Many chief information security officers view their responsibilities through the National Institute of Standards and Technology’s (NIST) model of Identify, Protect, Detect, Respond, and Recover. There’s been a focus on detecting and responding to endpoint threats over the past few years, yet new priorities are arising: migration to the cloud, new heterogeneous devices, and custom applications, all of which have greatly expanded attack surfaces.
I recently spoke with seven CISOs. Many are from the Fortune 500, and several are influential in the startup community, advising for YL Ventures. What follows is a recap of their top five concerns and two-year spending priorities:
1. Identity Management in a Multicloud World
The old days of breaching a network’s perimeter technologies and slowly hacking laterally across systems is less of an emphasis thanks to the cloud. With stolen credentials, a device is often one hop from accessing the crown jewels of privileged data in the cloud. Microsoft Corporation CISO Bret Arsenault strikes at the heart of the matter. Today, he says, “hackers don’t…
