The average information security leader works with up to 80 solutions providers at one time. How can businesses simplify their security stack? Is the vendor market becoming over-saturated and how can solutions providers differentiate?
This is a tricky topic as different organisations have vastly different security needs, and we have a threat landscape that keeps evolving. Many times, we acquire new technology but don’t totally understand the full capabilities the solution may offer. For starters, organisations need to take inventory of what they have in their security environment. A lot of solutions probably have capabilities that aren’t even turned on, so this can help identify what’s redundant and possibly not needed. Once you know what you have, it’s critical to see how you can make the most of your investments, and how these solutions can be integrated together into a platform to help reduce complexity, bandwidth and resources to manage it. Simplicity is the name of the game. In almost all cases though, customers and prospects we talk to are looking for ways to consolidate the number of vendors they utilise to a smaller number of platforms that ideally integrate easily with each other.
Has the over-saturated vendor market exacerbated the resourcing issue in that there are now not enough resources to manage every system individually? What are the solutions?
There’s been a lot of talk about a skills shortage in cybersecurity – and it is a huge problem, especially if organisations aren’t integrating their solutions into one platform. You mention that the average leader works with up to 80 solutions providers at one time, and there is no way one person – or even a small team — would be able to effectively and efficiently manage that many tools. Think about the complexity of having to log in and out of that many systems. I’ve heard the expression used “counsole-itus.” It speaks to the growing pains of having a separate admin counsole for each of the many security applications and how much manual effort and time it takes to have a team navigate all these interfaces. A large vendor market in itself isn’t a bad thing. For one thing, it pushes the whole security industry to keep an eye on its R&D output. That drives the excellence that is necessary for us defenders to keep ahead of hackers. Yet I can appreciate this can add unnecessary complexity for an organisation weighing up its options. The best plan of attack is to take the time to weigh up the current security stack, and work out where efficiencies could be made – and rely on a platform that can help them manage your investments.
Is “co-opetition” the future to simplifying your security stack? How are Mimecast managing this, and why have you decided that collaboration with your potential competitors is the key to commercial success? If vendors are working together collaboratively, how do they differentiate, and how is accountability/remit split? How does the procurement/contract process work in this situation?
Co-opetition is vital for the security industry and helps organisations prepare for threats before, during and after an incident. It’s all about information sharing. We believe that collaboration with other vendors allows customers to maximise their current or planned investments, reducing administration time, and immediately gaining deeper insights into today’s advanced threats. Most organisations will have an identified process within a SOC or similar environment. A standard security operations model would be one designed to include statements around it being Reactive, Repeatable, Defined, Automated and Optimised. It’s the last two stages that quite often don’t get addressed as the security operations team are under a constant bombardment of threats from a myriad of sources and entry points. With the ever growing skills shortage, the common approach is to throw technology at the issue, attempting to address the threats through various solutions with different admin requirements and consoles, which only compounds the issue further. Organisations of all sizes are therefore seeking ways to integrate these services into each other. Common dashboards such as those used in SIEM for alerts should integrate with SOARs for response and threat-feeds for intelligence. This is where Mimecast and our extensible architecture comes in. By providing a common platform that can easily integrate with the customers’ SIEM, SOAR, Firewall, Endpoint, threat feed and IT ticketing solution eliminates the need to access these disparate services during an attack. It should be integrated, automated and optimised so to allow the desired actions to proceed during an attack, while vastly reducing the time and effort taken. Adequately managing risk means keeping ahead of emerging threats and the changing tactics of cyber criminals, and working together as an industry to share intelligence is essential to doing that.
Why is the customer ‘a hero’? Is deploying cybersecurity solutions such a mission that you have to be a hero to get it done and if so, is that not an indictment of the security industry – or is it an indictment of clients’ organisations and their resistance to committing to cyber?
The reason that customers are heroes is because they play a huge role in making sure email is safer for his/her organisation. Human error poses one of the biggest threats to businesses. Coupled with the increase of sophisticated impersonation attacks, having a good awareness of cyber threats has become an even higher priority. Humans can be either a first line of defence, or the first line that cybercriminals seek to exploit when they attack an organisation. Their behaviour and the culture they influence greatly impacts the effectiveness of cyber resilience strategies. Every business needs a solid plan to implement a security awareness programme that can provide key KPIs that show how effective the training is and how it creates a trend in changes among employees. By empowering employees with the knowledge on how to spot attacks and good cyber hygiene, these individuals can become heroes and defenders of their own organisations.
One of the main skills that you list on your LinkedIn profile is driving sales and “delivering rapid growth”. What is your main secret to success?
In my personal experience, and this is very true at Mimecast, rapid growth is a result of focussing relentlessly on an acute problem faced by a sizeable target market and solving it easier, faster and/or cheaper than anyone else. Security awareness training and testing, for example, is fast becoming a must have capability for organisations as increasingly, hackers have found success and are exploiting an informed apathetic or careless insiders. They’re co-opting or comprising them to gain access to sensitive data, system credentials and all to off on hard cash. By helping organisations understand the unique risk profiles of their staff and focusing training and policy efforts in the most important areas, Mimecast is meaningfully improving customer security postures. Something which we are very proud of.
What has been your biggest security sales/marketing failure?
The customer is the hero. Vendors are the guides. Sometimes we fall into the trap of putting our technology as the hero of a story and focussing on how perfect that is. In that frame of mind, it’s easy to lose sight of the mission to help our customers solve hard security issues and to be their guide to improving their cyber resilience.
The Mimecast training and awareness course has gained some prestigious coverage and clients such as the Hartford Partners. Is cybersecurity ultimately a people problem? And do you find that security awareness and training is now getting more budget/investment and buy-in? Why do you think this is? How do you measure/prove the ROI of effective cybersecurity training?
Yes – there is a huge onus on employees to do more to help with an organisation’s cyber resilience. The reality is that only 11% of organisations continuously train employees on how to spot cyber-attacks. But with humans continuing to have such a huge influence on a company’s culture, organisations need to invest in continuous awareness training to reduce the risk of bad things happening. Due to the number of data breaches and cyber-attacks we see in mainstream media, security awareness and training is definitely getting more focus from IT teams. But there is still so much more to do and more investment needs to be made. Attackers are becoming smarter and more sophisticated and the only way to keep up is to ensure employees are regularly educated on the latest threats. In order to measure the ROI of effective cybersecurity training, it’s important that security awareness training programmes have KPIs to show how effective the training is and how it creates a trend in changes among employees. Without solid mathematical data, organisations can’t track behaviour changes and whether the programme has been effective. It’s also key to implement regular security simulations to test the effectiveness of an organisation and measure the performance of IT systems.
How do you measure commercial success at Mimecast? And how do you benchmark yourselves against other companies?
We regularly release details of our earnings to highlight our success and share some of our accomplishments with our wider stakeholders. As part of this, we look at revenue growth, work with our customers, gross profit percentage, net income and a number of other factors which you’ll be able to read on our website.
Ed Jennings is COO of Mimecast: https://www.mimecast.com