In this blog series, I’ve been asking why security has proved to be such an intractable problem for businesses, and what they can do to improve their cybersecurity strategies. Today, I want to take a closer look at a core problem for CISOs: the proliferation of security solutions within the enterprise—a flourishing of piecemeal solutions, which are largely failing to have the desired effect.
Plastering the cracks
Today’s cybersecurity market is highly fragmented; characterised by a wide range of companies offering point solutions to specific security challenges. Businesses are buying more and more of these tools in the mistaken belief that they are improving their security. In fact, despite the modern CISO now having to contend with somewhere in the region of 55 discreet security tool, many organisations are still suffering around three significant security breaches each month.
Point solutions are great for securing applications at the enterprise level, but they can’t protect against all potential threats: they can only ever guard against the threats they were designed to combat. Ultimately, point solutions offer a piecemeal approach that simply can’t cope with the huge number of serious attacks companies now endure. I’ve likened it to trying to repair cracks in a dam with sticking plasters—eventually that dam is going to burst.
At Accenture, we believe that consolidation holds the answer. In the same way that Enterprise Resource Planning tools consolidated various point solutions for applications such as financials, performance management etc., so now do we need consolidated and holistic security tools that can provide CISOs complete control over the security capabilities needed to protect their business’ most important assets. Accenture is currently working alongside our technology vendor partners to achieve just such a consolidated cybersecurity tool; one which protects the organisation’s most important assets from the inside out—and safeguards the enterprise across the entire industry value chain.
Outcomes-focused, high-performance security
A holistic approach to security strategy requires company executives to think differently. Most importantly, executives must start focusing security around business objectives; protecting the business model, for example, or preventing specific financial loses. Business leaders need to understand higher levels of security performance and what they can do to ensure they’ve taken the proper steps to secure the organisation. This is a measurable, outcomes-driven approach to high-performance security that will enable businesses to drive growth while protecting the organisation, partner ecosystem and customers.
Defining high-performance security is no easy task. Measuring successful security outcomes, such as a reduction in breaches or fraud, is simple enough, but defining high-performance objectively requires a much broader view of capabilities. In my next blog, I’ll address this challenge and provide some practical advice on how you can start building your own holistic security strategy.
For more information on the topic, please download our new report: The Accenture Security Index.