Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

The Business Side of Cyber Security

Balancing security priorities with business flexibility and agility is a tough challenge. But it’s a challenge every executive management team faces as it strives to drive business growth, achieve competitive advantage and maximize operational efficiency.

Balancing security priorities with business flexibility and agility is a tough challenge. But it’s a challenge every executive management team faces as it strives to drive business growth, achieve competitive advantage and maximize operational efficiency.

Security breaches mean lost IP, compromised customer information and confidence, and valuation impact. Among those responsible for setting security strategy and operating policies the temptation is strong is to do whatever it takes to reduce risk. But if you simply restrict the business, you hamper business innovation.

As business environments change, security infrastructure must change to enable business success. Whether you’re operating under increased risk from advanced targeted attacks, or transitioning to the cloud or mobile devices for the productivity, agility and efficiency these technologies provide, the end result is the same: You need to adapt your security infrastructure in lock-step. You can’t afford to leave gaps in protection that today’s sophisticated attackers exploit. At the same time, you can’t keep adding complexity with disparate security solutions that don’t work together.

Adapting to Changing Business Conditions

BalanceSo what can you do as a cyber security professional to enable the enterprise with the flexibility and protection it needs to move forward with minimal risk? You need a security approach that fits and adapts to your changing business environment. Here are a few questions to ask vendors when determining if a solution will offer you choice, flexibility and effective protection in the future.

1. Can I access security solutions in a way that meets my business objectives? Even if you don’t need all the options beginning day-one, the solutions should be available as physical, virtual, cloud and managed services offerings. Hardware, software and services form factors should work together seamlessly and be transparent to the user.

2. How do you support integration with other, complementary solutions and to what extent? Most approaches to integration let you gather data from various sources at a point in time and analyze it, but typically can’t correlate and translate that data into actionable intelligence. A tightly integrated enterprise security architecture lets you enforce security policies across control points, even without manual intervention, so that you can contain and stop damage and prevent future attacks.

3. What type of deployment flexibility do you offer to expand solutions to address new attack vectors and threats as they emerge? Being able to deploy additional security functionality as needed (for example, next-generation intrusion prevention, application control, next-generation firewall and advanced malware protection) as part of an end-to-end security architecture offers flexibility to meet security needs today and into the future. If this functionality is available via software enablement versus buying another appliance, then provisioning and management is more efficient and requires fewer resources on your part.

Attracting and Retaining Top Talent

Advertisement. Scroll to continue reading.

There’s collateral benefit to ensuring your organization is protected as it evolves: attracting and retaining cyber security professionals. A lot has been written lately about the cyber security workforce crisis. It is widely estimated that in the near future job openings for skilled cyber security workers will top 50,000 between the public and private sector. And according to a recent survey by cyber security initiative, SemperSecure, more than half of today’s cyber security professionals put a premium on interesting, challenging work over salary and benefits.

Being part of a security team that is focused on protecting the latest business models with technologies that address new attack vectors and sophisticated threats is attractive to join and hard to leave. Supplementing these technologies with regular training and certifications is a must. Ongoing professional development not only gives security staff the opportunity to keep their credentials up to date, but also ensures that you are getting the most value from your security investments with a team that knows how to optimize these technologies for maximum security effectiveness.

Selecting an approach to security that offers the flexibility to adapt to your changing business environment lets you better protect the business while enabling innovation and change. Those technologies can also become an important advantage in recruiting and keeping talent. With the right approach in place you can foster a security environment that satisfies everyone – from the boardroom to the break room.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.