“Ten percent of the value is in the tool, and 90 percent is in the people and processes around the tool. Look at what the tools are out there and give it time. Then in six months, reassess,” Dickson said. For customers looking at near-term renewal issues, he said to renew, “but don’t go for any more than a one-year timeframe on your renewals” and focus on exit clauses. Then strategize on a 2-year to 4-year timeframe, he said.
When asked for her thoughts on what the acquisition means for enterprise CISOs, Jess Burn, a principal analyst for security and risk at Forrester, was succinct: “Not a whole lot.”
“The SolarWinds hack and resulting breaches gave CISOs two things to think about: Greater scrutiny of third and fourth parties in or connected to the enterprise, and personal liability,” Burn said. “SolarWinds was the beginning of a broader product security awakening for CISOs and government agencies like CISA, who launched Secure By Design in 2023 after a series of software supply chain related breaches. Third- and fourth-party risk management is still an issue, but CISOs now know what to ask their partners, including software vendors and managed IT service providers.”
