I spent a week in the not so sunny UK with our Chief Revenue Officer, Robert Potter, meeting with CISOs, listening to their cybersecurity challenges and helping them find solutions. One of the common themes was security rationalization.
CISOs in the UK (and, frankly, all around the world) have started embarking on security rationalization campaigns. We even ran into a few organizations that have a VP of Security Rationalization and entire teams dedicated to the effort.
What are these security rationalization campaigns all about out? Most simply put, they are measuring the effectiveness of their security programs across technology, people and processes to determine if they are getting value from their security spend plus their security effort. Further, they are prioritizing future investments across areas like hiring, training and procuring additional security solutions.
Historically, cybersecurity measures and risk metrics have been qualitative and more about perceived risk mitigation juxtaposed to more tangible, quantitative metrics that can be proved empirically as they are done in other strategic business units such as sales and operations.
What’s interesting about the UK is that virtually every CISO we met with brought up security rationalization as a major part of their 2018 security strategy. Their security rationalization campaigns are well underway, not just in the “good idea” phase. These organizations no longer simply want the best security solutions, they want to prove and communicate that these solutions are optimized, effective and worth the spend of time, money and resources.
These security rationalization campaigns have stemmed from years of security leaders asking for a seat at the highest levels within the organization. Business leaders have listened and now security has that executive-level voice, but with that voice comes the need to better articulate the true, measurable value that security brings, where gaps in security will impact business initiatives and quantitative metrics so that working cooperatively with the security leaders, executives in these organizations can make more informed decisions, more quickly.
Security rationalization is helping organizations treat security more strategically. Security can be a lever for organizations to be more competitive, nimble and cost-effective, as well as save money, and do all of this while mitigating risk.
The Verodin Security Instrumentation Platform (SIP) provides organizations with a platform to manage, measure and improve security effectiveness. Verodin SIP clearly, automatically and continuously illustrates what’s working, what’s not and how to fix it. Reporting is easily understood by technical and non-technical decision makers, it’s actionable and it demonstrates trends over time to show where security effectiveness is improving or decaying over time such as in the face of environmental drift.
Security rationalization helps make security more strategic. Security Instrumentation Platforms such as Verodin SIP make security rationalization a reality. To learn more about how Verodin SIP works, check out this webinar on proving security effectiveness and contact us for a demo.