Author: Pieter Snyman, Chief Data Scientist at Performanta

The decision whether to build, buy or rent IT security skills and technology can never be monolithic; each needs to adapt with your business requirements. According to Gartner, 96% of organisations expect cyber security threats to increase over the next three years. So, how you approach building your security landscape today plays a lead role in your business dexterity and protection in the future.

There are many considerations to make when choosing how to invest in your security and they’re often determined by the size, maturity and associated risk of your organisation. Using an ‘it serves us in the here and now’ approach may not serve you well looking forward. The ability to remain agile can have a compounding impact and will often lead to veiled decision-making. It’s time to move past ‘survival mode’ into a position where you can become a little safer with every day that passes.

Digital Transformation or Business Disruption?

The shift towards digital transformation is a pertinent point to understanding the impact that decisions made today will have on your future security. While companies turn their business practices more digital, the need for security has never been greater. The requirement to be digital should not disrupt your business, so placing security at the bottom of a Request for Proposal (RFP) can be costly. Organisations will often focus solely on functionality, with the need to be secure dissipated into ‘we need to save money’. Let’s flip this thing on its head; to avoid business disruption, security should always be a non-negotiable item and should be at the top of the agenda.

Equally, artificial intelligence is changing the landscape with the volume of data we store, and the amount of processing we are now using, moving the conversation even further. Why buy a piece of hardware that sits and does nothing for weeks on end and then once a month is needed to work hard? You have to ask yourself the question – when is it the right decision to buy or rent?

For many the topic of ‘why cloud?’ has transformed into ‘why not cloud?’ Depending on the size of your organisation and the sensitivity of the data you hold and want to store in the cloud, it’s often a great option. Just be savvy – only by truly understanding your risk profile will you know what is right for you.

Harvesting Security Skills

It’s been long since documented that there’s a cyber security skills shortage. By 2021, it is anticipated that 3.5 million jobs will be available in cyber that we simply do not have the capacity to fill. Coupled with the estimate that a new type of ransomware attack is launched every 14 seconds, it can put ever-increasing, enormous pressure on individuals tasked with protecting their organisations and shareholder value. The starting point is understanding what your organisation needs to thrive, grow and innovate; identifying the skills, process and technology gaps and working out how to address them.

While there may be some trepidation in bringing in external support into such sensitive areas of an organisation, the key is striking the balance and gaining a level of confidence in daily security practices that they just work seamlessly. By engaging with independent cyber security services who are constantly researching the threat landscape, you can ensure your technology investments are optimised and kept up-to-date, can identify potential risks and are abreast of the latest regulatory requirements, and you can free up your internal talent to work on future planning and the larger strategic picture.

The advent of GDPR is a very current example. For an internal resource with a varied and pressurised workload to keep being well-informed on all of the intricacies of current and up-coming legislation can simply be too much to take on. Choosing a trusted external team of consultants who live and breathe compliance can be a very cost-effective solution.

Good Security is Bespoke Security

You are the only one who knows the intricacies of your business and your security is only as good as how it fits with your business requirements. No amount of best-in-class technology is going to make you safe unless it’s moulded to your own individual risk profile. Consider a combination of technology acquisition with renting the skills to ensure you are getting a level of personalisation that provides you with true benefit. The most important thing you can do is ensure your security architecture maps to the risk profile of your business.

It’s time we are all agents of change. The only way you can do this is to ensure that the discussion of security gets a seat around the boardroom table - elevating the message from tech to exec – so that security is no longer just present when the headlines strike.

To find out more about how Performanta can help your business, get in touch.