2020 might deliver a Silver Linings Playbook for security
Earlier this month I attended the Security Insight Summit in Greensboro, GA. As is always the case with these events, I learn a great deal from chatting with CISOs and security executives from a variety of enterprises, but there was something else that stood out at this show – a general feeling of optimism associated with pursuing data security initiatives.
I believe the renewed sense of optimism stems from an unlikely source: the growing number of data privacy regulations being passed worldwide. With the California Consumer Privacy Act coming into effect in less than a month, security executives are now empowered to find the finances and resources necessary to ensure they are fully compliant with CCPA and ready for additional legislation ready to be passed in other parts of the world.
Getting past politics
One of the most notable changes in the conversations I had with executives at this show was around organizational politics as a barrier to getting security initiatives approved and off the ground. While in the past these politics stalled or derailed projects, I heard more executives talk about a greater and broader understanding of security initiatives among their executive level peers, particularly Chief Data Officers (CDOs) and Chief Information Officers (CIO). It represents an easier path to executive buy-in and beyond that, Board-level buy in that we haven’t seen before (or haven’t seen so consistently before).
Certainly, the cascade of data privacy legislation has contributed to this detente among departments. It is no longer a ‘nice to have’ but a ‘must have’ for enterprises to understand what data they have, where it lives, and how it is secured. As organizations mature regarding their security stance, I believe we’ll continue to see better alignment between CISOs and CDOs. In fact, I think it’ll be one of the top data security trends the market will see in 2020.
But as significant as this trend is, there was another area where executives express optimism.
Moving toward a security culture
For years, our customers have told us that one of the biggest obstacles they have in implementing a truly effective security strategy is that it requires a shift in corporate culture. Security must be seen as a priority by every employee – not an easy task.
Since GDPR was implemented, consumers have become more aware of (and educated about) how enterprises interact with their data. They want to know how it is used, shared, sold and protected. This consumer awareness has translated to the enterprise, with employees becoming more mindful of how their organization uses and protects data. Security culture has finally started to move beyond a static, once yearly ‘check in’ with employees to an ongoing practice that employees think about throughout the year. When you think back to where we were five or ten years ago, that’s an incredible turnaround.
Much of what is written about security (and about data security in particular) is negative. With new, significant data breaches occurring daily, it’s not hard to doubt that enterprises can successfully address their security challenges.
But as I’ve written here, I believe the tide is starting to turn, which is cause for a positive outlook as we move into 2020.
Let’s be clear – we have more work to do, but with legislative mandates and consumer pressure, we may see more success in 2020 than we have in a while.