In my career, I have had the privilege of working for and with some of the world's biggest organizations. My employers have included CIA, the US Navy, Deloitte, KPMG, and what is now General Dynamics IT. My current and former clients and customers include a great number of the Fortune 500 and most of the Defense and Intelligence Community. As an Executive in -- and vendor to -- those companies, I have learned a bit about how they deal with security and why it's so tough.
The short version: small- and medium-sized security doesn't work for the Enterprise. Here's why.
- The stakes are higher. It's not just that there are more people, more assets, more customers and more money. Those are all factors, but it's not a linear function. As those related inputs grow, they interact to make the overall impact of security noncompliance, mismanagement and/or lapses grow much more quickly than the numbers. That's because the points of failure grow exponentially with each additional input to the system.
- The scrutiny is overwhelming. Enterprises are under everyone's microscope. Investors, regulators, employees, media, legislators, and activists are all looking for the slightest slip-up. On one side, they are looking for mismanagement, violations, and security lapses. On the other side, they're looking for privacy, due process, labor, and financial violations. Security can't blow it.
- The architecture is rapidly changing. Old security tools and processes might be passable for small organizations, but they flat out break under the pressure of changing enterprise processes, systems, and organizational constructs. IT demands migration to cloud environments for security and reduced total cost of ownership. Ops demands new agility in processes that adapt to changing rules, regulations, and methods. HR requires modern security and compliance tools and practices that a millennial workforce demands.
- Small inefficiencies lead to massive waste. When 100 people waste an hour a month in a small organization, it's unfortunate. When 10,000 people waste an hour a month in an enterprise, it's gross negligence. That's why enterprises deploy continuous improvement and agile management at scale. Enterprise leaders understand that small improvements in security processes can produce dramatic cost reduction and productivity enhancements across thousands of employees.
- Everyone is involved. Security isn't a part time employee, an "extra duty," or an outsourced or fractional job in an enterprise. Ever. It's a mission-critical, core function that demands leadership from a professional staff and participation from every single employee. Engagement and involvement from everyone are critical indicators of program health. Fail to drive involvement and engagement, and security fails.
See for yourself how ThreatSwitch can set your enterprise security program up for success in 2019.