CISOs are seeking opportunities to contain the costs of their cyber security programs. This follows a period of significant investment in cyber security, during which organizations rapidly matured their cyber security capabilities to maintain pace with the evolving threat landscape. The transitioning of funding, from investment budgets into operational budgets, has resulted in greater scrutiny on program operational effectiveness and efficiency.
The urgency of cost takeout has recently been exacerbated by the COVID-19 global lockdowns. Many businesses have experienced a significant drop in sales, and are now struggling to manage their cost base. Businesses must streamline their operations and cyber security programs cannot expect to be shielded from this—despite the rise in fresh threat vectors associated with virtual working and the emergence of some opportunistic adversaries.
A core component of all cyber security programs is Identity and Access Management (IAM). Over the past few years, significant investments have been made in this space—resulting in regulatory pressure, incidents involving inappropriate access rights, and CISOs effectively articulating the commercial benefits of a leading IAM capability. This investment has taken various forms but typically involves buildout of tooling and processes. In many instances, this expansion was done piecemeal (an inevitability associated with annual budgetary processes). Wherever there is fragmentation, unnecessary complexities, or underutilized resources in the IAM capability, there is opportunity to create efficiencies.