Businesses are spending more money than ever on cybersecurity technology to protect their infrastructure and data. Spending money on security doesn’t equate to being secure.
To put it into perspective, businesses spend an average of over $115 USD per user on security software, hardware and services, yet nearly 30% of security investment goes underutilized or is never implemented. Small businesses, those with less than 1,000 users, are impacted more, with an average spending of $157 per user, yet the same underutilization concern still exists.
These are eye popping numbers which really underscores how much purchased software is sitting on the shelf and not being used. CEOs, CISOs and board members have taken notice. Cybersecurity is now just as important in the boardroom as the bottom line. The financial, reputational and career-ending risk of a catastrophic security breach is such a high-profile problem that many more business leaders are putting emphasis on security. No one wants their company to be the next Marriott or CapitalOne (from a data breach perspective). Budgets are being allocated and money is being spent, but a large part of that security investment is still sitting around doing nothing—it’s unimplemented shelfware. The fact that the decision has been made and the money spent, regardless of implementation, leads to a false sense of security, further exacerbating the problem and more importantly, the risk.
As you’re reading this, you’re probably looking over at your white board thinking “Yeah, we still have to implement that”. Trust me, you’re not alone.
So why are security solutions sitting around, collecting dust?
IT departments are just too busy to properly implement what has been purchased and compliance and audit activities seem to take precedence over risk management. Compounded with revenue generating tasks and the day to day grind of keeping the business running, it becomes difficult to make the time to start a new project. This is followed closely by not having enough staff available and not understanding the purchased software well enough.
Interestingly enough, the least contributing factor to not getting security properly implemented is the IT staff not understanding the security challenges they face. On the contrary, IT understands the security challenges and threats to the organization very well, they just lack the executive sponsorship to make the time and aren’t provided the resources to implement them. To add to the resource problem, the cybersecurity talent gap is currently at an all-time high, with a predicted gap of over 2 million unfilled jobs by 2022.
So how do you solve the problem? Plan for Professional Services
Most organizations are very budget conscious when it comes to acquiring any new technology. One way to avoid the shelfware problem is request your vendor include professional services with any new purchase. This will not only ensure your new solution is deployed properly and securely and your staff trained appropriately, but will reduce the time to value for your new purchase. A vendor’s professional services or solutions delivery group can ensure security technologies are properly installed, monitored and maintained throughout their lifecycle.
XYPRO’s Solutions Delivery Team is regularly brought in by Fortune 500 companies to perform security assessments of mission critical, HPE NonStop server environments. Our XYPRO Solutions Delivery team ensures XYGATE security products such as Merged Audit and User Authentication, which are standard on all HPE NonStop servers, are properly configured and deployed to ensure your organization is receiving maximum value from them. Whether those needs are auditing, compliance, monitoring, or help with your overall security initiative, XYPRO’s Solutions Delivery Team is an invaluable partner to protect your business and the investment you’ve made in security.
And that can help everyone sleep better at night.
Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is a Member of the Forbes Technology Council, on the NonStop Under 40 executive board and part of the ANSI X9 Security Standards Committee. With over 20 years in the cybersecurity field, Steve is responsible for strategy and innovation of XYPRO’s security product line as well as overseeing XYPRO’s risk, compliance and security to ensure the best experience to customers in the Mission-Critical computing marketplace. Steve is an engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world.