The document discusses the evolving role of the Chief Information Security Officer (CISO) in light of digital transformation trends like cloud computing, the Internet of Things, and mobile technology. It notes that CISOs now need to take a more strategic role focusing on skills development, adaptive security architectures, and extending security to new digital business models. The use of managed security services is also positioned as an opportunity for CISOs to help address skills shortages and the increasing complexity of securing modern IT infrastructures.
9. 9
Internet of Things (IoT) - Increasing convergence of operational technology (OT) and
IT will drive consolidation of the industrial control system (ICS) security market, and
the provider landscape is expected to evolve alongside this trend.
• THREAT: Internal access to unconnected components (open ICSs to physical and
wireless networks & devices)
• THREAT: Exposure to external threats and cybercriminals‘ increased motivation
and sophistication
• High visibility and awareness of cyber threats to operational technology (OT)
environments is expected to drive interest in security solutions
• Market requirements are driving high-specialization platforms and a protocol-
specific ecosystem deployed within OT.
• ICS security is available at different levels of the technology stack, but network
security-based approaches are predominant.
2016 Security Trends in an evolving Security landscape Opportunity for MSSP
Business development
managers must take into
account that technology
capabilities are not
enough for success.
Partnerships and
integration with
operators and OT
platform providers are
key aspects to growing
business.
Gartner’s Take
IoT could be an
opportunity only with
partnerships in the ICS
market. But MSSPs don’t
know the ICS market.
Maybe there are special
SOC requirements to
explore?
Internet of Things
11. 11
Security cannot and should not be an afterthought for IoT infrastructure.
Manufacturers of endpoint devices and network connectivity need to factor security
into their products. The vast majority of IoT devices are likely to be low-powered, with
comparatively little on-board compute power. However, it is still too early to say
exactly what damage could be caused by a hacker compromising several million of
them.
Products, services, and devices that can be connected using IoT – sensors, capital
goods, connected home, connected car, industrial automation, wearables, healthcare.
The current and pressing IoT security issues:
• Passwords are often left as the default setting that all hackers know
• Too much communication between IoT nodes and back-end systems is left in the
clear rather than being encrypted.
• Manufacturers embedding connectivity into their devices are doing so for the first
time, and as such have never had to think about cyber security before.
2016 Security Trends in an evolving Security landscape
IoT Security Challenge
Because most will be
mobile devices, one way
to think of the challenge
of IoT security is “mobile
security on steroids”,
with billions more
devices to monitor and
no end users to notify
when a device has been
compromised.
Ovum’s Take
Ovum sees a role for
perimeter security
vendors keeping
malware out of IoT
networks, but also for
developers of identity
management technology,
as there will be a need to
determine that a remote
device has “gone rogue”.
Trend: Next generation business systems: IoT and mobile security
12. 12
IAM is not just about the security controls. The digital identity world is evolving and
moving on. As such, business-focused IAM will be needed even more to support the
complete lifecycle management requirements of business-to-consumer, business-to-
employee, business-to-business, and business-to-privileged user interactions.
• IAM must support business-to-consumer relationships
• For provisioning access for employees, partners, and contractors, Privileged
Identity Management (PIM) technology has an increasingly important role to play.
2016 Security Trends in an evolving Security landscape
Opportunity for MSSP
Business-to-consumer
relationships have many
different stages across
the lifecycle. IAM
technology providers
must acknowledge the
reality of this situation.
Combining the more
traditional components
of PIM with the use of
analytical and forensic
tools is increasingly seen
as the way forward.
Trend: IAM in the complete digital lifecycle
Customer-focused IAM has to deliver on
three key objectives:
• Easing access and improving the
customer experience.
• Gathering information that benefits
the business and its customers.
• Maintaining appropriate levels of
security.
Privileged Identity Management
• Historically PIM emphasis has been on
hardening the password vault, session
management, detection and monitoring.
• The use of identity analytics and information
intelligence to provide a more complete,
enterprise-wide picture of privileged users
and their activities.
13. 13
For today’s digital businesses, identity and access management (IAM) involves far
more than just provisioning and enforcing employee access to corporate resources.
They now must govern access across a variety of populations, from employees to
partners to customers.
And they must protect corporate resources that may or may not live in the cloud.
Vendors will provide more scalable, highly productized customer IAM offerings that will
provide cross channel capabilities.
• IAM budgets will increase at least 5% in 2016. Security decision-makers will finally
dump home-grown IAM for commercial solutions.
• As firms strive to improve CX, productized customer IAM solutions emerge.
2016 Security Trends in an evolving Security landscape
Opportunity for MSSP
IAM is no longer just a
boring back-office
technology. With
network security
perimeters disappearing
and data commerce
flowing freely between
companies, identity has
become the No. 1 peg to
hang access controls on
when it comes to data
protection, cloud
workload access, and
management of
customer populations.
Trend: Customers will boost IAM
14. 14
The pervasive digital presence required nowadays means a convergence of security
disciplines. Data security is key (confidentiality, integrity, and availability)
Top Security Trends for 2016-17
Gartner, 2015, 2016
Security Disciplines Converge - Pervasive Digital Presence
Opportunity for MSSP
• Establish security
governance and
planning relationships
with industrial
counterparts
• Improve cross-
discipline
procurement
methods
• Modify security
architecture to reflect
all layers
• Investigate changes in
security management
and operations to
accommodate
convergence
15. 15
In the middle of all this revolution,
what is the new role of the CISO
(Chief Information Security Officer)?
16. 16
How CISOs Spend their Time
Poneman
Institute, 2014
While asked to
be thinkers and
leaders, CISOs
still spend a lot
of time with
monitoring,
policy
management,
incident
management
17. 17
Barriers to CISO Success
Many of these
hurdles can be
addressed by a
efficient MSSP
Poneman
Institute, 2014
18. 18
Know the Different Types of CISOs
Evolution of the CISO
• Technology oriented
• Focused on the
infrastructure –
firewall, IPS, IDS
• Likes “silver bullet”
technology (i.e.
FireEye)
• Likely reports to CIO in
a non-strategic role
• Relationship with CIO
may be complicated
• High potential for
being made a
scapegoat
Tactical CISO
• Has moved up the IT
organization
• Very technical, narrow
mindset
• Focused on the
infrastructure –
firewall, IPS, IDS
• Does not have a seat at
the leadership table.
• Their management
may not view security
as a strategic asset
• High potential for
being made a
scapegoat
IT Manager in charge
of Security
Strategic CISO
• Fortune 500
• Leadership table
• Seeks visibility
• Internally focused
• Collaborative
• Forward thinking
• Trusts big vendors
• Favors MSS
• Considers alternatives
• Relationship-driven
• Knows their vertical
• Knows their value chain
• C-level relationships
could be more strategic
• Likes trusted advisors
• Can survive an attack
Transformational
CISO
• Fortune 500
• Transformational leader
• Security positioning
helps win business
• Helps define brand
• Seeks visibility
• Externally focused
• Collaborative
• Digital transformation
• Favors outsourcing
• Knows their vertical
• Knows their value chain
• C-level relationships to
understand IT goals,
strategies, visions
• Does own research
• Trusts their gut
• Can survive an attack
1 2 30
19. 19
The C-Suite Relationships Around the CISO
CISOCIO
CFO
CEO The CEO needs to hear directly, and frequently, about RISK.
CTO
This trio is excellent at avoiding breaches and data loss by
investing in and implementing cutting-edge technologies
Legal HR
This trio possesses an extensive
knowledge base that helps the CISO
improve security practices (through
financial transactions, compliance and
culture), obviate losses due to a breach or
incident and translates metrics into
business results.
Finance, Legal, HR
Information & Technology
COO
This trio brings more value to the
business by enhancing its security
program and risk processes, minimizing
operational downtime and integrating
security metrics with business risk
measurements.
CRO
Chief Risk Officer
Operations & Risk Value of an
MSSP
MSSPs
This marketing executive is typically
focused on the use of the Web, such
as email campaigns, mobile app
development, website updates,
blogs and SEO … email is the most
common attack vector.
CMO
Marketing
Note: The CTO owns the
company’s technology
strategy; communicates this
to partners and customers.
The CEO and CISO should be best friends. They rarely speak
about security but rather about business imperatives.
CIOs themselves are either
tactical, strategic, or
transformational – which affects
their relationship with the CISO
20. 20
The Dynamic Between the CIO, the CISO, and the CEO
CIO
The CIO and CISO can have a
complicated relationship, with
competing agendas, often
involving C-Level turf. Using a
football analogy, the CIO is the
Offensive Coordinator (increasing
efficiencies, access, and
resiliency). Activities are aligned
to business strategy.
CISO
Using a football analogy, the CISO
is the Defensive Coordinator
(improve security and risk
management across all
operational silos)…BUT IN
ADDITION…CISOs are in need of a
mandate befitting an executive
with more far-reaching
responsibilities. The best scenario
is to report to the COO or CEO.
IDC reports in a 2015 security executives survey (n=269), that 65% of CISOs today report to the CEO. However, Gartner
reports that most CISOs still report to the CIO or the IT department. In spite of this discrepancy, reporting to the CEO is
a growing trend, especially if the CISO has previous experience as a CISO elsewhere. The CIO and the CISO are both
increasingly strategic and both want and need the attention of the CEO.
Include key decision influencers in the IT & Security staff – focus on three groups: architects, users, and
senior executives and sell accordingly.
CEO
CIO CISO
Digital Business Strategy
Risk
BOARD
SecurityIT
Security
Budget
Control
ResilienceResilience
Efficiency
22. 22
Assess the most critical Impacts of cloud, IoT, Digital Business and generate the
necessary skills
Top Security Trends for 2016-17
Gartner, 2015, 2016
Find Security People & Skills – IoT, Cloud, Digital Business
Opportunity for MSSP
• Build a long-term IT
security workforce
plan reflecting digital
business
• Shift roles to coaching
and developing
• Develop high
potential specialists
into versatilists.
• Seek versatilists to
better execute the
organization digital
business strategy.
• Mix traditional and
agile recruitment
techniques to fill skill
gaps.
• Continuous skills
development.
23. 23
Develop an Adaptive Security Architecture. Utilize intelligence platforms to allow you
to visualize, correlate, and gain context.
Top Security Trends for 2016-17
Gartner, 2015, 2016
Embrace Adaptive Security – Software-defined everything / architecture
Opportunity for MSSP
• Shift security mindset
from "incident
response" to
"continuous
response"
• invest in detection,
response and
predictive capabilities
• Favor context-aware
network, endpoint
and application
security protection
• Develop a security
operations center
• Architect for
continuous
monitoring at all
layers of the IT stack
24. 24
Recommendations: Focus on small scenarios. Use risk-based prioritization. Emphasize
segmentation and access initially.
Top Security Trends for 2016-17
Gartner, 2015, 2016
Extend Security for Pervasive Digital Business – IoT, IAM
Opportunity for MSSP
Security requirements
–Policy management,
enforcement
–Monitoring, detection
and response
–Access control and
management
–Protect data, apps,
network, platform
Key challenges
–Scale
–Diversity (age and type)
–Function
–Regulation
–Privacy
–Standardization
25. 25
Social media is an important — and therefore risky — engagement channel for
organizations. The possibility of mistakes and malicious behavior fuels the risk of
exposing data, eroding the brand or otherwise hurting the company’s top line.
Social Media Trends
• Social Media platforms will be prioritized: FB, Twitter, Instagram, Vine, etc
• Focus on branded communities and blogs to build relationships
• Customer touchpoints (customer service) will extend to the social platforms
• Social platform ads will grow as media teams manage this marketing spend
• Listening and relationship platforms will merge
• Better crisis detection tools will make social less risky
Opportunity: Marketing and risk pros alike will take advantage of advanced early
warning monitoring systems and new analytics techniques to identify potential social
risk events and automate response actions more effectively.
2016 Security Trends in an evolving Security landscape
Trend: Social Media Risk
Opportunity for MSSP
A risk perspective is
sorely missing from the
way corporations
operate their digital
presence today.
In 2016, risk pros need to
get more involved
in helping monitor digital
risk environments to
mitigate digital and
physical risks and to
better protect the brand.
Forrester’s Take
Security must work with
marketing and business
leaders to form a shared
understanding of the
most critical aspects of
the company brand and
its vulnerabilities
26. 26
Cloud apps are a challenge and an opportunity. The mobilization of enterprise
employees and the expanding trend toward teleworking, remote working has resulted
in an explosion of new cloud applications, The apps are often not selected not by the
company but by the employee. This so-called “shadow IT” phenomenon obviously puts
corporate data at risk.
A group of vendors has emerged delivering visibility into shadow IT:
• SkyHigh and Netskope offer corporate IT departments with an enterprise-wide view
of cloud applications employees use to do their work.
• CipherCloud, Bitglass, Protegrity, and Vormetric focus on enabling control of what
happens to data that is going into cloud applications the IT department has
authorized for employee use, imposing obfuscation techniques such as encryption
and tokenization.
• Technology analysts have put both groups of vendors into an overarching category
called Cloud Access Security Brokers (CASB). IBM has already launched CASB
functionality coupled with identity management in a single box.
2016 Security Trends in an evolving Security landscape
Opportunity for MSSP
Corporate IT
departments need to
regain control by
obtaining an enterprise-
wide view of what cloud
applications employees
are accessing.
Ovum’s Take
During 2016, CASB
functionality may well
end up being integrated
into broader technology
offerings such as secure
web gateways, as well as
being paired with other
key security capabilities.
Trend: Protect Business Data in the Cloud
28. 28
By 2020, over half of
Web security
revenue will be
coming from cloud
based offerings
versus traditional
on-premisegateway.
2016 Security Trends in an evolving Security landscape
Growth in cloud-based web security
29. 29
By the End of 2017, 60% of Enterprises Will Rely on Third-Party Management of Their
Security Infrastructure. Security requires a heavy investment in people, process, and
tools. Two of the biggest obstacles that enterprises encounter are the lack of skilled in-
house security experts and the high cost of building an effective security team.
2016 Security Trends in an evolving Security landscape
Opportunity for MSSP
A broad portfolio of
managed security
services fits this scenario
well into the foreseeable
future
Managed Security Services will Thrive
Associated Drivers
• Disruption: Accelerating business disruption
from digital transformation
• Digitization: Escalating digitization and
accessibility of vast amounts of data
• Cloud life: The merging of real life with digital
identity
• Intelligences /Analytics: An interconnected,
informed, interactive, intrusive, intelligent, and
cognitive ecosystem
• Talent quest: High demand for next-generation
business/IT skills — scarce supply
IT Impact
• Distributed, loosely coupled
next-gen architectures make
securing the IT infrastructure
more complex.
• Greater use of analytics
moves security management
to a more predictive state.
• Enterprises want IT security to
enable innovation, not hinder
it.
30. 30
• MSS market growing at 10% globally. 2 x drivers:
• People and skills shortage:
• 30-50% Security jobs can’t be filled. Increased need for automation.
• Security spending:
• Today average ~10% of IT budget, 80% of this for defending perimeter
• By 2021, spending on defending perimeter will be <50%, 50% + will be spent to detect and respond
• We will see a shift in how Security is deployed to embrace the cloud:
• AWS, Google and Microsoft will start to bake in Security services soon – they will disrupt the market
• Market is moving to continuously analyse user and entity behaviour – building up individual behavioural patterns for
people and things to see small anomalies which are outside of ordinary.
Key market insight shared by Gartner
51%
31%
10%
8%
Today
29%
35%
18%
12%
4%
2%
In next three years
On-premise
Private cloud
Public cloud
Hosted private cloud
No plan to upgrade
Don’t know
31. 31
What does “Success” Look Like for a Strategic or Transformational CISO?
Maturity of
Security Program
Control
Coverage &
Maturity
Processes
Documented
Technology &
Automation
Adoption
Operational
Resilience
Risk
Management Employee Education
Compliance
Outcomes
Communication
& Collaboration
Strategic Influence
Board & Executive
Sponsorships
Key Partnerships
with CEO and CIO
Seat at the
Executive Table
Addresses
Vertical Sector
Challenges
Articulates
Risk
Marries
Strategic Vision
with Security
Vision Security Budget for
Reducing Future Risks
Strong
Organizational
Network
Subject
Matter Experts
IT Department
Relationships
Empowers the
Enterprise
Key Partnerships with CEO,
CIO, CRO, SVPs, GMs, LoB Managers
Cross Functional Team
Relationships
Security Team
Relationships
Vendors & MSSPs
Professional Strengths
Understands Internal
Environment and Value Chain
CISO Peer
Relationships
Leadership Style &
Philosophy Supported
by CEO
Emotional
Intelligence
Technical
Curiosity
Analytical
Skills
Vertical Sector
Knowledge
Strategic
CISO
Success
Forward Thinking
New HiresCollaboration
Executive Education
Facilitate CISO Success
34. 34 BT Security 34
BT Security - one of the world's 10 best cyber security companies in 2016
http://goo.gl/GPv6Yt
BT Security, a division of British Telecommunications Plc (BT), a subsidiary of BT Group, broke new ground in
the situational awareness market in 2015 with the launch of its BT Assure Cyber service. The platform
combines cutting edge risk analysis and cyber threat detection and prevention tools with BT’s security
experts, its partners who add their own services, and a managed services model for corporations and
government agencies globally.
The cost of data breaches are expected to quadruple and reach $2 trillion by 2019, according to Juniper Research.
BT’s Cyber Assure alongside its other security products and services positions BT Security as the top listed
international (non-U.S) company on the Cyber Top 10.