If you’re in security, you know how aggressive vendor salespeople are; without understanding your needs, they have what you should buy, right now.
Except it’s not true – no vendor or salesperson knows what you need, or how best to provide it, without taking the time to understand your organization, its strengths, and its unique challenges:
- Do they know what new business initiatives you’re launching?
- Are they aware you’re planning to consolidate operations?
- Have they discussed your overseas expansion and corporate acquisition plans?
- Do they understand your culture?
Assessing your organization’s security posture takes time and effort. One must get to know your people, map out your processes, and analyze your technologies. But it’s an investment that pays back massive dividends; armed with the insights gathered from an in-depth analysis, you can target initiatives, pinpoint gaps, and deploy scarce resources for maximum effect.
How easy is it for you to secure the buy-in from your team to perform such an assessment? In our experience, without a data breach, security incident, or failed audit, it’s often nearly impossible.
One way to “flip the script” is to seize on the positive reasons for an in-depth, outside security assessment, and communicate those reasons to your senior leaders who aren’t directly involved:
- Focus – Are we wrapping technology around our customers / employees? Or letting the opposite happen?
- Alignment – Our business strategy is moving in one direction, but what about our security program?
- Efficiency – Are our security processes restricting our organizational flexibility and agility?
- Cost-savings – Is our security spend delivering maximum value? How much goes toward technology versus staff training, additional internal resources, and outside expertise?
- Enlistment – Isn’t the security of the organization’s most critical assets everyone’s responsibility? Shouldn’t it be a shared duty?
At Infolock, we engage deeply to assess our client’s security situation; we understand that “an ounce of prevention is worth a pound of cure.” Try these easy next steps:
- Sit down with co-workers to capture what their security experiences and challenges are.
- Take the time to spotlight the “human wins” that security has secured for your team.
- Ask your Board, CFO, COO, or Chief Legal Officer to consider (and then act on) how security empowers your organization to be more responsive, flexible, adaptable, and competitive.
We think you’ll agree, kicking security vendors out of the backseat while you drive the car is the only way to reach your destination.
Sean Steele is a co-founder and managing partner of Infolock. He has his CISSP, CISA, and CRISC certifications, and thinks everyone should know how to tie a nail knot in 30 mph winds.
- Data Breach Cynicism Takes Hold
- CISO, We Have a Problem
- The Four Do’s of DLP
- The Demise of Symantec?
- Drowning in Data?
- Vendors Know You Too Well
- Banishing the Backseat Drivers
- Throw a New Year's Curveball
- Managed DLP Services
- “It’s the Data, Stupid!”
- Peak Vendor: Reclaiming InfoSec Priorities and Budgets in the Age of Big Marketing