I think when you take a look at the expansion of the footprint, the volume of devices and then the volume of people that are part of the ecosystem, including third parties, then the risk goes up pretty significantly.
How do you see CISOs responding to these changes?
So now we’re beginning to see a movement by CISOs to try to simplify things, making sure you’re getting the best value out of the technologies that have been acquired and seeing if there are opportunities to consolidate, to ensure that the management of your environment is going to be a little bit easier to navigate.
How do we now think about the security architecture in a way that it allows us to be positioned to scale, be positioned for the ability to plug in newer technologies when that time arises in a way that’s going to make for an easier to manage and a more easily connected kind of environment? That’s the other trend that we’re seeing, a more, “Let me build a blueprint to enable the business,” moreso than simply worrying about the tactical aspects of, “How do I go and look and see where the vulnerabilities are within the environment?”
What do CISOs say about how the threat environment is changing?
If anything has really shifted, it is the nature of the attacks. They’re more advanced because [attackers] are better funded and have more resources to invest in the types of technologies required to evade defenses. That creates a challenge around visibility because if attacks are becoming more advanced, you have to have the ability to see them and to identify when something is going on so that you can move faster on the response side of things.
So that advanced nature of attacks means that now you see CISOs looking more and more at threat intelligence, big data analytics, so they can take a look at not only the indicators of compromise, but identifying data that’s coming from all aspects of their environment - from firewalls, from the endpoints, from email, from the network - and taking all of that data to try to get a crosshair on something that is in that environment that could in fact be malicious.
How are CISOs dealing with the shortage of well qualified workers?
When we’re out there talking to individuals in different companies, we see open REQs sometimes in the hundreds where they’ve been trying to hire and unable to do that. So again, when you think about analytics, the ability to get a little bit of a head start on what’s going on to get more visibility, the ability to automate different aspects of the operational side of things and in the ability to collaborate and to find ways to collaborate within environments so that you can leverage talent across enterprise. Those are the types of things that we’re seeing CISOs look at in addition to how do we ramp talent quickly. We see training programs where they’re trying to move very smart individuals out of the universities and get them ramped up as quickly as possible. I think all those things are taking place are positive, but the talent shortage seems to be one that is going to be quite a challenge to try to fill, given there is a wide gap.
Sign up for Computerworld eNewsletters.