5 factors for success in cybersecurity projects among shifting priorities

Image: Rick_Jo, Getty Images/iStockphoto

Cybersecurity and regulatory compliance have become two of the biggest concerns of corporate boards. When it comes to the impact of the COVID-19 pandemic and the new realities of employees working from home, many businesses have been forced to reassess many of their IT assumptions and priorities—especially those around cloud cybersecurity projects.

SEE: Security incident response policy (TechRepublic Premium)

What is cloud security?

Cloud security involves using technologies, policies, controls and services to protect data, applications and infrastructure from threats. This is accomplished by delivering hosted services, such as software, hardware and storage over the internet. Often cloud cybersecurity is part of a hybrid cloud or multicloud infrastructure architecture designed to address advanced cloud cybersecurity challenges such as lack of visibility and tracking, ever-changing workloads and cloud compliance and governance.

Top cybersecurity priorities 

Almost 20% of the world's workforce is expected to continue to work remotely post-COVID-19. As a result, Gartner sheds light on the top project priorities for security and risk management leaders in 2021 and beyond, including these five. 

1. Cybersecurity mesh that enables the distributed enterprise to deploy and extend security where it's most needed.
2. Cyber-savvy boards, dedicated committees that focus on discussing cybersecurity matters.
3. Vendor consolidation, as a way to reduce costs and better security. Almost 80% of organizations are planning to adopt a vendor-consolidation strategy.
4. Identity-first security now represents the way all information workers will function, whether they are remote or on-premises.
5. Managing machine identities focuses on establishing an enterprise-wide strategy for managing machine identities, certificates and secrets for more secure digital transformation.

While the COVID-19 crisis impacted people's personal lives and security, it also struck corporate, institutional operations and each technology provider that supported them. The cybersecurity spillover has now reached technology providers—making their roles more difficult. 

SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)

Technology providers are also being challenged to rethink their strategies and solutions to get ahead of incidents and threats. Project budgets are being stretched or completely bypassed to keep up, and throughout project execution, continuously monitoring customers' needs and shifting priorities is becoming all in a day's work. 

McKinsey's findings throughout the pandemic also showed these realities in shifting priorities playing out in many ways, including the following:

• The rerouting of resources previously designated for a security-automation project to cover gaps in multifactor authentication.
• The postponing of cybersecurity war games and the diverting of resources to accelerate the rollout of a VPN.
• The delaying of red team exercises to close vulnerabilities in remote-work applications.

As more of these companies adopt security controls for cloud-based business functions, McKinsey anticipates budget increases within specific segments such as financial services and insurance industries.

SEE: Research: Video conferencing tools and cloud-based solutions dominate digital workspaces; VPN and VDI less popular with SMBs (TechRepublic Premium)

How successful companies will be in making these cybersecurity projects shifts will be dependent on these factors. 

1. Developing and maintaining a cyber-resilient culture.
2. Maintaining focus on protecting critical assets and services.
3. Maintaining a balance in risk-informed decisions. 
4. Updating and practicing responses and business continuity plans throughout a new normal.
5. Strengthening ecosystem-wide collaboration.

Company and security experts will need to be closely aligned in their approach and priorities to meet the challenges that exist and lay ahead effectively. 

Also see

• Ransomware attack: Why a small business paid the $150,000 ransom (TechRepublic)
• Expert: Intel sharing is key to preventing more infrastructure cyberattacks (TechRepublic)
• How to become a cybersecurity pro: A cheat sheet (TechRepublic)
• Security threats on the horizon: What IT pro's need to know (free PDF) (TechRepublic)
• Checklist: Securing digital information (TechRepublic Premium)
• Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)