We recently polled some of our top technical leaders and security experts to find out what key pieces of information they require to manage their resources effectively. We specifically asked “What are the top questions you need to answer about your business?” In part one of this two-part series, we looked at the perspective of the Chief Information Security Officer (CISO/CSO) and their approach to security.
In part two, we gain insights from the Chief Technology Officer (CTO) and engineering leadership on what they need to be aware of to successfully guide the product, strategy, and engineering teams. Since they’re usually (but not always) more hands-on with the people, processes, and technology used every day, we wanted to see if they were still in alignment with the CISOs we talked to.
High-level goals and strategy
Engineering leaders care about security and have important high-level objectives and goals similar to those of the CISO. These questions from one head of engineering emphasize planning, high priority objectives, and creating a strategy to reach those goals.
The top strategic engineering questions include:
- How will we identify our strategic roadmap for next year?
- How will we stick to those priorities?
- What changes or additions to the engineering and product team are necessary to accomplish the strategic goals?
- How do we continue to reduce our per transaction costs while speeding up our update cycles?
Get your (Jira) tickets for a deeper dive
Conversations around these high-level concepts above often lead to the creation of epics, stories, tasks, and tickets (who doesn’t love Jira tickets?). When we drilled into more detail on some of these strategic objectives, we found that costs, infrastructure, and access were more top of mind for the engineering leadership than the CISO.
Identity and access management
Who has access to what is a key question for both CISOs and Engineering leadership. Not only are people so integral to your processes, but they are also a key factor in security risks. The top questions cover permission reviews, offboarding, and even look at end user permissions, not just employees.
The top IAM questions included:
- Do we have users that have the wrong level of access?
- Do we have any terminated employees with active user accounts?
- Are there any end-users that have been granted access to applications that we do not allow?
Infrastructure questions seem to focus on efficiency, cost, and security. Engineering leaders want to know about old tech “lying around” or running in the cloud without being used. While questions like these may seem basic, they can be quite complex and difficult to answer in today’s multi-cloud and hybrid environments. To compile this information manually in the native UI, teams would need to log into different cloud providers individually, and switch back and forth between accounts checking every one. For a small engineering organization, this might be feasible, but for larger orgs with thousands of accounts across multiple clouds, it can take days or weeks to compile answers to questions like these. With the proper tooling and a way to consolidate and automate data collection, these questions can be answered in a matter of minutes.
The top infrastructure questions included:
- Are we using any cloud runtimes that are deprecated or unsupported? (this could refer to old AMIs, old Lambda runtime, old Redis versions, etc.)
- Are there any resources in regions that we do not use?
- Are there any EC2 instances that are reachable from the public internet?
Solve the simple. Focus on the strategic.
What is your confidence level that you can answer questions like these accurately? While JupiterOne can’t help you decide on your product roadmap, we can help you answer critical questions about your infrastructure, access, security posture, and users to help support your strategic initiatives. With the added visibility and context that comes from connecting the dots across your assets and environments, we can help you find answers quickly, cut costs, and be more efficient and secure. In turn, that will create more space for you to debate roadmap and product priorities. You may not think that’s a good thing, but trust us, you’ll be glad you did.
What are some of the critical questions that you’re asking across your engineering teams? We’d love to hear how they align with our experts.