With the number of data assets, endpoints, networks, employees, and customers consistently growing for enterprises, the pressure security leaders face is overwhelming. Headline-grabbing breaches continue to add up around the world, and businesses are beginning to understand the level of protection that’s needed to measurably reduce cyber risk is immense. Recent studies indicate that cybersecurity spend has increased 9 percent from US$34 billion in 2017 to US$37 billion in 2018.
To overcome the challenges presented by threat actors, enterprises with low-risk tolerances have no choice but to continue to add to their cybersecurity arsenal, leveraging tools that assist with threat detection, incident response, and gathering security intelligence. As the threat landscape evolves, businesses tend to stack the latest solution offerings onto existing infrastructure, and there are many to choose from—maybe too many.
With roughly 1,200 cybersecurity vendors competing for the attention of security leaders, some enterprises have deployed as many as 70 different security products. Given the severe shortage of qualified security professionals, however, enterprises face an uphill battle in not only implementing the technology but maximizing its use.
Building an ecosystem of technology providers is a practical approach, but managing that network of solutions and relationships is a monumental task. This patchwork approach creates disorder, confusion, and at times, gaps in security if not handled strategically.
Today’s cybersecurity warrior faces tremendous hurdles when it comes time to purchase a solution given the plethora of products and services in the space.
If you’re currently on the market for a new cybersecurity solution, it’s essential to focus on the following two areas before you even begin to prepare your next Request for Proposal (RFP).
Guide the Discussion and Ask the Right Questions
Customers tend to look at solutions in silos, focusing on each capability that the technology offers. However, it’s imperative to anchor down on the central issues you’re trying to address. It’s easy to get lost in the alphabet soup of acronyms many security vendors like to advocate. However, it’s essential to apply the same level of focus you utilized to draft your cybersecurity strategy to purchasing new technology.
No single vendor can do it all, but if you’re walking down the expo hall at the RSA Conference, you may misinterpret a message or two by some that may allude achieving that feat. Pay close attention to the company’s core offering and message to ensure that it applies to the problem you’re trying to solve. Be sure to ask questions that solely focus on your specific challenges, and don’t get sidetracked into discussions of “apples versus oranges versus pears.” As the customer in need of a solution, it’s critical for you to be in control of the conversation by keeping your needs top-of-mind.
Before inquiring about a tool, do your internal homework by having a clear understanding of the challenge you’re trying to address, and what the ideal solution would do for your business. Additionally, make sure that it falls in line with your security roadmap. The last thing you’d want to happen after investing a good portion of your budget is to deviate from what you’ve communicated to the C-suite as your blueprint to success.
Whatever It Is, Make Sure It’s Future Proof
No decision you make as a security leader should be based solely off of solving one problem. While I did advise that you should focus on overcoming a single challenge during your discussion, remember, it still needs to be relevant to your security roadmap.
Far too many purchasing decisions have been made based on solving one single issue, and the result is an unnecessary tech stack. Right now, there’s a good chance that you could be paying for features and capabilities you’re not tapping into in the solutions you’ve deployed. Given the complexity tied to an enterprise’s ecosystem, this is common. But rather than continuing that trend, you can adjust your approach.
Identify where more attention needs to be placed within the business, in addition to where you can scale back. This will not only result in more efficient use of your resources but also shines a spotlight on the problem areas where you may need to make a purchase. Once you’re confident that’s the next step, make sure that whatever you look into is future proof.
Remember, your next purchase can’t be considered a patch for a small hole in your overall cybersecurity effort. It must be a piece that fits into the strategic puzzle you’re attempting to assemble. How interconnected is it to the rest of the technology you have deployed? Does the vendor have an existing partnership with others that your organization is currently working with? These are two questions that are very important to keep top of mind.
It’s important to remember that leveraging more cybersecurity solutions may not necessarily lead to a more secure enterprise. More often than not, this places a burden on security teams, as its focus may shift toward sifting through troves of security data to tell the enterprise’s risk story.
Cybersecurity leaders facing this dilemma have opted to work with a trusted security advisor that has the ability and bandwidth to direct and manage your technology providers. The right partnership leads to expanded flexibility for your cybersecurity strategy, an increase in solution deployment speed, and an efficient, cost-effective, approach to addressing your enterprise’s risk tolerance.
Tien San Chng is Trustwave's Global Head of Worldwide Strategic Alliances and Partnerships.