Pushing at the Balloon
Push on a balloon and make an indentation. You'll notice that somewhere else, the balloon bulges. The balloon's volume is finite; at some point, with enough pressure, it will burst.
Today's cybersecurity challenge is a bit like that bulging balloon. Everything we do has an effect on just about everything else. Impose more security control? These controls can cause inconvenience, leading to people to avoid their use. Add new requirements to the system we're securing? Without more resources, we might have to take resources from another part of the system. Buy new security software? Perhaps we don't have the resources to maintain the software we're already using. Push here, bulge there.
Information security officers try to get this right, but to do so, they have to work in the middle of a pretty tough intersection, where several traffic streams come together rapidly, all the time.
New threats emerge constantly. Some don't have known signatures. Some can only be detected by the anomalous behavior they cause.
New IT architectures, designs, and systems are being introduced in the environments we're trying to safeguard. Sometimes these changes are profound, like adoption of a cloud architecture. Sometimes they're no more than an upgrade to a corporate ERP planning.
New requirements are presented. Today, we want a better way to accrue business intelligence; tomorrow, we want "big data analytics" to help us make more powerful decisions. Today, we use IP-enabled devices for banking; tomorrow we may use it to manage every device in our factory.
New cybersecurity tools and technologies are presented to us. Some work well; some less so.
People change; the people we know leave; some new people arrive. Yesterday's training and awareness may be lost suddenly.
Information security officers struggle to live in the middle of this intersection, or, if you prefer the opening analogy, to keep the balloon from popping. While some succeed, perhaps their resources would be better used on other activities. Perhaps security is not the business their company pursues, or it's not the central mission of their government department.
In that case, a better approach is likely a good managed security services provider. That's what we do, and we do it well. We've made an investment in a global infrastructure of security operations centers. We're getting better global threat intelligence; we have a global security management architecture, and we have effective tools to deal with threats that have known signatures, and those that do not.
This is the kind of work we do; this is our business, and it's our mission. As a result, information security officers can get the security they need while taking advantage of our leverage, our scale, our expertise, our security product evaluation, our threat intelligence, and our efficiencies.
This is a much better way to keep security from going "pop."