Rethinking Enterprise Security for the Era of Ecosystems Patrick Coughlin
Today’s successful enterprise operates within an ecosystem of data flowing across teams, tools, peers, partners and sometimes even competitors. The onus of defending and protecting sensitive data, which used to be in the purview of 3-letter government agencies, is now a prerequisite for the modern enterprise in the Era of Ecosystems. The private sector CISO has become the general and the ranks of cyber defenders are no longer confined to the Security Operations Center. As the enterprise grapples with this new security environment, we cannot blindly build bigger walls that silo the valuable data we need to protect ourselves and our businesses.
In an Effort to Do Good We’ve Created a Mess
2018 marked the peak for venture capital investment in cybersecurity companies. According to Strategic Cyber Ventures, more than $5.3 billion was funneled into companies focused on protecting networks, systems, and data. That’s up from 20 percent — $4.4 billion — from 2017, and up nearly double from 2016.
As the attacks have proliferated, the stakes have increased. With funding pouring in, solutions have multiplied.
Whether you’re an operator, investor, or a buyer, the security hype cycle can be exhausting and confusing. Every year, it all seems to get more complex as the old problems persist and new ones emerge. And, we’re all left to wait for the industry oracles to unleash their magic on new Quadrants and Waves so we can believe we’re making progress…or at least sense.
Building Convergence Culture in the Enterprise
Last month, I heard a CISO vent to a room full of other CISOs, “When will vendors recognize that they’re just a feature in my ecosystem – tell me how you’re going to integrate, instead of trying to tell me you’re going to finally be my one single pane of glass.”
As we move into a new decade, we as security and product leaders must challenge our teams to think about the technology we’re building in a more extensible way. We have to lead with interoperability.
This means opening up APIs, redefining the edge of the user interface to include all tools that leverage insights from your product, designing permissions systems that scale for collaboration, and considering new business models beyond the ‘user seat’.
Of course, we’ll need to continue to push the boundaries of new technologies and trends in innovation, but no matter how advanced our machine-learning detection algorithms become, they are useless if they can’t punch through silos across enterprise teams and tools. We cannot have data privacy or data security without interoperability and sovereignty.
DevGuild Enterprise Security: Taking an Ecosystem Mindset
On November 14, 2019, Heavybit hosted DevGuild: Enterprise Security event here in San Francisco. As the name DevGuild implies, Heavybit has a history of convening technical communities to drive new ways of thinking, building and leading in this technical age. At TruSTAR, we are looking forward to learning from the speakers and meeting the other security vendors as potential partners not competitors. This community-driven, collaborative approach is the only way we can defend better together in the era of ecosystems.
_Ed. Note: _We’ll be publishing recordings of all of our DevGuild talks soon. Subscribe for updates and we’ll let you know when they’re available. In the meantime, check out other security content in the Heavybit library.
Patrick is co-founder and CEO of TruSTAR. TruSTAR is an intelligence management and fusion platform used by enterprises across healthcare, financial services, and technology industries.