How an organization approaches the challenge of technology and security management, well that’s the difference between leveraging technology to deliver value efficiently and effectively vs technical debt and inefficient deployment of technology which may hinder the organisation in its pursuit of its mission.
When we consider how technology is managed, we need to look at it from multiple viewpoints with different views:
- Legal and Regulatory Requirements
- Organizational Requirements
- Customer/Market Demand
Focusing on a single area too heavily e.g., cost will likely yield results which provide the following reality:
Low initial cost, minimal maintenance investment, limited security spending will likely create an overall enterprise technology position that leads to:
- Technical Debt
- Poor performance
- Weak Security Posture
- Integration and Interoperability challenges
- Negative business impact
Conversely just buying solutions and spending money will not delivery technology management eutopia. It will likely create a similar outcome to overly focusing on cost, but with a higher bill!
Cyber security is major area organisations struggle with, whilst marketing departments talk about AI the reality of how computer systems and their threats work in today’s incident landscape is largely due to organisations not adequately investing in the reality that security requires a far greater attention to detail and a continual level of evaluation than many technology implementation projects have allowed for. A pursuit of faster and cheaper (at any cost) alongside “sweating of assets” generally has led to a world of largely insecure organisations, a reality that cybercriminals are all too happy to exploit (and they do).
Once again, the field of cyber defence is vast, deep, and complex, organisations of all shapes and sizes do not have a magic wand, nor do they have unlimited resources. Building an integrated, robust, resilient security capability generally requires the realisation that change is hard, security adds friction and therefore is a balancing act and that things are never “one and done”.
I don’t have a silver bullet or a one size fits all “solution” – what I do have is experience of working with organisations to change the way they work to enable greater technology value delivery and to transform security from being shockingly weak, to creating postures which are significantly stronger than their competition, not infallible (that doesn’t exist!) but making a significant improvement (where there is appetite and willingness to invest, change and transform, trust me not everyone actually wants to do the hard work).
Technology and Cyber Security is not a state, it’s a continual cycle of activity and focus. The news teaches us that as a race we haven’t been great at securing our digital world so far, but that doesn’t mean we shouldn’t be trying to make it better. Change is hard, not changing is often much more painful in the long run!