During the past few years, Forrester has been studying firms that are future-ready, or those who have developed their technology strategy to support their company’s customer-focused business plan. There are three categories of IT organizations: Modern tech orgs develop to act as partners, focusing on customer value and delivering end to end on cloud and other platform architectures using continuous delivery. Future fit tech orgs further modern tech strategies by focusing on flexible platforms and shared accountability. Traditional tech orgs are driven by cost, act as order-takers, and typically follow waterfall methodologies.

What role does security play in this framework? If your company’s technological organization is fragmented, out-of-date, and waterfall (conventional), chances are good that your security staff won’t be either.

On the other hand, imagine that your technology department is working to become more innovative, flexible, and robust (future fit) and that your security staff isn’t keeping up with that. In that circumstance, the transformation of the technology organization is being slowed down by your security staff.

Our most recent research directly correlates future fit technology and security maturity, showing how future fit organizations score higher in security maturity assessments than modern or traditional ones. Other findings from recent and upcoming research include the following:

Future fit tech orgs secure what they sell. Teams that embed security throughout the product lifecycle provide a trusted foundation and better protect the products and services that the business sells. Future fit tech organizations noted that their security teams were more likely to be involved in the early and late stages of the product lifecycle. In addition, future fit tech firms were more likely to appreciate the security team’s impact as critical to product success.
Traditional, modern, and future fit tech orgs prioritize security initiatives differently. When asked to prioritize security initiatives for the upcoming year, traditional tech firms were more likely to focus on the basics such as cloud migration and security operations than their modern tech and future fit tech peers. By contrast, future fit tech firms have been successfully addressing the basics and were more likely than others to prioritize strategic initiatives like communications, metrics, and reporting.
Future fit CISOs are more customer-facing. Today’s CISOs fall into six archetypes, but one of them — the “customer-facing CISO” — is particularly aligned with the future fit technology mindset. CISOs from future fit tech organizations were more likely to characterize themselves as sales leaders and revenue ops leaders and were much more likely to be involved in customer success.
Please join us on March 30 for our webinar, Your Security Organization’s Journey To Future Fit, where we will discuss these trends and relationships in more detail and offer guidance on how to evolve your security team to support your organization’s future fit initiatives.