skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.

Straight Talk IT

Omdia view

This week sees the very first Black Hat USA virtual event. As with the in-person event, the agenda is fantastic and Omdia’s cybersecurity research team is very excited to be joining. Furthermore, exploring the topics at Black Hat can help with understanding and addressing the cybersecurity complexity that has built up over the years.

Just a few short decades ago security was “part of someone’s job,” today (according to (ISC)²) the global security workforce stands at around 2.8 million and there is a significant shortage on top of that. These people, alongside relevant processes and technologies, are needed to deal with not only day-to-day operational security demands but also to develop organizational approaches to cybersecurity, engaging with the governance, risk, and compliance requirements that come into play.

Security controls have been developed over the years focused on addressing the cyberthreat landscape to prevent, detect, and respond to security incidents and breaches. These controls operate via people, process, and technology, and as the cyberthreat landscape expands layers are added, and cybersecurity complexity continues to grow. Most Chief Information Security Officers (CISOs) recognize that they have large security technology arsenals that are typically disconnected, and SOC analysts spend far too much time in a swivel chair trying to make sense of an alert coming from one system and another one coming from somewhere else.

Yet, organizations continue to invest in cybersecurity technology. Omdia has researched the potential impact of COVID-19 on this market and despite predicted constriction of enterprise budgets in the next cycle, cybersecurity technology in certain areas (e.g., network security, cloud security, and cybersecurity technology to further strengthen security in remote working) will see more spend going forward. This increased spend will only add to complexity. So, how do organizations go about breaking down the complexity that has built up over the years?

It’s time to take stock of the technological capabilities that we have in our portfolios. There are four high-level steps that organizations can take to help reduce the complexity—categorization, gap analysis, gap prioritization, and addressing the gaps.

Going through the existing security technology portfolio to categorize technologies (Omdia uses the categories of infrastructure security, SecOps, identity, authentication, and access, and data security) will frequently uncover some security products that are no longer required. The next stage is to do a gap analysis—as much as there are highly likely to be overlapping products, there will also be gaps in the security technology portfolio. However, organizations don’t have limitless pockets of money or endless supplies of staff, so the identified gaps must be prioritized. This prioritization is likely to fluctuate—what is of low likelihood one day might become significantly more likely the next—but a program to address the gaps should be put in place to work through the priorities and maintain or even improve the organization’s security posture.

Of course, this is a high-level view of how to start addressing cybersecurity complexity but categorizing and knowing what the organization has can really help in visualizing a clearer picture of cybersecurity in the enterprise and make the path forward seem better defined and realistically achievable.

Enjoy Black Hat!

Straight Talk is a weekly briefing from the desk of the Chief Research Officer. To receive this newsletter by email, please contact us.

Recommended Articles