It feels like there’s a new cyber security threat every other day. Likewise, it seems like cyber security vendors are creating new products and features at the same rate. Against this backdrop, Australia’s cyber security industry is set to triple from $2 billion in 2017 to an estimated $6 billion by 2026, according to research from industry group AustCyber.
But with so many vendors and products to choose from, how do we have any hope of knowing we’ve made the right choice for our business?
The truth is, there is no one-size-fits-all approach to cyber security. Despite what any vendor may tell you about having “the most comprehensive solution in the market”, there is no silver bullet. The raft of technologies we use between hybrid cloud environments, a mobile workforce, and Software as a Service applications means our technology environment is now far too complex for only one off-the-shelf solution.
Many vendors will offer some form of all-in-one platform, but these will always inherently have at least one weak link. They generally consist of several applications or modules integrated into a single suite or license. For example, the platform might offer gateway security, but gateway security might not be the specialty of the vendor. Regardless, you’ve paid for the entire platform so you’re stuck with sub-par solutions.
Adopting a best of breed approach
If we can find some way to integrate the best security tools from a variety of different vendors, we can develop the best possible security posture for our business. This seems easier said than done, however, when we consider the millions of emails and ads we receive from vendors spruiking their products. We suggest taking the following steps if you want adopt a best of breed approach:
Evaluate your current environment
This means taking stock of all of the systems, applications, networks, and hardware your business currently uses in its everyday operations. You should also account for the total number of users that access your business data and networks, as well as any third parties such as contractors or suppliers.
Crucial within this evaluation is gaining an understanding of where your most sensitive, critical, or valuable data currently resides. Without knowing what you are trying to protect, or where it is, you can’t decide on the ideal form of protection.
Understand your risks
Some organisations will place a higher value on protecting their data than others, due to the potentially sensitive nature of their data. However, with new regulations such as Australia’s Notifiable Data Breach Scheme and the EU’s General Data Protection Regulation, every organisation that stores the personal information of individuals now has strict reporting requirements in the case of a data breach.Your sensitive or critical data may be accessed in a myriad of ways by employees, customers or contractors. Each access point in your network exposes you to different varieties of risk, which will each need to be mitigated by a different form of security. In some cases, you may also decide that comprehensive security isn’t necessary for lower risk areas of your business.
Speak to vendors
This stage of the process is the most vital, as it involves cutting through the sales pitch to find real answers. Armed with detailed information on your current environment and potential risks, you can ask vendors detailed questions about how their solutions can provide real protection.
Crucial in this process is pricing transparency, so that you can avoid inadvertently purchasing the one-size-fits-all solutions that won’t integrate into a multi-vendor approach. Priority should be given to those solutions that can be integrated into an overall security system, and particularly those systems that actually complement another vendor’s features.
Leverage impartial expert advice
Of course, all of the above steps require varying levels of knowledge that may or may not reside currently within your business. That’s why we suggest leveraging a trusted cyber security partner who has the right expertise for aggregating cyber security solutions from multiple vendors.
Counterparts Technology are experts in three core areas of:
• cyber security and risk management • personal and workspace technology • hybrid cloud and data centre optimisation
We are unrelenting in our approach to scope out all possible cyber threats facing your organisation, and all of our assessments are conducted by qualified auditors and risk professionals with ISACA certifications. If you would like to learn how your business can develop the best possible security posture against today’s dynamic threats, please feel free to get in touch with us today.