CISOs can work with their board of directors and executive risk committee to help their organizations redefine risk. (We have a lot of guidance on how to kickstart those conversations and mature them.) This approach can help reduce upward demand pressure by focusing on critical business assets and services. CISOs can also drive conversations around reducing risk by phasing out certain business services, products, vendors, and even whole classes of technology.
Increasing resource efficiency can be a very effective technique for getting more out of your supply. For organizations still using on-premises technology, this can mean moving to cloud-based systems with strong security designs and defaults. This is also where approaches to improve employee training, adopting more modern tools, and shifting to automation and orchestration tools can help.
Leaders can also accept that they will run a supply-side deficit, which comes with its own risk calculations and risk management techniques. Management must be on-board to operate in this way, and the risk debt should be paid down (and at the very least discussed each year) but some organizations have made this approach work for them.
This is an interesting time in cloud development. Generative AI is motivating organizations to rethink their approaches to technology and security. We have a big opportunity to change how we approach security and the building of secure products, and this extends to rethinking how we approach security budgets.
For more leadership guidance from Google Cloud experts, please see our CISO Insights hub and contact us at Ask Office of the CISO.