How Do S&R Pros Keep Up With Disruption?

When I talk to security (S&R) leaders, they always tell me that in an ideal world, they would have enough advanced warning of impending business and technology disruptions in order to understand the security, privacy and overall risk implications and then prepare and present their business executives with a balanced opinion about how best to proceed if and when the enterprise decides to move forward. Unfortunately, most often, business and IT colleagues move on these disruptions and technology shifts far in advance of the security team’s readiness, and we don’t have to look far for examples; just think of employee BYOD, mobile apps for customer engagement, cloud services, social technology for marketing and collaboration, massive big data projects for business intelligence, or virtual and converged infrastructures within the data center.

It’s horribly clichéd but still true; we as security pros are usually in a constant state of “catch up.” There are numerous reasons for this. A major reason is that until recently, CISOs were primarily technical experts that didn’t understand (or care to understand) the market drivers and business context fueling many of these disruptions and tech shifts. Not too long ago, I was in a meeting with a group of CISOs and other security leaders and many of them were still lamenting their organization’s insistence on supporting personally owned devices as nothing more than an obsession with the latest shiny object. This kind of thinly veiled disdain for a disruptive technology that has proven to increase employee productivity and drive business results only increases the distance between security and the business and fuels the perception that security is not a business enabler.  It’s also true that as security budgets have only increased by single digits while the threats to the business and the responsibilities of the security team have increased dramatically, S&R leaders simply don’t have time or resource to be futurists.

I firmly believe that if we continue to align more closely to the business and we continue to position the discussion of security’s role and responsibilities in business terms (e.g., protect corporate brand, safeguard intellectual property and competitive advantage, earn and retain customer’s trust), we will find it far less likely that we’ll wake up one morning to discover the business has already deployed a new emerging technology without our knowledge. This is because we’ll already be a part of the discussion. But I also believe that CISOs, like their CIO counterparts, will need to be part futurists by staying abreast of the latest research, networking and collaborating with peers, and making business proposals rather than sitting back and waiting for the requests to come in.

That’s why at our spring Security Forums — May 6 and 7 in Washington, D.C. and June 10 and 11 in London, I’ll be hosting a Forrester Analyst Showcase: "What Will Disrupt You?" Each of the senior analysts on the panel, John Kindervag, Andy Rose, Renee Murphy, and others will discuss the next five years’ most important disruptive trends.

What is your organization talking about next? Is it the opportunity to use data from smartphone sensors and wearable body sensors to develop the next generation of customer apps and services? Is it the next generation of user interfaces like gesture technology, speech technology and eye tracking? Or is your organization looking at developing or leveraging embedded computing or smart technology in utility meters, cars, medical devices and home appliances?