Technology, Process and PeopleMany technology vendors do not acknowledge the full scope of the challenges customers face on a daily basis, which is to say customers have challenges not only in Technology but also People and Process. In point of fact, with 3500+ vendors in the information security space today, Technology may be the one area in which customers have a comfort zone. How to fit Technology into holistic security programs, taking into account increasingly regulated environments (Process) as well as who will manage the Technology (People) often represent larger issues. Concerning Process, as Paul Watts, CISO for Domino’s Pizza, UK and England told Infosecurity Europe 2018,
“All the compliance and certification in the world is no substitute for a solid foundation for cyber defenses, and I know of organizations that have been breached by pen testers, even though the CISO had a string of certifications and he had implemented a host of high-grade security controls.”With regard to People, according to Oliver Rochford,
“Cybersecurity technology can act as a force multiplier, automating menial and trivial tasks, but this still requires a force to multiply. And while technology can make challenging tasks easier to accomplish, it doesn’t accomplish them for you. That still requires people, and will for some time to come.”
Why Technology Vendors Must Understand These Elements TogetherShortsighted technology vendors that fail to recognize these issues often struggle with managing customer sales cycles as previous sales engagements stagnate and customers struggle to address these issues. It’s fair to say that if these vendors could address these issues, they could reduce or eliminate inconsistency in their sales cycles altogether. Outside of Process and People concerns, technology vendors will often take completely different approaches from on premise to the Cloud, which, in an environment where most customers manage both on premise AND Cloud environments, can lead to security gaps, unanticipated costs and project timeline delays. The vendors that are forced to take different approaches are typically those who have not adopted a Console format for their on premise deployments. (Consoles, of course, are critical to successful Cloud deployments.) As Adrian Sanabria argues on The State of Security blog,
“Since everything in the cloud is virtualized, it’s possible to access almost everything through a console. Failing to secure everything from the console’s perspective is a common (and BIG) mistake."Finally, most technology vendors have been slow to offer SaaS solutions, which offer maximum flexibility for their customers. Howie Xu, VP of Machine Learning and Artificial Intelligence at ZScaler, argues that “with a SaaS form factor, you can take a little more risk. Innovation and risk-taking are correlated. With shrink-wrapped software, you traditionally have one shot, and if that software is not good, then you are toast.”
Who Are the Best Vendor Partners?The best vendor partners view Technology as just one piece of the triumvirate of customer issues that is People, Process and Technology. They will not sell a customer technology without understanding how their technology will interact with customers’ processes and compliance environment and who will manage it. Ideally, the best vendor partners will have SaaS and Managed Service alternatives, but if they do not, they will have certified programs with experienced partners. Under the auspices of solving multiple solutions instead of solutions in isolation, the best vendor partners will provide integrations and support capabilities that will go above and beyond the typical vendor options that are offered. Finally, the best vendor partners will offer similar if not identical approaches to on premise and cloud deployments (via Consoles) so that, in the likely scenario of hybrid environments, projects will be proceed seamlessly and without cost overruns.
What’s a good strategy in identifying a good vendor partner?
- Identify a vendor that either can provide SaaS options and managed services in-house or has a certified MSSP program.
- Work with a vendor that is well-versed in compliance as well as network architectures.
- Ensure that the vendor has not only API’s to your platforms but also integrations for your mission critical platforms such as your Help Desk.
- Compare/contrast On-premise/Cloud approaches.
- Select a vendor that allows for varying levels of support depending upon your budget.