“To succeed, Security & Risk leaders need to be part of the business strategy.” If I had a nickel for every time I’ve heard someone give some variation on that piece of advice, I’d be rich. As you all know, that’s an easy thing to say but a difficult thing to do. And that’s particularly true now, because our business leaders today are prioritizing growth – they’re entering new markets and releasing new products and services to grow revenue. Your business will unleash the creativity of its entire extended enterprise ecosystem – employees, partners, suppliers, and current customers – to find new ways to win and serve new customers. And your extended enterprise will connect via mobile and social applications and use cloud services.
With Halloween just around the corner, it’s time to get creative about how you can scare the pants off of the people in your IT organization. I’ve been attending a fair amount of CIO events recently, and in the spirit of Halloween I put together a few costumes that I can guarantee will keep your CIO up at night.
A Storm Cloud. While “The Fog” might have scared your CIO in 1980, thirty years later it's the cloud that is scaring him. Despite all of the hype around "as-a-service technologies" over the past two years, Forrester has found 48% of IT decision makers still say they are “not interested” or “have no plans to adopt” software-as-a-service -- a number that rises for other cloud-based offerings. Why the lack of interest? Security, integration, and lack of customization top the list of key SaaS concerns. Yet, as the cost savings and purchasing flexibility benefits becomes increasingly obvious, IT professionals know they have to get comfortable with their fears to reap the cost-saving and flexibility benefits that cloud-based offerings provide. (Extra costume points: Grab a lunch tray and say you are a cloud-based “server”. A full 59% of IT decision-makers say they are not interested or have no plans to adopt infrastructure-as-a-service.)
Last week, I wrote a blog post summarizing the Day 1 opening keynotes at Forrester’s Security Forum. This week, I’d like to recap the Day 2 opening keynotes. The second or last day at any event is always a challenge; attendees are always tempted to leave early or to stay in their hotel rooms to get some work done or if the event is in Vegas, squeeze in some craps (my favorite) or drop a few coins in a nearby slot. Luckily, we held the event in Boston and the lobsters have nowhere to run, so most attendees were happy to stick around until the end of the day. Not only did we have great attendance on Day 2, but there was a palpable buzz in the air. The audience asked tough questions and no one was spared — Forrester analysts, industry guest speakers, and vendors. While the main topic of Day 1 seemed to focus on risk and overall strategy, governance, and oversight, Day 2 focused on coming up with the specifics — the specific plans, the specific policies. As Andrew Jaquith stated in his keynote, to provide better data security, “you don’t need more widgets, what you need is a plan.”
Below are some of the highlights from the Day 2 keynotes: