Is your Organization Cybersecurity Tech ready?
The technology market has tons of Cybersecurity products from top-notch Cyber Security vendors. But, the question is whether your organization is security technology ready. If you try to implement new security technology capability when the organization is not ready then a whole new implementation ends up in technical debt. According to a global survey conducted by IBM, organizations that deploy over 50 Cybersecurity tools ranked themselves 8% lower in their ability to detect threats and 7% lower in their defensive capabilities, than other companies employing fewer toolsets.
Hence, it is not the number of tools that determine the extent of security within your organization. Any new addition of technology will have an impact on the existing technology and process landscape. Hence, the introduction of new technology products should be well thought of. While this applies to any new Information Technology (IT) setup, but especially when it comes to Cybersecurity, it is even more crucial.
Key considerations when you want to set up new technology capability are:
Present state maturity- Before kicking off a new initiative, conduct a current state assessment to determine how mature the present state security practices are. Do operational processes exist in the manual form at least or would it need complete set-up? Also, look at technology tools already available in the organization to see if new use cases can be achieved with or without minor tweaks to processes rather than procuring new tools.
What is needed to adopt technology: What processes do we need to set up or what changes are needed on the current processes? What skill sets are needed to reap benefits in the BAU (Business as Usual) mode. Does new technological capability fit in with the existing operational setup? What change management measures are needed to embed the change effectively.
Can new technology product be operationalized: Technology might work in a small set-up, but might not be scalable due to several reasons. The reason could be the legacy processes, which need major changes; or new tool might need tweaking. In many cases, the reason could be the data format fitment, which might result in post-implementation issues. Tools work great as far as the right data set is fed into the tool.
Before making a decision around new technology set up, need to formulate the problem statement very clearly. Many times, we tend to jump into the solution mode even before defining the problem succinctly. This is where we get into another kind of problem, which I call a “solution induced problem”. All that we are doing is just moving the pain point from point A to point B, that too at an added cost. After the problem statement is in place as well as your stakeholders acknowledge that we are after the correct problem, start looking into various options looking at cost-benefit analysis. It might be beneficial to look at the manual processing option if that makes economic and security sense. It is much easier and cheaper to move from manual processing to automated scenarios rather than moving from tool “A” to tool “B”. Have a big picture view considering people, processes and technology set up whenever you are trying to make new technology decisions.