It’s not easy being a CISO these days, Threats are everywhere, thanks to external (hackers) and internal (insider threats). Sensitive data, including financial and customer data is stored in data centers, workstations, mobile devices, and cloud infrastructure and maintaining these systems is not easy-going. Industry rules and government regulations are tougher, and malicious hackers are finding new ways to infiltrate into the internal networks, subvert into IoT, and harm the workplace via phishing scams and malware or ransomware. In the meantime, you need to convince customers, insurers, and regulators that your products and services are secure.

For the CISO, this translates to set a big picture of priorities such as maintaining customer trust and keeping the organizations name out of the headlines. In order to accomplish these priorities, there are essential areas where security executives will spend their time, and money in 2019.

1.Develop a culture of security
The culture must go hand-in-hand with policies and best practices. Every single person within the organization has some responsibility for security. CISOs should emphasize the drive toward rapid development using cloud technologies.

2.Security and Risk Management
Governance and resource requirements, security frameworks, data protection, training and awareness, insider threats, third-party security practices as outsourcing increases.

3.Cloud Services
Cloud strategy, proper selection of services and deployment models. Scalable and elastic IT-enabled capabilities provided as a service utilizing internet technologies

4.Gain threat visibility across all platforms
You cannot secure what you cannot see. Implementing a Common Operational Picture (COP) within your enterprise so the organization has complete visibility of what data is coming throughout the network egress and ingress points. Having data spread across multiple tiers of applications and cloud services, and sometimes out on unauthorized services has greatly impacted the CISO’s ability to have unified visibility.

5.Grasp the perimeter
Thanks to cloud computing, mobile devices and IoT, the perimeter is an archaic concept. The operations teams both security and IT need to change their assumptions about traffic, trusted users and the idea that there is a single demarcation point between public and private clouds. CISOs are now faced with new tactics for managing those perimeters. Some of the options they are dealt with are: new identity and access management systems that consolidate identities across the enterprise and into the cloud, next-gen firewalls, and attack detection and analysis systems that can advert refined hybrid attacks.

6.Manage security in the cloud
Employees find it convenient to store and share confidential business information on free file sharing platforms like Dropbox, OneDrive or Google Drive. For example, let’s say an employee based out of Los Angeles starts to access the company’s cloud-based enterprise financial management from overseas, and processes financial transactions five times higher than normal. CISOs are now investing in systems that can detect these kinds of attacks and take steps such as forcing the use of two-factor authentication and a robust identity and access management strategy.

7.Align SecOps with IT operations
SecOps often focuses on IT Ops to achieve their goals. SecOps establishes policies, identifies vulnerabilities and any misconfigurations, and then pushes IT Ops to apply patches, utilize baseline configurations and drive updates through the change and control process. CISOs should include DevOps into the conversation as well for when IT Ops must choose between applying patches that SecOps needs and delivering critical applications and infrastructure that DevOps needs. CISOs should expect them to prioritize what DevOps needs. This is a matter of conflicting priorities, limited resources and supporting business growth.

To learn more, visit us at