Security Technology is not Enough
CIOReview
CIOREVIEW >> Defense >>

Security Technology is not Enough

Kevin Fuller, Security Consulting Department Manager, Burns & McDonnell
Kevin Fuller, Security Consulting Department Manager, Burns & McDonnell

Kevin Fuller, Security Consulting Department Manager, Burns & McDonnell

Balance is an important concept to keep in mind for a well-designed cybersecurity program. Just as a healthy diet requires a balance of fruits, vegetables, proteins, carbohydrates and other necessities, a healthy cybersecurity program requires similar equilibrium.

Over the years, I have had the opportunity to work with hundreds of companies across many industries and of varying size. It is amazing to see the number of companies that rely too heavily on cybersecurity products in their security programs. They are continuously searching for a silver bullet that will solve all of their problems and make their concerns disappear. While technological products are important, the reality is that a healthy cybersecurity program requires a balance of people, processes and technology to be truly effective.

Any security professional who is a technician at heart enjoys tinkering with a new, shiny toy. Even newcomers to the industry quickly see there is no shortage of new tools to test drive. By some counts there are more than 1,200 technology vendors playing in the cybersecurity market. Despite the target-rich environment, security teams should be leery of chasing the latest and greatest tools until they have assessed the real need for the added capabilities.

Purchasing the latest and greatest tool, and then investing in the labor to install and configure the components, does nothing to help the organization achieve security objectives. This approach lacks the ability to capitalize on the results. In fact, a track record of not operationalizing new purchases will work against security leaders because new requests will be seen as more “shelfware.” All leaders in an organization, including security leaders, have a responsibility to be fiscally responsible with purchases.

By balancing people, process and technology, an organization can see that that it is purchasing the right tools at the right time. People are trained on the new capabilities, and processes are established to operationalize their use. The results of the new investment can be captured in Key Process Indicators (KPIs) to show real business value every time.

There are three other key facets of a healthy cybersecurity program that must be balanced: risk tolerance, affordability, and continuous improvement. These are the real driving forces behind a security program’s progression up the maturity scale. These facets are important because they will dictate how to focus your people, processes and technology investments.

An organization that chooses to accept greater risk of an incident is likely to invest less in its cybersecurity program. Major changes won’t come often, so a greater focus on incremental, continuous improvement is the best means for improving a program’s maturity. Conversely, organizations with very low risk tolerance must be willing to invest more in people, processes and technology based on where they are in the program lifecycle. This enables larger jumps up the maturity scale. There is less focus on incremental, continuous improvement because the security teams are pressed to reduce risk at all cost.

There is no silver bullet in the world of cybersecurity, and anyone who tries to sell you one is painfully unaware of the complexities of modern business. A healthy cybersecurity program demands a balance among effective use of people, solid processes to operationalize capabilities, and the right technologies to enable organizations to protect themselves. Failure to achieve balance will result in a program that will eventually falter. Due diligence by security leaders throughout the program lifecycle will be well worth the time invested.

Check Out: Top Security Consulting/Services Companies

See Also: Top Defense Technology Solution Providers

Check Out Review Of CIOReview : CrunchbaseGlassdoor

Check This Out : CIOReview OverviewMuckrack

Read Also

Insurance Market is in Full Swing in Tune with the Digital Transformation

Insurance Market is in Full Swing in Tune with the Digital...

Adilson Lavrador, Executive Director of Operations, Technology and Claims, Tokio Marine Seguradora
A Pro-Active Risk Management Approach Guides Pg&E's Supplier Quality Assurance Team

A Pro-Active Risk Management Approach Guides Pg&E's Supplier Quality...

Jamie Martin, Vice President of Supply Chain and Chief Procurement Officer, Pacific Gas and Electric Company
The Future Of Oil And Gas Industry With Digital Solution

The Future Of Oil And Gas Industry With Digital Solution

Azfar Mahmood, Product Manager, Jeremy Angelle Vice President Digital Solutions at Frank’s International
Epc Oil And Gas Companies’ Role In Scaling Up In Energy Transition

Epc Oil And Gas Companies’ Role In Scaling Up In Energy Transition

Matthew Harwood, GVP Strategy and Sustainability, McDermott International
Using Technology To Improveremote Worker Safety

Using Technology To Improveremote Worker Safety

Grantt Bedford, Director - Safety, Environment & Quality For The United States At Eni
Unified Command And Operation Cyber Centers (Ucoc): Beyond Remote Operation Centers

Unified Command And Operation Cyber Centers (Ucoc): Beyond Remote...

RobelloSamuel, Chief Technical Advisor and Halliburton Fellow (WellEngg.), Halliburton