Top 3 IT Security Focus For CISOs

by CXOtoday News Desk    May 13, 2014

security threat

A new report released by RSA, the security division of EMC, identifies cyber threat resiliency, end-user experience and cloud security as the top three areas of investment for CISOs to better build anticipatory defenses while also improving business productivity.

The report titled: “Transforming Information Security: Focusing on Strategic Technologies” notes that these practices are not being developed or implemented quickly enough. Organizations now acknowledge the inevitability of breaches, and have turned attention to minimizing their impact. “As such, security leaders are focusing on strategies and technologies that help provide threat resilience versus prevention and prioritizing investments in solutions that provide better detection and response capabilities,” said the report stating the example of big data analytics that can help achieve a stronger cyber defense.

Next-generation anti-malware technology is also identified as a key area where organizations should add new techniques to baseline capabilities. The report also highlights the importance of improving end-user experience for business productivity gains and suggest investments in more flexible methods for authentication and Identity and Access Management that help reduce risk and evaluates the latest claims about cloud security services designed to help enterprises with visibility and control.

“Increasing resilience is core to any organizations’ cyber defense strategy. Employing the right technologies that provide better visibility and analysis to actually anticipate attacks can and should reduce risk to the business,” says Amit Yoran, Senior Vice President, RSA, The Security Division of EMC.

The report also details three recommendations that provide he necessary guidance to help CISO and security teams to determine how to make the right technology investments:

1. Look at Least Three Years Ahead: By using SWOT analysis, aligning with IT and the business, creating an enterprise-wide Big Data strategy, and engaging with auditors, organizations can formulate plans to determine what security capabilities will be needed to protect against a dynamic threat landscape.

2. Achieve a Bigger Picture Through Integration: When investing in security technologies today, the greatest payoffs often come from connecting and consolidating information from multiple applications. Technologies are now available that make it easier to integrate systems such as data analytics, security intelligence, and GRC platforms.

3. Maximize Value Through Formalized Technology Developments: Leading security teams familiar with the pitfalls of technological change, budgetary shortcomings, and the failure of new product expectations advise having formal approaches to deployment in order to proactively manage the risks.