惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Fortinet All Blogs
MyScale Blog
MyScale Blog
Microsoft Security Blog
Microsoft Security Blog
量子位
B
Blog
aimingoo的专栏
aimingoo的专栏
Apple Machine Learning Research
Apple Machine Learning Research
阮一峰的网络日志
阮一峰的网络日志
The GitHub Blog
The GitHub Blog
T
The Exploit Database - CXSecurity.com
N
News | PayPal Newsroom
Cloudbric
Cloudbric
A
About on SuperTechFans
AI
AI
Hacker News: Ask HN
Hacker News: Ask HN
S
Schneier on Security
Recent Commits to openclaw:main
Recent Commits to openclaw:main
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
Cyber Attacks, Cyber Crime and Cyber Security
L
LINUX DO - 最新话题
T
The Blog of Author Tim Ferriss
Simon Willison's Weblog
Simon Willison's Weblog
有赞技术团队
有赞技术团队
H
Heimdal Security Blog
J
Java Code Geeks
大猫的无限游戏
大猫的无限游戏
D
Docker
Security Archives - TechRepublic
Security Archives - TechRepublic
N
News and Events Feed by Topic
IT之家
IT之家
Know Your Adversary
Know Your Adversary
N
Netflix TechBlog - Medium
T
Tailwind CSS Blog
B
Blog RSS Feed
C
Cybersecurity and Infrastructure Security Agency CISA
C
Cisco Blogs
博客园 - 叶小钗
美团技术团队
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
H
Hackread – Cybersecurity News, Data Breaches, AI and More
L
LangChain Blog
The Hacker News
The Hacker News
Y
Y Combinator Blog
I
Intezer
The Register - Security
The Register - Security
F
Full Disclosure
V
V2EX
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Last Week in AI
Last Week in AI
Martin Fowler
Martin Fowler

Fastly Blog

Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Six Common Live Streaming Mistakes (And How to Avoid Them) How Fastly and Skyfire Enable Trusted Agentic Commerce at the Edge Bot Defense is Table Stakes. Machine Traffic Requires a Business Strategy AI Traffic Grew 6.5x Faster Than Human Traffic This Year Python SDK Beta: How the Language of AI Runs Faster and Safer with Fastly Give AI Agents the Markdown They Actually Want How to Configure Local Logging for an On-Prem Next-Gen WAF Agent Fastly Joins the Agentic AI Foundation (AAIF) to Guide Edge AI Interoperability The E-commerce Industry in the AI Era: Has the Agentic Flood Hit? No Margin for Error: What the FIFA World Cup Teaches Us About Performance at the Edge Why iGaming Infrastructure is Breaking and What Comes Next The Publishing Industry in the AI Era: Why Bot Strategy is Now a Business Strategy Bad Performance Kills SaaS/PaaS Growth — Why Your CDN Matters Why your code is safe from Copy Fail on Fastly Compute Myth or Marvel: Claude Mythos and What it Means for Security Introducing Compliance Audit Reports Supporting Google Private AI Compute with Privacy-Preserving Edge Infrastructure Fastly Nearly Half the Web Isn’t Human: Inside Fastly’s Threat Insight Report Media over QUIC: Can Streaming Finally Have Both Scale and Low Latency? Introducing Fastly’s Redesigned Homepage: Your Central Hub for Actionable Insights The False Choice of Indiscriminate Blocking: Why Technical Precision is the New Standard for an Open Internet What is CVE-2026-23869? React Server Components Security Alert Fastly enables first-party tagging for Google Advertisers Shrink Your Bill With Efficient Software Your AI coding agent just got better at Fastly Fastly Ranked as a Leader in the 2026 Forrester Wave™ for Edge Development Platforms Fastly at RSAC 2026: New Advances in AppSec, Bot Management, and Deception Mastering the Edge: What Golf Can Teach Us About Speed, Precision, and Performance Real-Time CDN Monitoring for Live Events with Bronto Imperva Alternatives Fastly + Scalepost: Extending the Fastly platform to manage AI Crawlers Best content delivery networks for bot management Vibe Shift? Senior Developers Ship nearly 2.5x more AI Code than Junior Counterparts Maximizing Compute Performance with Log Explorer & Insights Fastly CDN Expands Scaling Fastly Network: Balancing Requests | Fastly Best Practices for Multi-CDN Implementations | Fastly Compute@Edge: Serverless Insights by Company | Fastly Fastly can teach you about the Wasm future in just 6 talks Fastly's Observability Unleashed: New Updates and Insights Optimizing your multi-CDN infrastructure to improve performance Stay ahead of attackers by pushing your security perimeter to the edge Are APIs the Key to Digital Innovation or a Trojan Horse? Fastly Academy: on-demand learning at your fingertips. | Fastly 30 Years of Web: Building for Tomorrow 4 Ways Legacy WAF Fails to Protect Your Apps Adobe boosts performance and MTTR with Epsagon and Fastly logs | Fastly Beta" A New Serverless Compute Environment Early TLS at Fastly Technical trainings & the future of edge delivery at Altitude 2016: a year in review Innovation Capacity Defined: Tech Stack Values | Fastly Deep Log Visibility Offered by Logentries | Fastly Caching the Uncacheable: CSRF Security Increase Your Hit Ratio With This Simple Tip
Accountability Without Control Is Breaking Security Leadership
Marshall Erwin · 2026-05-20 · via Fastly Blog

The CISO has always been accountable for incidents. That hasn’t changed, and it shouldn’t. What has changed is this: we’ve increased accountability without giving CISOs more control.

The role has moved closer to the center of the business. CISOs are more involved in incident response, more exposed to board-level scrutiny, and more tied to regulatory outcomes.

On the surface, that looks like progress. Security is now treated as a business issue, not just a technical one. But a seat at the table doesn’t mean control. 

In most organizations, CISOs don’t own the systems they’re securing or the decisions that shape risk. Accountability sits with the CISO. Control sits across the organization. 

That mismatch is starting to make the role unsustainable.

Accountability Alone Isn’t Improving Security

If accountability alone led to better security outcomes, this would be a different conversation. But that’s not what’s happening. Cyberattacks continue to grow in frequency and impact.

Organizations are reacting. Our research shows that 94% have made changes in response to rising CISO accountability. The issue isn’t whether they’re acting — it’s how. Many of the changes focus on managing exposure: more documentation, more scrutiny, more legal protection. Accountability is often driving defensive behavior — protecting the organization after the fact, rather than reducing the likelihood of an incident in the first place. 

Instead, accountability should drive alignment. It should force clear conversations with the executive team about what the real risks are. It should lead to better ownership and ensure that budgets and resources match the threat landscape. In many cases, they don’t, which makes it harder to act on the risks that have already been identified.

Why the Gap Keeps Growing

This model — where accountability is centralized and control is distributed — only works when the organization moves as one. In practice, that rarely happens.

And as organizations move faster, that misalignment becomes harder to manage. Security teams can identify risk, but addressing it depends on decisions made by other teams. So the gap grows, not because security leaders aren’t doing their job, but because the system around them isn’t set up to support it.

What’s missing isn’t the ability to act when incidents arise. It’s visibility and enforcement. At a basic level, many organizations still struggle to know what’s running in their environment — what tools are in use, where data is flowing, or how widely something is deployed. 

Even when risks are visible, acting on them depends on coordination, ownership, and the ability to enforce change across teams, and that’s where many organizations fall short. 

In a breach, CISOs aren’t just judged on what happened, but whether they had the visibility and authority to act. In practice, that means demonstrating that risks were understood and that the organization was in a position to act, even if execution depended on other teams.

This isn’t new, but it becomes harder as environments grow and change faster. 

Just as Security Caught Up, AI Reset the Playing Field

For a while, it felt like security teams were getting on top of things. Controls were maturing, the fundamentals were improving, and there was a sense that the gap between attackers and defenders was narrowing.

Then the ground shifted again. AI has changed the shape of the environment almost overnight. New tools are being adopted quickly, and the attack surface is expanding. Usage spreads before policies catch up. In some cases, security teams don’t fully understand the risk until it’s already present. And even when visibility improves, enforcement is not guaranteed. 

Many security teams are back in a familiar position: trying to catch up. At the same time, expectations haven’t reset. If anything, they’ve increased.

This is even more visible in AI-first organizations, where ownership of incident response is often unclear and the pace of change is higher. More than half of AI-first organizations report confusion over ownership — more than double the rate of traditional organizations.

What Needs to Change

The answer isn’t to reduce accountability. CISOs should be accountable. That’s not in question.

But accountability without control doesn’t improve security, it creates friction. Organizations are holding one function responsible for outcomes that depend on the entire system. 

Security needs to be built into how decisions are made, not layered on afterward. If the business is moving quickly — especially with AI — security needs to move with it.

That requires alignment at the leadership level. It requires clarity on ownership and resources that reflect the actual level of risk. And until control matches accountability, the gap will keep growing.

How Fastly Helps

Security teams need visibility into what tools are being used and whether they’re introducing risk into the environment.

Fastly’s Web Application and API Protection products help teams understand the traffic hitting their applications and identify malicious activity faster. The tooling is designed to reduce false positives, so teams spend less time chasing harmless activity and more time responding to real threats.

As AI tools spread across organizations, operational complexity increases too. Fastly brings capabilities like WAF, bot management, and DDoS protection together in one platform, which helps reduce operational overhead and makes incident response easier to coordinate.

If your security team is trying to keep pace with AI adoption, growing attack surfaces, and rising accountability pressure, learn how Fastly’s security products can help reduce noise, improve visibility, and speed up response times.