In 2022, the focus was on cloud security, but in 2023, it will shift to data security, says Nick Vigier, CISO at Talend, pictured.
The last few years have been focused on infrastructure velocity with the cloud, infrastructure as code, and the shift left mantra. Tooling has been introduced to provide cloud posture management and attack surface monitoring in these high-velocity contexts. In 2023, leaders will turn a strengthened focus up the stack into data movement, provenance, health, and governance driven by an increasing focus on data sovereignty and upcoming data regulations and frameworks such as the European Health Data Space.
The CISO moves from technologist to risk advisor to top-line contributor.
Businesses have been realizing that CISOs have a unique perspective on the business and its opportunities and risks. The CISO is there to protect the business and to enable informed decision making around holistic tradeoffs. The CISO in 2023 needs to find ways to behave like the rest of the C-Suite, where it is not just about managing bottom-line impact but also about how top-line contribution can be achieved. Metrics will need to shift to how the CISO has influenced deal size, accelerated product releases, or enabled new lines of business to be created, while measuring and managing security risks.
As executive conversations around data literacy skyrocket, those conversations must include the entire organisation, especially security. A widespread understanding of data will have a tangible impact on your organisation’s culture for the better – but only if it’s safeguarded. Looking ahead to 2023, those in leadership and in security departments should encourage employees to treat data like a currency, as it comprises key business information. To maintain the security of this valuable resource, creating a data culture, including controlled access, education programs to foster a greater sense of data responsibility, will be imperative.
A simplification and consolidation of security stacks will lead to more effective ongoing risk management by business owners.
Security organisations will seek to consolidate their tooling and approaches to provide holistic end-to-end perspectives on security and risk. The last few years have been focused on infrastructure as code, shift left, automated integration and deployment, and security orchestration. Vendors have taken up niche footholds in the various areas of these tectonic shifts. The changes to the economic climate, where businesses need to closely evaluate their spending, a slow-down in free-money economics leading to overvalued start-ups, and decreases in staffing levels, means that the remaining solutions will consolidate. The winners will be the ones that can tell the start-to-end story around platform and product security to enable teams and executives to move quickly and with context. Gone are the days of individual point solutions with practitioners left to put the pieces of the puzzle together. Businesses will need to consolidate their storyline but will ultimately be left with a more consistent understanding of their risks and can then focus on how they make decisions – which will in turn greatly benefit the organisation.
