Gartner Blog Network


Product Security Officer : Product Managers the Time is Now to Capitalize on Security

by Barika Pace  |  July 15, 2020  |  Comments Off on Product Security Officer : Product Managers the Time is Now to Capitalize on Security

By the end of 2023, 40% of the top 100 technology and service providers by revenue will adopt the role of product security officer, up from 10% today.

Analysis

Too often security requirements are narrowly defined by secure by design imperatives, relegated to product development. Unfortunately, this narrow definition leads to re-work, product liability cost, and a reactive approach to responding to security risk that can damage your company’s brand. Unaddressed concerns can lead to project cancellations or additional investments, by buyers or vendors, required to complete projects. As a result, product managers are starting to look for ways to bring in deeper security (and privacy, in some cases) expertise into their senior leadership teams. In doing so, they are looking to mitigate risk and demonstrate a new focus on security to customers.  In addition, the recent pandemic (COVID-19) has seen an uptick in cyber-security incidents, fraud, and  privacy woes that have end-users rethinking security, privacy, access and business continuity.   Now is the time for technology providers to press the accelerator switch on security and privacy as a product strategy imperative, but few product leaders have the expertise in-house that is needed to capitalize on this demand.

A small number of vendors — including Apple, Microsoft and Philips — have already invested in creating a PSO within parts of their product organizations, but this role is by no means widespread among technology providers. Gartner has observed that the positions created so far are very much aligned to specific single products within vendors; the positions are not at a product portfolio level.
We propose product managers — especially those with aims related to a security narrative — should consider appointing a senior PSO, and we outline the responsibilities for this role within the product organization.

In the current climate, we have seen extra spending on security by end users to mitigate risk associated with digital transformation. Adoption of emerging security technologies requires strategic focus on product launch and planning. Thus, capitalizing on security requires greater focus by product management, as the new environment goes beyond secure by design or extends beyond the mission of product development. Today, one-third of end-users say they have abandoned a project due to technical and security risk. Technology providers must consider the PSO role to address risk, capitalize on emerging security technology and strengthen their brand’s trust story.

There are numerous benefits for adopting this role:

The PSO core responsibilities are listed below — and the role should be a central player in product strategy:
  • Leads the continuous development and cultivation of product security and privacy vision, including the strategy for product security as part of an organization’s product planning process.
  • Accountable for working cross-functionality to drive the implementation of that vision into product development and product life cycle management.
  • Defines security requirements, risk profiles and input into all new feature development.
  • Drives the product’s trust storyline, acts as a thought leader, and leverages security and privacy as differentiators to disrupt the marketplace.
  • Captures voice of the customer (VoC), and prioritizes security and privacy product roadmap features.
  • Responsible for compliance, customer requirements, an eye toward future laws that may disrupt the landscape and company policies.
  • Leverages emerging security and privacy technology to transform product strategy

Recommendations

Product managers focused on product leadership to innovate and mature their product must:
  • Capitalize on customer security requirements by going beyond product development imperatives of “secure by design,” and contemplate the PSO to redefine security as part of the product strategy and planning organization.
  • Evaluate the suitability of a PSO role by assessing the need against the organizational aspirations to turn security into a strategic product themestrengthen security posture, demonstrate security in product design or utilize emerging security technology.
  • Build stakeholder buy-in by using cost, value or risk associated with third-party security and privacy assessments, and customer security requirements to justify investment in hiring a PSO.

Recommended Reading

Product Manager Insight: The Emergence of the Product Security Officer

Product Manager Insight: Improving Situational Awareness for Nonexpert Users With AI

Emerging Technologies and Trends Impact Radar

Emerging Technology Analysis: Act Now on Quantum-Safe Encryption or Risk Losing Deals

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: 

Tags: cyber-security  privacy  product-life-cycle-management  product-management  product-manager  product-security-officer  security  trust  

Barika Pace
Sr Director I
3 years at Gartner
17 years IT Industry

Barika L Pace does research focused on securing emerging technologies and protecting corporate branding for high-tech enterprises. Her research covers threats and disruptions facing, Internet of Things (IoT), cyberphysical systems (CPS), social media, operational technology (OT), coupled with the realities of regulatory changes, privacy, fraud prevention and risk. In addition, through a product management lens, Ms. Pace helps clients identify top talent requirements. Her work focuses on overcoming recruiting challenges, retention, providing insights into diversity, inclusion and recruiting. Her research recognizes that in today's interconnective world protecting customers and brand reputation requires, an increased focus on multiple channels to conduct fraud detection, address cyberphysical security risk, counter threats, and to meet the challenges of increasing regulatory environment through continuous innovation. Also, Ms. Pace's research focuses on helping clients improve customer experience, through effective messaging, communication, and brand management. She helps clients optimize product strategy, and brand positioning. Finally, Ms. Pace enjoys working with tech CEOs, product leaders, product marketing leadership, CMOs, CISOs, digital manufacturing product innovators, security providers, and various clients on organizational and cultural changes needed to remain agile.Read Full Bio




Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.