by Barika Pace | July 15, 2020 | Comments Off on Product Security Officer : Product Managers the Time is Now to Capitalize on Security
By the end of 2023, 40% of the top 100 technology and service providers by revenue will adopt the role of product security officer, up from 10% today.
Too often security requirements are narrowly defined by secure by design imperatives, relegated to product development. Unfortunately, this narrow definition leads to re-work, product liability cost, and a reactive approach to responding to security risk that can damage your company’s brand. Unaddressed concerns can lead to project cancellations or additional investments, by buyers or vendors, required to complete projects. As a result, product managers are starting to look for ways to bring in deeper security (and privacy, in some cases) expertise into their senior leadership teams. In doing so, they are looking to mitigate risk and demonstrate a new focus on security to customers. In addition, the recent pandemic (COVID-19) has seen an uptick in cyber-security incidents, fraud, and privacy woes that have end-users rethinking security, privacy, access and business continuity. Now is the time for technology providers to press the accelerator switch on security and privacy as a product strategy imperative, but few product leaders have the expertise in-house that is needed to capitalize on this demand.
A small number of vendors — including Apple, Microsoft and Philips — have already invested in creating a PSO within parts of their product organizations, but this role is by no means widespread among technology providers. Gartner has observed that the positions created so far are very much aligned to specific single products within vendors; the positions are not at a product portfolio level.
We propose product managers — especially those with aims related to a security narrative — should consider appointing a senior PSO, and we outline the responsibilities for this role within the product organization.
In the current climate, we have seen extra spending on security by end users to mitigate risk associated with digital transformation. Adoption of emerging security technologies requires strategic focus on product launch and planning. Thus, capitalizing on security requires greater focus by product management, as the new environment goes beyond secure by design or extends beyond the mission of product development. Today, one-third of end-users say they have abandoned a project due to technical and security risk. Technology providers must consider the PSO role to address risk, capitalize on emerging security technology and strengthen their brand’s trust story.
Leads the continuous development and cultivation of product security and privacy vision, including the strategy for product security as part of an organization’s product planning process.
Accountable for working cross-functionality to drive the implementation of that vision into product development and product life cycle management.
Defines security requirements, risk profiles and input into all new feature development.
Drives the product’s trust storyline, acts as a thought leader, and leverages security and privacy as differentiators to disrupt the marketplace.
Captures voice of the customer (VoC), and prioritizes security and privacy product roadmap features.
Responsible for compliance, customer requirements, an eye toward future laws that may disrupt the landscape and company policies.
Leverages emerging security and privacy technology to transform product strategy
Capitalize on customer security requirements by going beyond product development imperatives of “secure by design,” and contemplate the PSO to redefine security as part of the product strategy and planning organization.
Evaluate the suitability of a PSO role by assessing the need against the organizational aspirations to turn security into a strategic product theme, strengthen security posture, demonstrate security in product design or utilize emerging security technology.
Build stakeholder buy-in by using cost, value or risk associated with third-party security and privacy assessments, and customer security requirements to justify investment in hiring a PSO.
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.