What does the future hold for enterprise security? What will programs, roles, technologies and policies look like in five years or so?
Prognosticating can be tricky, especially in such a fast-changing digital environment. But part of the security executive's job is to not only keep up with the latest developments, but also to anticipate what might come next so companies can prepare to handle challenges. CSO interviewed security executives about the future and where they see their discipline headed. Here are some of the major trends they expect to see.
Changing role of the security officer
There will be a continued convergence of physical and cybersecurity, and this will affect the role of the security executive, says Roland Cloutier, CSO at ADP, a provider of human resources, payroll, tax and benefits administration services.
"The management [issues] of physical investigatory and cybersecurity functions are so interrelated that it just makes sense to have a single management function that has appropriate transparency and oversight," Cloutier says. "We will still have global metrics for all those [security] service areas and there will still be service silos," but they will all be managed under one department, he says.
"I believe that's where the [corporate security] world will be headed, and it's already in the nascent stages," Cloutier says. "This has been a topic for security executives in the last few years, but now we're seeing large organizations heading down that path."
Many companies will consolidate the CSO and CISO functions, Cloutier says. But that won't reduce the importance of either physical or cybersecurity, and the people in that role will need to be experts in all aspects of security.
Regardless of what title these individuals hold, the important factor is that all security and risk management will be under one roof. "We will not have competing security executives on either side of the house," Cloutier says. "You'll have one individual or entity that is required to make risk-based decisions for the organization."
Future security leaders will be more technically inclined than they are today, Cloutier predicts. "We've spent a lot of time saying that security executives need to understand the business or have leadership skills," he says. "But I don't think you can [perform] this role in the future unless you have an incredible knowledge of technology."
At the same time, security chiefs will need to assert themselves as business leaders. "As the C-suite continues to recognize the importance of security, and that it must be an integral part of holistic business strategy, heads of security need to be more a part of the decision-making process for the business as a whole," says Richard Greenberg, information security officer at the Los Angeles County Department of Public Health.
Sign up for CIO Asia eNewsletters.