends that we shared earlier this year. Those hoping to evolve from traditional to modern or future fit must adopt a technology strategy that enables adaptivity, creativity, and resilience — but they won’t get there unless the product security team embraces those principles, too.

I hope you will join me at Forrester’s Security & Risk 2023 event in Washington, D.C., (or virtually) on November 14–15 for a deeper discussion on the intersection of product security and technology strategy at my session, “Building A Modern Product Security Team.” Learn more about the Security & Risk event agenda and register here.