The third change is that CISOs always sold security in negative connotation like that if you don't do this this will happen. But things have changed now. It is sold to the board as 'the value of this information is x and hence I need the money to protect it'.
Any suggestions for CSOs / CISOs to follow while working with technology OEMs.
CISO need to be worried about a clear product roadmap from technology OEMs. Unfortunately the' product road maps of many of them change frequently due to M&As,exiting business lines etcetra. Any investment in security on long term has to be attached to the product strategy. You see the problem for example McAfee Softlayer got modified and they sell their SIEM or be it security analytics of RSA. These product vendors changing the product strategy rapidity impact the investments by end user organizations.
Companies buying security product often expect the product itself to give the solution. Unfortunately the product cost to services ratio in India is negligible. Whereas globally, it's more on making the product to deliver what you want than the product itself. Unlike ERP with standalone functionality, security is completely driven by business and its requirement. The product has some capabilities but not all features and IT team needs to spend enough time. For example, Installing DLP on the system will throw thousands of alerts and you say that the product is not good. Security solutions require humongous alignment of the product to your business.
More breaches means more demand for security solutions.
The current scenario of more breaches leading to consumption of more security solutions will undergo change. More than breach, security will be the business enabler for the company's growth. For example IAM is not only for breach or control but it enables better business through reduced cycle time, improved controls. That's what we expect in the future. However for the next couple of years, we do not see the instances or breaches reducing in countries like India.
Source: Computerworld India
Sign up for CIO Asia eNewsletters.