If you ask any member of the C-Suite, they will tell you that they take cybersecurity “very seriously.” No doubt they do. No one wants their company highlighted in the next embarrassing headline about a cybersecurity breach that exposed millions of consumers to identity theft and cost their shareholders millions in cash and stock value.
Yet, if that sentiment is universal, why do I find cybersecurity strategy to be in such disarray?
In fairness, the confusion is not the fault of the providers or users. It results from the increasingly complex issue of ever-evolving security challenges and our natural human “whack-a-mole” mentality to attack whatever problem just popped up. The combination, however, creates an environment where tactics and point solutions grab all the energy and resources – crowding out real strategic thinking about the problem.
While the technology vendor community could help settle some of this chaos, the truth is that they can also be part of the problem. From mom and pop shops all the way up to high-profile firms, vendors offer a wide variety of products and services that capitalize on the fear over the latest headline. In conversations with leading cybersecurity solution vendors, I’ve found there is often “too many cooks in the kitchen.” I have counted as many as 80 or 90 vendors working with large enterprises and most of those will claim to be involved in one aspect or another of cybersecurity. Managing those vendors and dealing separately with the specific vulnerability each one targets can lead Chief Information Security Officers (CISO) to put long-term security planning and strategies on hold as they spend critical staff time and resources fighting the latest malware, hack attacks and other crises.
Contrast that disarray with what we know about the bad guys:
- They are highly focused on attacking you.
- They are working to find the next vulnerability, not the last one.
- They have a strategy!
How do you compete in this new arms race?
Ideally, you want security integrated into everything you do. But how do you accomplish that without having more vendors than you can manage and too many seams in your protection that offer opportunities for the bad guys to exploit?
My advice is to start with the network. It touches all your enterprise assets no matter where they sit in a hybrid IT architecture. It also touches all your users, partners and customers. A bullet-proof network is the foundation of enterprise security in a highly connected world.
And when you start with that organizing concept, you view your choices differently. Carrier class network providers, like CenturyLink, integrate security into the core network at a fundamental level – even before they layer advanced services on top of that network. The reason is simple. They are charged with protecting public services that run across their network – including the Internet itself. So, they have highly developed expertise in protecting networks so that they can protect their own business.
When an enterprise taps a carrier-class network provider, you get an array of tools, approaches and thinking that has had to evolve with the threat environment in ways no whack-a-mole service could. Take CenturyLink Threat Research Labs, one of the many jewels of the Level 3 merger. They’re constantly monitoring Internet traffic, botnets, domain servers the bad guys use and other markers of current and emerging threats on a global basis. To put it differently, they’re playing offense as well as defense.
That technology and expertise is already integrated into the network. When you partner with this kind of Managed Security Service Provider (MSSP), you get access to the tools and expertise they use to protect themselves – and they can help you tailor services on top of that integrated network for your business’s unique needs.
Having a lead vendor like this kind of MSSP doesn’t mean you can’t take advantage of a little shop out there working on the best-of-breed protection against a very specific kind of exploit. It means you can focus your own resources on your business while a stable of cybersecurity experts evaluate that point solution and incorporate it into a framework that already exists.
Comprehensive network-first strategies involving an MSSP also means the CISO’s role is evolving – from the whack a mole stance to more of a proactive stance that focuses on the future of cybersecurity offense and defense. And that is what it really means to take cybersecurity “very seriously.”
Are you ready to get started? Talk to a cybersecurity expert today.