December 3, 2022


The Number One Source For Business

Positive Business Outcomes Need Cyber Secure Compliance

It is surprising that cybersecurity conversations occurring throughout the industry today would be boring most average people. While important, the discussions are usually filled with tech jargon, which can undermine the value of cybersecurity by going over the heads of key decision makers. The proper mindset for cybersecurity should never be framed as a technical solution; cybersecurity matters are business matters that carry tangible business outcomes. The details of the security technology are actually secondary components.

Companies today are dealing with a hyper-fluid state of their data. We see it in mobile applications, remote office scenarios, distant facility geolocation, boundless cloud environments, and more. Data moves and then rests. The reality is that it all needs to be protected against threats and risks whether moving or resting. 

While this may seem obvious, the very nature of modern applications and information cannot exist without security measures in place. In addition, the competitive and economic landscape mandates that these technological achievements deliver quickly and maintain valued experiences. This is critical to the very nature and desired outcomes of digital business. 

Sleeping at The Wheel of Technology

This sounds reasonable and, by any standard, simple to reconcile. In practice however, too many CIOs approach the formidable security challenges with a piecemeal and patchwork mentality. Cloud environments, hybrid systems, and integration into multiple cloud systems all add up to a whole lot of moving data – and continual potential for risk. Data travels fast in dynamic trajectories with underlying components stringing the environments together. 

Somewhere out in the digital beyond, the actors are greater in number, greater in capability, and greater in resolve than ever before, and they are definitely mightier than most IT departments today. Adding to that threat, as we mix private systems with public systems, making the blueprint for what makes your company distinct is essentially easy for a determined hacker to discover. 

Yet, IT departments continue to carry the lead on cybersecurity, using manual “whack-a-mole” approaches to security and risk threats. Many of the products in this approach are pinned down to tangible assets and the perception of control. 

Too Old and Too Slow

The legacy roadmap and mindset on cybersecurity are too slow and too dependent on outside factors to thoroughly address modern risks and security factors. This is where we find poor implementation of tools, a lack of access controls, plain text passwords, overdue updates and other factors that are, unfortunately, treated as individual problems. Collectively, in a rapid cloud and application environment, these lapses create a hidden, broader attack plane appealing to hackers, which seek to use the least common denominator to maximize their impact and minimize their efforts. Throwing more money into the pit is not a good solution. 

Business Outcomes, Again

This all comes around back to the business. Cybersecurity decisions and operations should always carry the context of business outcomes. Simplicity and full-spectrum awareness of risks, assets, data, and security threats form the best cybersecurity path possible, but only when the results can be quantified in unison with advantage to the business. Applying technology better is always a business advantage in terms of efficiency, speed to delivery, app experience and, on top of all else, security. Only with the context of business value can leading cybersecurity missions take hold because the outcome is critical to deciding what risks are acceptable and what risks are not. From these decisions, a strategy is born. 

Not So Basic, Basics

Banking and credit card industries, payment systems, and financial services highlights major achievements in cybersecurity strategy. These industries have put banking in our hands, on our phones, on watches, and more devices than I will personally ever use. Imagine the initial conversations around these concepts and how risky these notions must have sounded. Without security driving forward the business outcome of ubiquitous banking and payment access, none of this would have been possible. 

Cybersecurity programs for every industry and business should include the following basic characteristics:

  • Scalable
  • Simple to maintain
  • Multi-layered approach
  • Simple to deploy
  • Integrated awareness
  • Risk focused 
  • Third-party validation – such as risk assessments and monitoring

Even though most companies are not banks or credit card companies, they still cannot turn away from these critical examples. Many businesses today live and breathe on rapid application development and deployment  for critical business data, and many organizations are beginning on a path to using DevSecOps to address security throughout the software lifecycle. What they have realized is that they can scale around the speed of their business applications, deliver continual improvements on the business’ core processes and ensure security throughout every phase in a variable mobile environment. 

Step Ahead on Security

Staying ahead of the security curve means always looking around the corner. Get ahead of the business impacts of missing or falling short on security and risks. Leverage security technology that matches your immediate and long-term technology and always look to maintain the business advantages of enabling data wherever it may be. Reimagining cybersecurity around software-based platforms is an important step that can enable a business to be more prepared than ever thought possible.