How to Escape the Security Arms Race and Thrive
… select the right technology for your security strategy. In fact, studies have found that companies are using as many as 70 different security vendors and products as they struggle to determine how to achieve the healthy balance between security and functionality. But despite all of these tools being used, there are still gaps.
Shelfware Mentality Isn’t Working
Shelfware, a colloquial term for owning or licensing software that you don’t actually need or use, is a common problem when it comes to enterprise software. A study by Osterman Research found that 30% of businesses that invested in new security controls often ended up under-using those technologies or stopped using them altogether.
Organizations fall into this trap for a number of reasons. Sometimes, it’s the result of focusing on compliance over actual security and risk mitigation. Other times, it’s the result of failing to understand the true cost of implementing and utilizing the technology they purchased. Yet another reason, as Osterman and Gartner research has shown, is the chronic shortage of skilled security personnel required to manage and operate this technology. In short, some of these tools go unused because they ultimately weren’t suitable for the organization or lacked the personnel to make use of it. Companies must look deeper into what they need and what that requires.
The Real Price of Security
To help your organization escape the proverbial arms race and evolve securely, companies must truly understand the TCO of the technology they’re assessing. Security solutions often get sold based on features and capabilities, but that ignores the matter of staffing and employees. Many of the options available require more full-time employees dedicated to using them, which can quickly drive up costs – and that’s if you can find the employees with the right skill sets.
According to CyberSeek, an online resource from NIST, the ratio of existing cybersecurity workers to the number of cybersecurity job openings is 2-to-3. That means one in every three jobs in a security operations center (SOC) is vacant. A talent gap is a seller’s market – skilled workers can command high salaries in this environment. Organizations need to include additional salaries into their cost analysis for a security solution.
Building your own SOC requires bringing together the right tools, intelligence and people to create an integrated solution that can withstand the test of time and scale as quickly as the threat landscape changes. Many who have tried will agree that this is easier said than done. Chief information security officers (CISOs) across industries frequently bemoan the lack of time and budget needed to find the right candidates. Recruitment becomes their full-time job, in some cases, and that can mean their real job – ensuring their organization’s security – falls by the wayside.
Outside of finding, employing and retaining the talent needed, here are the advanced security additions you would need to start …