Industry Perspectives

Conversations with the SBIC: How Industry Priorities Inform Security Agendas (Pt. 2)

May 19, 2016 | by RSA |

In my previous post, I shared a few of the key priorities the security leaders that comprise the Security for Business Innovation Council (SBIC) share in common. But council members' industries span everything from manufacturing and financial services to defense and retail. And while all security issues are on their radar, it's only natural that industry-driven priorities often top their security agendas. For example, supply chain security is a particularly pressing topic for global enterprises while achieving the right balance between security and user experience is weighing heavy on the minds of players with consumer business models.

Illustrating why securing the global supply chain is a growing concern for business models that heavily leverage outside vendors, a long-time council member said, "With no global standard for defensible diligence in the supply chain, a company has the potential to be liable for members of their supply chain with radically different levels of security maturity."

Another SBIC representative expanded this idea even further when you look at the growing number of connected devices that will require unique looks at security. "In the next ten years it's not just going to be your mobile phone and iPad, and laptop, it could be your watch, your coat, television, or car. How do you protect things that haven't had to be secure before?"

Industries with a consumer aspect to their business face the challenge of balancing the fundamental requirement for ongoing security with the need for customer ease of use. This is of particular importance in the financial services sector where consumer acceptance is part of the competitive landscape. In a business that face this issue regularly, a member commented, "Achieving balance between consumer expectations of 'owning your own identity' and ease of use with enterprise security and competitive business concerns is a priority."

Another SBIC contributor finds there is an overlap in managing identity management and supply chain security. "We use a domain model; identity, authentication, and monitoring are vital for us. We need to the best ways to control remote access from employees as well as suppliers who often have different security standards and levels of maturity."

Our discussions with SBIC members were insightful and we look forward to having them share more in-depth looks into these topics in the coming months.

In the meantime, you can check out more of the SBIC's perspectives and guidance.