By Jonathan Nguyen-Duy, Vice President, Global Field CISO, Fortinet
The role of a CISO now consists of much more than just risk management and compliance. CISOs are now routinely consulted on business issues because digitized business processes are critical to any enterprise’s success, so cybersecurity is therefore a board-level concern. Indeed, cybersecurity is at the heart of most enterprise businesses because of e-commerce and the digital marketplace. For example, e-commerce, whether business-to-business or business-to-consumer transactions all depend on consistently good user experiences to deliver business outcomes. And this requires consistently good networking, security, and computing performance. Many organizations’ leadership teams recognize the business value of cybersecurity that comes from its ability to enable trusted communications and better user experiences. It’s now clear that enabling responsive computing operations is key to ensuring consistently good user experiences.
In short, today’s CISO’s role is no longer just about protecting the organization from cyber threats. The CISO is now a key business enabler and leader, tasked with managing risk and delivering business value. Below are suggestions for how CISOs can help generate better business outcomes for their organizations.
Tip 1: Consolidate to Drive Responsive Operations
There’s widespread agreement that more tools from more vendors is not a viable approach to addressing today’s broad array of cyber risks. Indeed, in most cases, multiple vendor relationships with the associated multiple training requirements, license management issues, consumption models, management consoles, and integration requirements, only add greater complexity and costs. Today, most CISOs are rationalizing their legacy investments from several dozen vendors, down to six to eight platforms around which their teams will build the automation for identification, protection, prevention, detection, response, and recovery. Vendor consolidation drives more consistent and responsive networking, security, and computing performance creating better user experiences.
Tip 2: Digital Experience Monitoring for Better Performance
As mentioned above, a key way CISOs can enable the business is by creating exceptional user experiences. A digital experience monitoring (DEM) solution provides IT teams with end-to-end network and application performance monitoring that helps improve digital experiences.
Because of the increase in remote work and the migration of applications to the cloud, many organizations are struggling to identify the root cause of application performance issues and traditional monitoring tools simply aren’t up to the task. This is where a DEM tool can add significant value as it unifies data and helps teams to better understand networking, security, and cloud issues that may create latency in business processes, as well as see compute in terms of the cloud, figuring out CPU usage, and comprehending storage capabilities. Therefore, a good DEM solution can help IT teams spot potential problems at any point—across networking, security, and computing. This provides proactive visibility to mitigate issues that would otherwise lead to performance degradation.
Look for a DEM monitoring platform that gives your operations team good end-to-end performance visibility across networking, security, and computing. A good DEM solution should provide the ability to observe applications and services, from multiple vantage points, across any network, and even the infrastructure on which the application is hosted. Also look for features that unify and consolidate the monitoring of endpoints, network devices, infrastructure, applications, and cloud services with a single management console.
This capability enables the organization and the CISO to move from being reactive to being more predictive and proactive. Now, they can identify certain times of the day or times in the year when the network is going to need to scale up to enable customers to easily access applications.
Tip 3: Demonstrate the Value of Security
DEM product usage is something that is happening consistently today because there is now an understanding that user experiences determine business outcomes. DEM solutions provide CISOs with the ability to demonstrate tangible results by showing how performance improvements lead to more brand interactions, e-commerce transactions, and new growth. You can really see this value over time after you’ve implemented solutions such as SD-WAN, zero-trust network access (ZTNA), and secure access service edge (SASE).
With these types of products, CISOs can demonstrate tangible ROI in the form of fewer failed logins for better help desk productivity, which can be readily monetized. In addition, proactive network management means fewer network disruptions, which means more e-commerce transactions and revenue. Better user experiences can also be measured by better collaboration, or they can measure things over time like what’s the meantime for DevOps, from code conception to launch. These are types of things that CISOs can do today to demonstrate the value of cybersecurity.
After meeting with many CISOs and IT teams early this year, I have found there is universal agreement that it’s all about the user experience. Perhaps it’s best expressed by this popular industry axiom: “The quality of service equals the quality of experience, and the quality of experience equals business outcomes.”
This statement reflects the trend that began during the pandemic. Now, everyone expects to be wowed with every interaction they have with a brand. People are demanding greater levels of customization and personalization, along with better security and privacy. There is an expectation that the data consumers generate be collected, stored, and handled by enterprises in a responsible manner. Of course, the main reason organizations want to hold data responsibly is that they need it to continuously enhance user experiences.
CISOs should keep cybersecurity as a main area of concern. However, they should also be working to maintain the quality of experience, the quality of service, and the quality of business outcomes. It’s important to be compliant and have strong risk management, but that can be negated if CISOs don’t deliver the outcomes. It’s all about the results.
Today, for CISOs it’s not just about the security threshold, managing risk, and being compliant with regulations. At the end of the day, CISOs have to enable the business as well.