The CISO's guide to Identity:

10 strategic priorities for 2023


As cyberthreats become increasingly sophisticated, 2023 will be another challenging year for CISOs. Stronger cloud security is critical, but must be balanced with fluid access for a dynamic and distributed workforce. Here are the key areas to direct your Identity investments.

Office workers

1  Keeping up with evolving cyberthreats

Cyberattacks aren’t just increasing in number, they’re getting better at evading conventional security controls. Ransomware, phishing and other social engineering attacks continued to rise in 2022, and with workers and devices more distributed than ever, it’s a case of when, and not if, your business will come under attack. With the traditional network perimeter all but redundant, identity is the remaining logical point of control. By focusing on identity, you can incorporate user context to build a robust, risk-based decision engine that mitigates the risk of attack, whether via your employees, customers or partners.



82% of breaches involved a human element, including social attacks, errors and misuse1

2  Reviewing cloud security post-COVID

Many organisations undertook hasty cloud migration projects during COVID to ensure remote employees could keep working, inadvertently opening up security vulnerabilities along the way. Now is the time to review these measures, evaluate their effect on risk and exposure for the business, and explore implementing a comprehensive Identity solution that secures users of all your workplace apps, whether on premises or in the cloud.

3  Centralising access management

The proliferation of workplace apps in recent years has created siloes of Identity data that are a headache to manage and secure. Consolidating this information with a centralised Identity solution gives you enhanced visibility of all your users, allowing you to manage onboarding and offboarding in one place, create uniform security policies across all your systems, and detect and respond to threats swiftly and efficiently via a single central pane.

The CISO’s guide to Identity: 10 strategic priorities for 2023

4  Being part of reimagining the workplace

It may seem like the business of other departments, but in 62% of European organisations, the CISO is considered influential in defining the working model2 . While hybrid working is likely here to stay, working patterns are constantly being reassessed. Defining the workplace will be a collaborative initiative between all functions and, as CISO, your involvement is critical in ensuring your organisation invests in Identity security technology that scales with business needs.

The CIO’s guide to Identity: 10 strategic priorities for 2023

5  Balancing security and collaboration

Businesses are increasingly empowering workers with the freedom to choose their own devices and apps. This is helping build a culture of collaboration and creativity, but creates security challenges. To balance strong security with seamless access, consider implementing a contextual access management solution, which uses risk signals and posture checks to streamline approval for low-risk access requests while prompting for additional assurance factors in riskier login situations.

51% of European businesses now operating a Choose Your Own Device mobile management strategy2

6  Securing the supply chain

Attackers routinely exploit the trust implicit in the supply chain to gain unauthorised access through the back door: Verizon found that 62% of system intrusion incidents could be tied to supply chain breaches in 2022. Compile a risk audit of your organisation to understand your potential exposure through interactions with partners and suppliers, and how this could be mitigated by a more mature Zero Trust security architecture, founded on Identity.

7  Deploying threat detection technology

Security teams are overwhelmed by alerts: more than half receive over 500 alerts a day, of which 20-40% turn out to be false alarms. That’s challenging when talent is in short supply and raises the risk of missing a genuinely serious alert. To reduce security alert overload, consider implementing automated threat detection like Okta’s ThreatInsight, which uses intelligence gained from the Okta network to detect and block suspicious IP addresses, helping to mitigate large-scale Identity attacks.

The CIO’s guide to Identity: 10 strategic priorities for 2023

8  Going passwordless

Password fatigue is nothing new – and as the number of workplace apps rises, it’s getting worse. The more credentials your colleagues have to remember, the more likely they are to simply reuse the same details across their work and personal accounts, even if they know those credentials have been hacked before. It’s why more organisations are choosing to avoid passwords altogether, opting for biometrics, magic links or one-time passcodes to create convenient, secure login experiences.

175 Average number of workplace apps deployed by large companies3
The CIO’s guide to Identity: 10 strategic priorities for 2023

9  Simplifying auditing and compliance

The scramble to the cloud, accelerated by the pandemic, has expanded the footprint for company data which is now scattered across cloud and on-premises environments. Without unified Identity and access management, audits can often take many months and involve multiple access approvals and owners. Implement a simplified and centralised view of users to help you manage access permissions and save time on checking that your organisation is compliant.

10  Working with CIO to establish Zero Trust security

Today’s hybrid workforce and flexible device policies have made the traditional network security perimeter obsolete. This is accelerating plans to establish Zero Trust security, with the proportion of organisations having a defined strategy in place doubling from 21% in 2021 to 45% in 20224. Work with the CIO to formulate a plan for an Identity-powered approach to Zero Trust security that will form the foundation for a secure, resilient hybrid workplace, now and into the future.

of businesses will have a defined Zero Trust strategy in the next 12-18 months4

Ready to put Identity first?

Get hands on with the free trial today, or get in touch with our team to discuss your unique needs.

1 Verizon DBIR 2022

2 Okta Hybrid Work Report 2023

3 Okta Businesses at Work 2022

4 State of Zero Trust Security 2022