Yesterday, we kicked off the first day of Gartner’s Information Security Summit (#GartnerSecurity) in Washington, DC with Chris Byrnes’ keynote, “Your Role in Information Security.” A major theme throughout the presentation was the growing emphasis on business risk management globally. Gartner predicts that in the next 18 months, the amount of legislation and regulation affecting information security will double, increasing the focus on IT risk management even more than today.
With that in mind, Chris told the crowd of several hundred that the objective of IT security professionals should be “to translate the risk appetite of the business into effective and efficient controls that minimize business impact, and to assure the continuity and effectiveness of those controls.” A consistent theme of Chris’ speech was that IT security professionals will need to acquire new business-oriented skills – things like presentation, relationship management, and process management skills. IT security will be called upon more and more to bridge to the business, including executive management and the board of directors, so that collectively organizations can make the right decisions to manage risk.
At SailPoint, we’re already seeing this evolution take place with our clients. At many companies, CIOs and CSOs are heavily involved in risk management discussions. And they’re looking for products, like SailPoint’s IdentityIQ, which allow them to manage technology with the help of the business side of the house. The more this happens, the closer we’re getting to real technology and business risk management.