Why frameworks are more necessary than ever for secure enterprise transformations

Taking governance shortcuts in order to quickly take advantage of competitive opportunity can lead to major failings when it comes to security and privacy and cause serious long-term damage to the business.

Organizations are moving fast in retooling their business strategies and integrating the technologies that are needed to execute them. This is true for a multitude of reasons. A global shift toward telework, accelerated sharply by the COVID-19 pandemic, is rapidly expanding enterprises’ technology footprints. More and more of our artificial intelligence ecosystem is unfolding in the cloud. And, of course, data is at the heart of these and many other advancements.

Data governance has long been important, but it will take on supreme importance in the years to come based on these and other factors. In the era of ongoing digital transformation, governance of enterprise IT is imperative to streamline processes and operations, assess and address risks proactively, align IT with business strategies and goals, comply with expanded regulatory requirements and maximize ROI on technology investments. Governance frameworks are needed in order to incorporate all essential parameters into transformation projects, with security considerations becoming increasingly important among them.

Technology-driven transformation projects bring tremendous opportunity, but they can be difficult to pull off, especially since many companies are not equipped to move as quickly as they would like from the standpoints of privacy, risk and security. According to CIO.com's 2020 State of the CIO survey, 46% of organizations don't have either a chief security officer (CSO), chief information security officer (CISO) or top security executive, and if they do, the people in those roles are often stretched perilously thin given the demands of the job. Even the organizations that are fortunate enough to have a strong CISO in place often struggle to find qualified practitioners to fill open roles, leaving enterprise security teams unable to keep up with the ever-widening threat landscape.

Adding to these entrenched challenges faced throughout the security industry are the newer impacts of COVID-19, with which we are still attempting to come to terms. Organizations, the vendors they work with and customers are under enormous strain from the economic fallout related to the pandemic. This could result in changed baselines and expectations when it comes to security. For example, how will the budget cuts many enterprises are facing affect their security teams? Will vendors still have the resources they did previously to devote toward security? Will third parties still do the same level of due diligence to the sub-vendors upon which they rely? These changes often take place abruptly and, if not properly monitored by robust governance, can have a profound impact on enterprises’ security postures.

To continue reading this article register now

Microsoft's very bad year for security: A timeline