By Matt McKinley, US Director of Product Management, Stonesoft
The MSPAlliance welcomes a guest post from Stonesoft, Inc. (www.stonesoft.com), a global provider of network security solutions to MSSPs, enterprises and government organizations.
I recently had the opportunity to sit down with CISOs representing seven well-known U.S. enterprises. Our goal was to have a casual discussion about what’s really keeping them up at night.
Many of us in the network security industry – especially on the vendor and MSSP side – think we know the answer to this question. We’re constantly thinking about the next solution or offering, and how we can get in front of the trends emerging in the threat landscape. However, one thing I took away from this conversation is that it’s not always about the next big threat. Many of these CISOs’ top concerns and priorities are about challenges that the industry has been trying to solve for years – like streamlining compliance.
It was a reminder that MSSPs and network security vendors must find a balance between being ahead of the game, and being committed to continuous solution and service improvements. As for what’s keeping CISOs up at night, here are a few firsthand responses:
- Mobile devices. Bring-your-own-device (BYOD) is a rapidly growing concern, affecting almost every organization. Most executives expressed challenges with balancing between controlling access to data and internal services with growing demand by employees for mobile use in the workplace.
- Identity management. The cloud brings with it a loss of control by the IT department in managing user access. Single-sign on (SSO) to SaaS offerings is a challenge for most organizations, particularly top U.S. corporations where hundreds of individual departments are demanding access to new cloud-based applications.
- Regulatory pressure. Governance requirements from federal and industry standards organizations continue to drive increased costs from labor and tools to achieve compliance. Increasing granularity of the reporting requirements for HIPAA, GLB, Sarbanes Oxley and other industry or application specific guidelines, such as PCI, increase overall IT costs for the organization.
- Threat profiling. Threat management, rather than mere identification and prevention, will always be a top priority. The new goal is to be more proactive than reactive. This means identifying threats as they emerge and taking steps to stop unwanted activity in advance of a breach through threat profiling.