The top challenges facing CISOs in 2023 will be consolidating their organizations' tech stacks, protecting budgets, and reducing risk.
FREMONT, CA: In 2023, the most severe difficulties for CISOs will be consolidating their organization's technology stacks, defending their budgets, and decreasing risk. It is essential to determine which security technologies provide the most value and to establish spending limits.
Forrester's 2023 security and risk planning guide offers CISOs prescriptive recommendations on what technologies to invest in, which to expand and defend, and which to reduce.
Forrester advises CISOs to fund proofs-of-concept in four emerging technology areas: software supply chain security, extended detection and response (XDR) and managed detection and response (MDR), attack surface management (ASM) and breach and attack simulation (BAS), and privacy-preserving technologies (PPTs).
START WITH BUDGETARY COMPARISONS FOR SECURITY
Forrester categorized them into two groups among businesses, with more than 20 percent of their IT budget spent on security. Cloud security spending grew the fastest for firms with security budgets of less than 20 percent of overall IT budgets, according to Forrester's 2021 security study.
THE MIGRATION OF SECURITY PORTFOLIOS TO THE CLOUD IS OCCURRING TOO SLOWLY
Enterprise infrastructure leaders in the United States have migrated 45 percent of their application portfolio to the public cloud and expect 58 percent to do so within two years. Public cloud platforms are also estimated to host most enterprise security workloads. Forrester's poll, however, finds that security and risk management professionals must catch up in moving more security workloads to public clouds.
COMPANIES' SECURITY BUDGETS ARE HEAVILY RESPONSIBLE FOR ON-PREMISES SECURITY SOFTWARE
Forrester integrated maintenance, license, and upgrade charges with new investments in on-premises software. In businesses that allocate less than 20 percent of their IT budget to security, 41 percent invest in on-premises security software. Security consumes more than 20 percent of a company's IT budget, and on-premises systems consume 38 percent.
SECURITY SPENDING IS ROUGHLY 25 PERCENT ON SERVICES
Security expenditures are rising due to the difficulty of integrating and utilizing internal security measures. According to Forrester, organizations are turning to managed security services providers (MSSPs) to decrease costs, address the skills gap, and augment understaffed security teams. Cloud security uses will increase, increasing the demand for specialized skills and driving spending on services security.
INVESTING IN SECURITY TECHNOLOGIES DURING 2023
The global threat landscape is a source of continuous, real-time risk for any firm. Investing in cybersecurity is, therefore, an investment in continuing business operations and risk management. The two factors force CISOs to eliminate systems that cannot keep up with real-time threats from their technology stacks.
On average, a cyber attacker travels laterally within a network in one hour and 58 minutes using a compromised endpoint. Expect to see historical security software inventories integrated into the current wave of new technologies. Forrester advises CISOs to invest in which are listed below:
API security: CISOs must adopt a least-privileged-access approach to API security that restricts sprawl and is compatible with their zero-trust architecture.
Zero-trust network access (ZTNA): Virtual teams drive ZTNA popularity, the exponential increase in endpoints they create, and the infrastructure required to serve them. Forrester notes that the convergence of networking and security capabilities continues to drive ZTNA adoption following the principles of zero trust and zero-trust edge (ZTE) models.