A manifestation of the unhealthy relationships among cyber the safety and large firms
As we reach one of the high point of each year’s conference season, one has to reflect once more on the stunning number of products and marketers active across the cybersecurity space.
Once again, they will line up in their hundreds at Infosec in London and elsewhere. Of direction , not all of them are making money; numerous are still burning the cash of their magnanimous VCs, but the fact that such a crowded sell still lure large amounts of investment is still- in itself- bewildering.
In addition, many of those products still aim to address security requirements which are as old-time as insurance good practices themselves, for example across segments such as Incident and Event Management or Identity& Access Management.
To see those segments so fragmented across so many players after 15 or 20 years of growth is not the signaling of a healthy marketplace.
They should have consolidated years ago and each should be dominated by a few players- in addition to the usual big names- all secure by health competition.
The fact that it’s not the case simply is said that purchasers are not serious: They do not buy those makes since they are address a real business need: They exclusively buy those produces to keep ticks in compliance caskets, closed to some scrutiny stages or in support of somebody’s pet project. Or very often, in reactive mode, under pressure to show responsiveness after an accident and without any strive- or occasion- to analyse the market, compare offerings and arrangement a defensive strategy.
Even if the “tick-in-the-box” market is huge- and GDPR has just made it bigger- in the long-term , nothing earns at that play: Commodity occurrence resolves up driven by regressive compliance-led dynamics, instead of positive dynamics aimed at countering ever-evolving threats, poorly-protected buyers get breached and the industry at large stagnates.
In numerous large organisations, the situation has reached astounding grades: The 2019 Cisco CISO benchmark study highlights that 37% of respondents have more than 10 security marketers to manage( 3% have more than 50 !!!)
“Best-of-breed” may be an interesting conception in the security space, but as we pointed out above, it is rarely the real reason behind commodity proliferation, and in practice, it presents functional squads with considerable challenges: How to orchestrate an efficient incident response when the data you need is sown across so many scaffolds? How to build an effective and meaningful reporting ability?
And the situation is often compounded by the fact that numerous insurance tools simply be brought to an end partially deployed, or simply shielding a fraction of the owned- functionally or geographically.
Firms which find themselves in that mess must stop buying more tech, looked at at their sincere security requirements in relation to the threats they are experiencing and start house a consolidated version strategy.
They should also look beyond the products marketplace and consider the ever-growing services offerings in that space. MSSPs have been active for over 15 years but the shadow has also promoted the advent of a number of brand-new musicians in recent years.
Consolidation and desegregation become determining factors, as the “when-not-if” paradigm around cyber affects makes centre-stage with senior executives and their focus displacements away from risk and conformity, towards hanging and delivery.
All those who have been riding the compliance tide should bear that in mind.
Read more: feedproxy.google.com