When Scale Is At Risk, Security Is A Priority

Day in and day out, I work alongside companies determining where and how security fits in their business, or if it does at all. A few of them don’t want to care about security. Some are talented leaders with high-growth companies, making major progress in shaping their company, yet they are slow-moving or hesitant when it comes to security.

I have yet to see strategic discussions that look beyond cybersecurity technicalities to distinguish why, truly, a business leader takes action on security matters. Are cybersecurity threats real? Of course. Are boards now further educated about cybersecurity’s part in risk management? They’re getting there. Yet there’s another underlying driver that, when fully, consciously comprehended, turns out to be the actual reason we finally take action to protect our organizations. And guess what? It’s not about protection.

It’s about scale. The velocity across industries is forcing a level of pressure that formerly might have broken companies to their core. Data that was once reviewed weekly is reviewed daily, if not multiple times a day. Customers expect everything instantly. And the competitive space in the digital world is standing-room only.

However, API-first, open source and progress in AI and ML are providing those same companies a level of technical potency and speed they are realizing they can exploit, with the right skillsets internally or through curated partners. If they exploit it well and scale their organization, competitive advantage follows. Yet it takes a trigger event or particular relationship to first draw the connection between security and scale for competitive advantage.

One might think of it as taking a student from an underprivileged school and placing them in a highly tuned learning institution. Once there, their eyes are opened to all the latest perspectives, talents and tools that might have been holding back their scholastic performance before. Suddenly, they learn faster, making major strides in how they approach everything from studying and collaborating with classmates to posing more precise questions to teachers in class. They might also finally have a student sitting next to them who deeply understands advanced calculus and explains it in a way that sticks. Or, if they make a mistake on homework, a passionate and dedicated teacher can quickly encourage them in the right direction.

This is similar to what I see across business leadership in my cybersecurity relationships. Once they watch collaborative security partners pursue managed detection and response (MDR), there are epiphanies that ultimately make their business stronger on multiple dimensions, not just security.

Scale is one of these critical dimensions. It has traditionally been heavily focused on rearchitecting organizational structures and finding operational efficiencies. Today, it is often heavily weighted and expressed in terms of automation, which some might argue is a subset of digital transformation. The latter term, however, has been so broadly applied that it becomes difficult for leaders to measure and achieve “transformation” without decades of top-tier consulting frameworks. What they can measure with managed detection and response, however, is an incremental improvement in how their teams automate and scale.

An example might be a healthcare organization that knows it has flaws in its data processes. It is required to comply with privacy regulations, yet the many obstacles inherent in the field of medicine have kept this company’s teams swimming in the complexities of “transformation” with little practical effect. That changes, however, when a cybersecurity threat is detected and a rapid response to mitigate it is required. For outsourced cybersecurity to function well, the internal organization itself has to automate and scale the right processes.

While, of course, there is contracted intent to protect against a threat such as ransomware, in practicality, the setup and tuning of the internal-external collaboration on threat response increases scalability. At last, roles and responsibilities are defined and clear. For example, David knows to call Shweta if he sees something suspicious, and Shweta has access to David’s data that her response team needs for investigation. The same streamlined process helps them both make compliance less of a chore a few months later.

What else happens? As the external investigation team performs its highly specialized work, it will find process gaps and vulnerabilities that Shweta can harden. In some cases, where the partnership is trusted and compliant, the partner can even clean up some of these gaps. In other situations, Shweta may be required by law to do it on her own, yet she knows her trusted partner has her back, still watching for threats. But at last, now she has visibility into pieces of the greater process scaling puzzle. She has an extended security team to help her scale.

What appears to be a move to reduce risk is in part aligned with that intention. Yet what moved the business leader to finally actively address this part of the risk was the realization of a highly effective two-for-one: Managed detection and response security efforts can develop organizational scale. At our own high-growth organization, we recognize that cybersecurity can be a high-stakes decision. What makes us prioritize where to invest is when it becomes obvious that solving one issue, in fact, builds our greater company value. Aligning security with scale finally brings it all into one efficient, value-building motion.

 

Courtesy- https://www.forbes.com/sites/forbestechcouncil/2022/08/03/when-scale-is-at-risk-security-is-a-priority/?sh=4a76e5c86e0b

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.