As enterprises recognize the central role of vendor management and governance to an effective cybersecurity strategy, they’re increasingly grappling with the challenge of maintaining a big picture perspective, while at the same time preventing fissures at the local level. For example, a global organization seeking to enforce consistent standards across geographies has to address regional considerations, since local operations may use different carriers and suppliers, or be subjected to different regulatory requirements. Seeking the proper global/regional balance, many organizations vacillate between a centralized global approach and a regional model with independent local operations.
Top-performing organizations are looking to enable data collection and governance at a local level, coupled with oversight from a centralized steering committee that provides one view of global business operations. The key to success lies less with organizational structure per se than with an ability to respond to changing business and regulatory requirements. Alsbridge has observed centralized control structures evolving to be more agile and responsive to changes affecting local entities or individual business units. Recognizing that governance structures and policies can’t be hard-wired, businesses aim to share accountability and responsibility for governance and cyber security across business owners.