The business side of cyber security

Balancing security priorities with business flexibility and agility is a tough challenge. But it’s a challenge every executive management team faces as it strives to drive business growth, achieve competitive advantage and maximise operational efficiency.

Security breaches mean lost IP, compromised customer information and confidence, and valuation impact. For those responsible for setting security strategy and operating policies, there is temptation to do whatever it takes to reduce risk. But if you simply restrict the business, you hamper business innovation.

As business environments change, security infrastructure must change to enable business success. Whether you’re operating under increased risk from advanced targeted attacks; or transitioning to the cloud; or using mobile devices for productivity, agility and efficiency, the end result is the same: you need to adapt your security infrastructure in lock-step. You can’t afford to leave gaps in protection that today’s sophisticated attackers exploit. At the same time, you can’t keep adding complexity with disparate security solutions that don’t work together.

Adapting to changing business conditions

So what can you do as a cyber security professional to enable the enterprise with the flexibility and protection it needs to move forward with minimal risk? You need a security approach that fits and adapts to your changing business environment.

Here are a few questions to ask vendors when determining if a solution will offer you choice, flexibility and effective protection in the future.

1. Can I access security solutions in a way that meets my business objectives? Even if you don’t need all the options beginning day one, the solutions should be available as physical, virtual, cloud and managed services offerings. Hardware, software and services form factors should work together seamlessly and be transparent to the user.

2. How do you support integration with other, complementary solutions and to what extent? Most approaches to integration let you gather data from various sources at a point in time and analyse it, but typically can’t correlate and translate that data into actionable intelligence. A tightly integrated enterprise security architecture lets you enforce security policies across control points, even without manual intervention, so that you can contain and stop damage and prevent future attacks.

3. What type of deployment flexibility do you offer to expand solutions to address new attack vectors and threats as they emerge? Being able to deploy additional security functionality as needed (for example, next-generation intrusion prevention, application control, next-generation firewall and advanced malware protection) as part of an end-to-end security architecture offers flexibility to meet security needs today and into the future. If this functionality is available via software enablement versus buying another appliance, then provisioning and management is more efficient and requires fewer resources on your part.

Attracting and retaining top talent

There’s collateral benefit to ensuring your organisation is protected as it evolves: attracting and retaining cyber security professionals. Being part of a security team that is focused on protecting the latest business models with technologies that address new attack vectors and sophisticated threats is attractive to join and hard to leave.

Supplementing these technologies with regular training and certifications is a must. Ongoing professional development not only gives security staff the opportunity to keep their credentials up to date, but also ensures that you are getting the most value from your security investments with a team that knows how to optimise these technologies for maximum-security effectiveness.

Selecting an approach to security that offers the flexibility to adapt to your changing business environment lets you better protect the business while enabling innovation and change. Those technologies can also become an important advantage in recruiting and keeping talent. With the right approach in place you can foster a security environment that satisfies everyone – from the boardroom to the break room.

Ammar Hindi is managing director, Asia Pacific and Japan at Sourcefire, now a part of Cisco.

Join the CSO newsletter!

Error: Please check your email address.

More about CiscoCisco SecurityCisco Security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ammar Hindi

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts