“Business thinks IT has a crystal ball, but the truth is the CISO doesn’t always know what’s going on.”
#5 Cybersecurity mesh
Leading on from the last point is Gartner's concept of the cybersecurity mesh, a framework of tools that work together to build a comprehensive security posture.
The company's exact definition is "a collaborative ecosystem of tools and controls to secure a modern, distributed enterprise."
Vendor consolidation will help with this a little, but really - especially for SME firms without a dedicated security team - you should look at tool consolidation to drive operational efficiency.
Action plan:
- Focus modernisation efforts on composable security tools.
- Evaluate products that are interoperable through established and emerging standards.
- Evolve your IAM infrastructure to operate as an identity fabric.
Open APIs are Furtado's personal bugbear when it comes to interoperable tools.
"An open API is not a connection. An open API is work for you… If you think you're using a leading product and you've got a vendor that you want to bring for that, it's great. They have an open API? You're not in development ops. They've got the resources, leverage them to build those interfaces for you."