Duncan Brown                                   
Research Director, European Security Practice
Read full bio  @duncanwbrown

Last week I attended IDC’s Digital Summit, an annual event hosted in Paris involving digital aficionados (Chief Digital Officers, marketing chiefs, and so on). It was a lively affair, enhanced by the surroundings of the Piscine Molitor and rooftop views of the Eiffel tower.

Being the ‘security guy’ at IDC has its appeal – security is a highly dynamic market with lots of changes in the vendor landscape and multiple challenges for enterprises, so it’s easy to keep busy and interested. However, delivering security is a tough challenge for most companies, as they are faced with numerous new and emerging threats, a shifting regulatory environment and pressures to secure funky new business innovations that fall under the broad digital transformation umbrella. Listening to CISOs discuss their day-to-day challenges can be a bit like a council of despair. It’s always a tad gloomy.

So the most striking thing for me at our Digital Summit was the degree of positivity and optimism displayed by the delegates. This group of individuals is responsible for introducing innovation to their organisations, and so it is to be expected that they are dynamic and engaging. They were delighted to share with me their plans and programs for introducing all sorts of leading edge technologies, like wearables, drones and robotics. Until, that is, they discovered that I was the ‘security guy’. “Ah,” they said. “You’re the guy that stops us from doing things.”

And here we have the perfect embodiment of security’s greatest challenge. It is not that the security industry is being asked to secure third platform innovations, nor dealing with the dynamic threat landscape, nor helping organisations comply with regulations in a constant state of upheaval. It is the perception, strongly held by business innovators, that security is a blocker to innovation.

It struck me that this is security’s greatest challenge. Security operations are very often disengaged from the business. This needs to change: security needs to be the organisation that enables digital transformation and regulatory compliance, while simultaneously dealing with the threat landscape.

This requires an appreciation of business risk – as opposed to technology risk. It also requires a new mindset, and possibly a new type of CISO altogether.

A friendly Chief Digital Officer recalled that when his organisation was recently hiring a new CISO the primary requirement for their appointment was that they wanted someone who would not say “No.” Instead, they wanted their new CISO to answer “How?” How can we secure data on mobile devices? How can we secure our systems when using the cloud? How can we keep our businesses compliant with data protection regulation? And so on.

I think this is the new model for security, to enable business to accelerate its innovation programmes while keeping the organization safe. I hope it catches on: after Paris I’m not sure I take much more gloom.

Interested in Security trends, opportunities and go-to-market tactics? Meet Duncan Brown and other top IDC analysts at our Infosec Security Breakfast Briefing on June 8th. You can also contact Duncan at for more insights on Security.

You can also watch Duncan talking on European IT Security: Drivers and Consequences in this IDC IT Security video