It is fascinating to me how security works online today – and I am not talking about the zeros and ones. In the real world if a security company provides guards, some sort of alarm system, etc.. and their system is broken into or proven to be ineffective, they are liable, In fact, many companies purchase security systems to obtain the corresponding insurance. Of course, these systems are not fully guaranteed, but they are supposed to provide some minimum standard. Should they fail then there are consequences. Not so in the cyber world. In fact, if a given security solution is proven to be ineffective, it is rendered obsolete – no reprisal, no backlash and, if that software provides an “update”, the compromise can actually turn into more revenues for the provider. In the real world, if you hire a security consultant to provide a complete analysis of your physical risks and suggest a course of action and that inspector, for example, forgets to close the street-level windows (or put entry sensors on them), then a subsequent burglary will be that expert’s problem. This is a professional service but it often comes with some level of protection to the customer and, at the very least, your money back in cases of ineptitude, Not so online. In fact, with a negative unemployment rate, the bar for security expertise is lower than ever and many truly unqualified people are being hired as chief security officers (CSOs). They are then charged with figuring out the cybersecurity risk profile, performing a risk analysis (a risk who-ya-what-cha?) and providing a course of action. Good luck with that. When they inevitably get things wrong, that CSO falls back on a) technical jargon; b) the “fast pace of technology”; c) the ineptitude of hired vendors; or d) all of the above. Most of the time the CSO gets more money to make even more spectacular mistakes… And people wonder why the hackers are taking over the world.
Here is a thought – why not let the security vendors do the risk analysis? Of course (and yes I am plugging Bear here), you need a vendor that would work collaboratively with other security vendors and one that fully understands the security landscape. Ideally, you would find a vendor with a network of qualified CSO people to provide the required breadth of skills needed to both identify and rectify issues across your enterprise. Imagine the other side – a responsible solution provider. One that clearly defines a path to safety and then is on the hook to provide said protection. As a customer, you can demand common sense things such as proactive protection, plain-English explanations, business-oriented strategic implementations and so forth. These primary vendors can consolidate the best-of-breed product vendors to provide a whole product security solution, put those vendors on the hook to fulfill their obligations and handle the technical complexities on your behalf. Of course, with Bear, all of these security features become invisible to your business – but one major mind-blowing thing at a time…