Identity and ‘Winnable’ Cybersecurity Battles in 2017

I recently read Forrester’s cybersecurity predictions for 2017 (subscription required). There were three key predictions that stood out to our market:

  • Changes in the healthcare industry will put healthcare providers in attackers’ crosshairs: The consolidation among healthcare providers tends to result in the combined infrastructure becoming pretty fragmented, with highly variable levels of security. When you combine that with how valuable patient data is to data thieves (complete personably identifiable data plus financial information), the ROI that attackers get from targeting healthcare providers is very high.
  • The skills shortage combined with budget constraints will continue to be a hot button issue for CISOs: Getting the right talent in house is no easy task – we face it ourselves at SailPoint. We value smart, hard-working people but we also look for those people that exemplify our ‘Four Is’ philosophy (something our CEO Mark McClain writes about often). Forrester estimates that CISOs will be forced to allocate 25% of their budget in 2017 to external expertise and automation to make up for the skills gap/technology gaps in their infrastructure.
  • Choose your battles wisely – and make them ‘winnable’. Forrester suggests that enterprises should ‘assume failure’ and execute based on how detection, prevention and response can work together.

Can you guess which of these three takeaways struck me the most?

If you guessed “choose your battles wisely and make them ‘winnable’” – then you’d be 100% correct.

Admittedly, there are a million threats out there that security teams need to be both aware of and ready to defend against. And while I agree that there will always be a challenge related to budget, finding and retaining the right talent, and staying a step ahead of the threat landscape, there is one thing that enterprises can do to feel empowered going into 2017: put identity first.

It’s very clear that traditional network security measures for protecting an organization’s sensitive assets no longer suffice. Identity is the single thread across the complex IT ecosystems that we all leverage – and that thread weaves the story of who has access to your applications and data, what can be done with that access, and whether they should have it in the first place. For this reason, securing identities is the most crucial element in ensuring the security of your enterprise.

At the same time, we believe SailPoint is a business enabler – and this is a great example of why. If organizations put identity first in their security strategy, they’re in a better position to focus more of their resources on other efforts, thus addressing that skills shortage. Think of it this way: if you make identity management a priority, you’ll have the power to do more in 2017. You’ll be able to embrace new technologies; streamline the delivery of access; simplify compliance. All while improving your company’s security posture.

In my view: it’s not about choosing ‘winnable’ battles, it’s about choosing the right armor.