The coronavirus (COVID-19) pandemic has affected CISOs and other security and risk management leaders worldwide. Now, these leaders are increasingly developing and implementing security projects designed to simultaneously minimize risk and support remote workers.
Gartner cited the following security projects as top 2020-2021 priorities for security and risk management leaders:
1. Remote Workforce Security
Risk management and security leaders must understand business requirements and how end-users and groups access data and applications. Then, they can determine if access levels are correct and if any security measures are inadvertently impeding employees' ability to get work done remotely.
2. Risk-Based Vulnerability Management
Many security vulnerabilities can affect global organizations, and risk management and security leaders should focus on exploitable vulnerabilities and use threat intelligence to understand organizational risks.
3. Extended Detection and Response (XDR)
With XDR, risk management and security leaders can leverage multiple security products via a single solution to understand security issues and find ways to improve their organizations' security outcomes.
4. Cloud Security Posture Management
Common controls across infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) and automate assessment and remediation across their cloud applications can help risk management and security leaders optimize their organizations' cloud security posture.
5. Seamless Cloud Application Controls
A cloud access security broker (CASB) can help security and risk management leaders maintain real-time cloud access controls and streamline user access.
6. Domain-Based Message Authentication (DMARC)
Thanks to DMARC, security and risk management leaders can leverage an email authentication policy to add a layer of trust and verification to an email sender's domain and mitigate the risk of domain spoofing.
7. Passwordless Authentication
Employees may use the same password for multiple accounts, which can cause a wide range of security problems. With passwordless authentication, security and risk management leaders can deploy biometric authentication and other identity and access management (IAM) solutions to improve security and enhance the user experience.
8. Data Classification and Protection
Security and risk management leaders can establish data classification and protection policies and definitions to ensure that all information across their organizations is properly stored, secured and managed.
9. Workforce Competencies Assessment
If security and risk management leaders use cyber-ranges and other assessments to analyze workers' security competencies, they can ensure that the right employees with the right skills are put in position to succeed.
10. Automated Security Risk Assessments
Risk assessments can be automated to help security and risk management leaders quickly identify security gaps and address them before they escalate.
Security and risk management leaders should determine which security projects will consistently drive the most business value and reduce risk, Gartner stated. In doing so, these leaders can verify their organizations are well-equipped to keep pace with a constantly shifting security landscape.
