What separates the winners in security apart from the others? Is there a particular technology or focus that gives them the edge in helping enterprises counter the cybersecurity threat?<\/span><\/p>\nNow you\u2019re really getting into it. I think the best way to put it is to start with the technology. Every provider we looked at had solid technical chops. In fact, there\u2019s a pretty good overlap with some of the partnerships that operate behind the scenes. And while each provider has a bit of their own special sauce in the mix, technically they all show very well.<\/p>\n
Moving up the maturity stack, what tended to set the providers apart was vision, and execution, for how enterprise security and trust enablement would materialize moving forward. Accenture and Wipro, two examples from our Winner\u2019s Circle (along with HPE and IBM), had existing services and processes that really closely aligned with our models for Trust. Leidos and Unisys, two of our High Performers (along with Cognizant, Dell, AT&T and Atos), similarly showed a good understanding of the need to move beyond security as technology and start thinking of it as a larger enabler of corporate risk management. At the end of the day, vision, innovation, and the ability to help their clients mature digitally were all key elements of success.<\/p>\n
You mentioned a shift from security as a way to protect assets towards security as a way to build and leverage trusted assets. Does that have a bearing on the way enterprises approach outcomes? And what recommendations do you have for them on this journey?<\/span><\/p>\nPhil, that mindset shift is going to play a huge part in the success, or failure, of enterprises moving forward. Security can\u2019t afford to be an afterthought; it really needs to be thought of as a transformational enabler of a better, more trusted, business. The key recommendations? Let\u2019s start with the basics. If enterprises aren\u2019t aligning themselves with the Digital Trust Framework and the Security Maturity Model, they\u2019re already behind the game. By doing this, they\u2019ll be a bit more prepared for taking the steps needed to elevate their game.<\/p>\n
Some specific recommendations would include elevating the responsibility for overall corporate risk and security management as close to the CEO and Board as possible; expanding their security architecture to include coordination, if not oversight, of their ecosystem partners; and a shift from a \u201cprevent all breaches\u201d to a \u201cminimize breaches and control risk\u201d approach. We\u2019re also recommending some actions in the areas of provider relationships, in particular related to contractual flexibility, a greater level of actionable innovation, and a closer review of international privacy policies, something that delves into the role of security with regard to personal privacy and data rights.<\/p>\n
And of course technology \u2013 automation is going to play an increasingly significant role in identifying and countering security breaches.<\/p>\n
How about the providers? What recommendations do you have for them, and how will they need to transform themselves moving forward, or even can they?<\/span><\/p>\nI think transformation is going to be a challenge for some of the providers out there today. Those that are leading with tech may find themselves defining their own outcomes, and miss the opportunity to shift from service providers to service, and value, enablers. I can easily see a bifurcation of the market into two groups: one that is focused on delivering value by leveraging security as a way to create trust (as their clients go through their own digital transformation), and one that remains very tech-focused and becomes more of a modular, or on-demand, type of provider. There\u2019s room for both, by the way.<\/p>\n
But more directly, providers definitely need to think about security maturity in a fundamentally different fashion, which means they\u2019ve got a lot of education to do with their clients who, based on our research, are still often thinking of security from a tech-only perspective. They also need to target the C-suite aggressively, as many of the security-related improvements and initiatives that need to be discussed go beyond the scope of a CISO.<\/p>\n
There\u2019s also an emerging physical\/digital approach to security that winning providers will, and are starting to, adopt. Biometrics, access control systems, these are all physical systems that help provide a trusted environment, but today they\u2019re separate from the digital security grid, unless they\u2019ve been included as IoT devices. But the future of security services will require providers to start to leverage these devices to provide both contextual awareness of threats and help seal off threat venues.<\/p>\n
We\u2019re also recommending providers take a much more aggressive stance regarding corporate processes and behavior, especially from a larger risk mitigation perspective, that more emphasis be placed on aligning security services with specific business unit objectives, and that user education be significantly strengthened, to the point of bringing users in as collaborate security partners to help build a more trusted digital ecosystem.<\/p>\n
And again, on the tech side, we\u2019re pushing for a greater level of modularity and adaptability to keep pace with the rapid evolution of malware, spear-phishing, and embedded code hacks. This is not an easy market to be in, and they\u2019ve got their work cut out for them.<\/p>\n
What can we expect out of the industry in the coming year or so \u2013 it sounds like the threats show no sign of abating any time soon?<\/span><\/p>\nLet\u2019s face it, the security market may never achieve a stable, or inherently safe, status. One of the constants throughout the past decade \u2013 really since the inception of digital technology \u2013 is that the level of threat always seems to meet or beat the level of protection.<\/p>\n
Enterprises are constrained by time, technology, and budget. Hackers, especially those that are organized or sponsored, live by a different set of rules. There\u2019s somewhat of an asymmetrical challenge at play. If you want to keep an asset 100% safe, you have to win every battle 100% of the time. But if you want to steal something, you only have to win once.<\/p>\n
This imbalance is likely to become more pronounced as hackers find, and exploit, an increasing number of zero day vulnerabilities, especially in older, legacy systems, or as they start to leverage more of the accumulated personal data, that\u2019s available in the dark corners of the web, to put together sophisticated personalized hacks that continue to blur the lines between the physical and digital worlds.<\/p>\n
We\u2019re also expecting an increase in the number of \u201cmass risk\u201d attacks \u2013 hacks that have the ability to cause fairly significant damage to a very large number of people, as well as an increase in smart hacks that find value in the accumulation of smaller pieces of less valued, or protected, information.<\/p>\n
Fred McClimans\u00a0can be tweeted at @fredmcclimans<\/a><\/em><\/p>\nHfS readers can click\u00a0<\/i><\/b>here<\/i><\/b><\/span><\/a>\u00a0to view highlights of all our 26 HfS Blueprint reports.<\/i><\/b><\/span><\/p>\n HfS subscribers\u00a0click here<\/span><\/a><\/span>\u00a0to access the new HfS Blueprint Report: Trust-as-a-Service 2015<\/span><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"Anyone who knows me well has seen how hard we’ve been pressing the importance of security and trust in a…<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[48,51,57,61,63,65,78,81,838,84,836,90,91,92,831,830,98],"tags":[337],"ppma_author":[19],"yoast_head":"\n
Provider, provider on the wall, who's delivering Trust for Digital? - Horses for Sources | No Boundaries<\/title>\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\t \n\t \n\t \n