Securing your network is a challenging and ever-changing exercise. Adversaries constantly adapt and refine their attack methods and continue to find ways into many corporate networks, despite significant security investments and technological advancements. So, how do you find a security partner that can rise above the hype and deliver the outcomes you’re after?
An old mentor once challenged me to reconsider my pitch after I completed an overview of a solution and its features and functions. I felt I’d articulated the solution effectively, but I’d neglected to ask any questions about how it might fit the needs of the client’s organization. My mentor asked me, “So, what would I get if I bought 5 pounds of that solution?” Well, of course, the solution wasn’t sold by the pound, but his point was clear. All the effort describing the offering never translated into something meaningful to my client and, therefore, prompted him to consider a purchase. This important lesson in client-centricity has stuck with me over the years and is a constant reminder that value is more than just technology.
Find a partner who doesn’t just know their stuff but knows your stuff too
Partner relationships are critical as they help provide greater insights, visibility, education and direction around new threats in this dynamically changing security ‘playground’. Service providers are naturally pressured to outsell the competition and create offerings that address the changing threat landscape and differentiate themselves from their rivals.
But imagine you sit down with your service provider to discuss the next threat, market issue and the new hot technologies they’re selling. Terms like UEBA, XDR, SASE, SOAR and deception technology come up. They might deliver a solid pitch that thoroughly covers what their product or service can do and how it works. You’re certain that what they’re offering is incredibly smart – but there’s no clear articulation of why you need it and how it relates to what you’re trying to achieve as a business.
Furthermore, with what used to be a defined network perimeter now blurring, it’s likely you’re also making security investments to ensure that no new threats penetrate your network. Many businesses have made so many investments in this area that their IT and security teams are overwhelmed trying to coherently integrate these tools – potentially creating extra noise or increasing the chance of threats being missed.
If you’re unsure of what problem you’re trying to solve or what your precise needs are, a detailed consultative discussion is a good place to start. This will allow you to match the technology to both the problem and your desired outcome – and secure the correct level of investment.
Moreover, if you’re not explicit about the connection between your need and the new technology, it can lead to costly missteps both in terms of misplaced investment and business risk. A true partner should know your business intimately to ensure the right alignment of technologies and services that deliver outcomes without adding additional complexity to your security environment.
All you need is…
As mentioned, when engaging your partners, the discussion shouldn’t begin with the new technology but the outcomes you’re looking to achieve and a needs discovery. Needs include both organizational aspects (a company requirement to address a problem or opportunity) and functional considerations (operational processes or tasks – i.e., what you need to deploy the solution).
Here’s an example of how a purchase can result in an ineffective outcome if it’s based on technology alone: A CIO is working with their preferred partner on a largescale software deployment that was ‘needed’ across all the organization’s business units. The investment exceeded US$1 million but, because this cost was within budget, the CIO cut the check. But unbeknownst to him, it turned out that the partner would need an additional US$3 million in professional services fees to effectively roll out the solution. None of the business units had additional budget to pay for the professional services, so the software ended up on the shelf and was never leveraged. An expensive lesson indeed. What’s clear here is that the buyer’s desired outcomes were overlooked, and the focus was solely on the perceived attractiveness of the solution.
If quality time is spent working through the needs, outcomes, purchasing and deployment, you’re far more likely to be satisfied and see the return on investment you’re after. Furthermore, the chances are good that your partnership will emerge stronger than ever post-purchase.
Think five pounds
NTT has deep skills and experience in security technologies and services that allow us to help our clients protect their organizations from the consequences of a security breach. The outcome is a team effort delivered through close cooperation between our R&D, product, operations and customer service teams – and critically, a solid partnership with our clients that includes a detailed upfront discussion about their desired outcomes and key needs.
It’s great if your service provider is proud of their offering, but make sure you both have a clear and common understanding of the outcome. So, don’t be afraid to challenge them. Ask what you’ll get for five pounds.