Can security software drive positive change in the way enterprise works? What would it take to build something that can empower and enable teams, rather than waste time and add headaches? In my career as a security practitioner, I’ve always sought to understand what it takes for a tool to make an impact, and to build a following. Here are my thoughts.
The Dreaded Security Vendor
It's not a secret that our industry has a love-hate relationship with software vendors. The explosion in numbers of cybersecurity companies in recent years, combined with aggressive sales and marketing tactics have created a negative stigma in the eyes of customers. The security technology, meant as an enabler for the enterprise, more often than not adds time and resource constraints.
The software frequently looks great during a demo, but in reality, the delivery and maintenance efforts get complicated pretty quickly. From custom connectors and integrations to one-off use cases and playbooks, security management frameworks tend to have lengthy and arduous on-boarding.
And it certainly doesn't help the fact that InfoSec teams themselves have to fight the reputation of being a hindrance to the rest of the organization, a "non-revenue-generating" budget center who exist to make things difficult for everyone.
The Core Principles
So what would it take for a solution to impact a positive change for the enterprise? How do we get past the lack of skilled resources and extensive delivery engagements? How can we remove inherent complexity while maximizing the scope of application and the number of problems it can solve?
Some products manage to create an almost fanatical following. It’s not just the problems they solve, it’s how they solve them.
To me, three aspects of a successful cybersecurity management solution are evident:
- underlying solution architecture,
- delivering functionality as content rather than code,
- and democratization.
These are fairly 'loaded' topics, so let’s talk about architecture first, and we’ll address the others in the following post.
How we build and deliver to our customers matters. In fact, it's one of the first things a customer would consider, even before understanding the complete feature set. These days, the answer is none other than delivering the solution in a cloud-native SaaS, with ability to interact on-prem. I'm sorry vendors, but your hosted VM based architecture is just not good enough. Not only is it less secure, it also costs an arm and a leg for you and to your customers.
I know some Managed Security Services Providers (MSSP) will disagree with me because they want complete control of the environment in which their technology stacks run. Knowing how much effort scaling and troubleshooting someone else’s technology in your own environment takes, I am confident saying that the benefits of this mindset are questionable.
The infosec industry has traditionally been technically conservative, and for SaaS solutions, there are still perceptions of not having enough control, along with the security and privacy considerations. These reservations will not go away any time soon. However, even highly technical customer teams will admit that they should be spending more time using their security software rather than hosting, scaling, monitoring, and maintaining it. To quote a customer, "We expect it to just work."
Besides, you are already keeping your “crown jewels” in the cloud via Salesforce and QuickBooks Online. Your logs are not that special.
Largely, the "security in the cloud" argument always ends up being the one of risk versus reward. As a customer, your resources are limited. It's reasonable to let the software do the heavy lifting.
Next, we discuss content-driven solutions and democratization in Part 2: How to Fall in Love with Your Security Platform.