Guest blog post by Chris Rodriguez, Senior Industry Analyst, Frost & Sullivan
The security industry is locked into a cycle of reaction. A new threat vector is discovered or a new business practice or new technology is adopted and security vendors rush to develop new products to address the situation. As a result, new products are being released at a break-neck pace, from cloud access security brokers (CASB) to next generation endpoint security to malware sandboxes. Unfortunately, taking these new security technologies and making them into complete security solutions is often a distant secondary concern. While large enterprises with deep pockets can keep up with the “latest and greatest,” the unfortunate side effect is that most businesses are falling behind in their security posture.
Few companies would consider security to be a revenue generator and even fewer would consider security to be central to their primary mission statement. Healthcare organizations must focus on patient care. Retailers must focus on margins and supply chain management. Hospitality and travel must focus on customer service. For these businesses, the process of researching new security technologies, doing proof-of-concepts, deploying, maintaining, integrating, and monitoring each new security tool for each newly realized security gap is already tedious and likely untenable. The challenge is only exacerbated by security vendors that force their marketing messages into the industry lexicon with catchy new product names and acronyms.
Small and mid-size businesses are simply not able to deploy, monitor, and maintain every new security tool that is dreamt up. Yet, these businesses are impacted by many of the same threats as large enterprises. Employees around the world and in organizations of all sizes simply have to do their work. If that means using a smart phone or cloud applications or social media, then the IT staff has to figure out how to make the practice secure. The alternative, to say “no” to the end users, typically means that end users will find other means to do their work—means that may not be as secure.
So, while the security industry suffers from “shiny object syndrome,” in reality, the latest technological innovations do not always directly translate to value for the customer. The constant “cat-and-mouse game” between security vendors and threat actors is unlikely to end any time soon. But there is an urgent and definite need for security solutions—solutions that address risk in a comprehensive manner but that are also attainable for the resource-constrained or the less security savvy. Businesses of all sizes need simplified security and a flattening of security layers. Businesses need complete and simple solutions.
The recently published paper entitled Avoiding the Acronym Red Herring: Navigating Market Complexity to Fulfill Security Requirements discusses these challenges faced by small and medium-size businesses, as well as similarly organized businesses such as distributed enterprises. Read it here to learn more about the security risks from market complexity and how businesses can navigate these risks to achieve effective security.
About the Author
Chris Rodriguez is a Senior Industry Analyst with Frost & Sullivan’s Information & Network Security research practice. During his 9 years of industry experience, Chris has authored numerous market studies, white papers, articles, video presentations, and webinars. Chris has a wealth of knowledge in the network infrastructure protection sector including next generation firewall (NGFW), advanced malware sandbox solutions, and distributed denial-of-service (DDoS) mitigation solutions. Follow him on Twitter at: @CRodriguezS20