Don't try to do too much or too many things at one time. Look in for what is critical for you and your company. Put up a list of your 10 most sensitive information and then put the needed security controls for those ones before spreading all over the place. If you do that, you should be in good shape.
How do you manage to overhype of technologies by different security OEMs?
OEMs by all definition during my interaction with all OEMs as long as you are straightforward and candid about what choices you make, I have not had challenges. When I picked the DLP of the security vendor, the second in line vendor I made it very clear and explained them the reasons why I picked the vendor, and they were fine with it.
It depends on the comprehensive comparison you do before making the final choice. OEMs will sell that it is best for them. If the requisite knowledge of the subject and if you can communicate the same to the OEMs, then hype does not really impact you much.
A product is a product only at the end of the day. It is the capability of your IT team and business plans on that you can built on it and extract the best out of it. All the hype they do we can counter them with detailed knowledge and they go back with happy mind.
What fear factors will exist in 2016? Do you see rise of insider threats.
I would go with the old convention that insider threats can cause a more fatal impact. If an organization is operating with few information or IT people and their integrity is a question. That it can create more havoc than some external threat. We see internal threats to continue big time .But supplemental to that things like ransomware will rise. I see many companies already impacted and we don't see any reduction in that aspect in future.
Sign up for CIO Asia eNewsletters.