Like many of you, I have been highly focused on end-of-year budgeting and planning leading into January 2017. One of our core values is to hold a Strategic Action Planning (SAP) team meeting every year. I choose the leaders who will be at the table by determining their influence on our culture. Title is not as important as adherence to our values and our core operating processes that ultimately fulfill the expectation of value to our partners and clients.
One of the anticipated agenda items of our SAP is the “Mind of the Market.” We have a consultant compile a snapshot of the emerging trends within our ecosystem including the opportunities, challenges and risk of the C-Suite within our clients. Starting with this overall view of the business we then look at the behaviors of the vendors within the marketplace including consultants, integrators and technology vendors (manufacturers). Are they helping to address these opportunities, challenges and risks? If so, how?
Why is this necessary? Because we live in an evolving security business landscape. Without having a core discipline around innovation and change, we will be slow to adapt. Given this, a new definition of ‘‘trusted advisor’’ is needed; one that can help the client see the reality of their situation. This would include identifying the waste and the opportunity as well as the strategic imperatives that will create value for the organization.
I want to share with you what we shared with our team.
The CEO wants a strategic dashboard around risk and a highly optimized and leveraged program for its mitigation that creates competitive advantage.
The security executives now live in a sensor-driven world. Some call it IoT; the Internet of Things or, in some cases, the Internet of Everything. The bottom line: we can capture information through these sensors, but someone must be able to create a model for how that data gets translated into actionable intelligence.
The security sensors must be protected from a breach. We call this the security of security. This must include a response from the entire value chain starting with the manufacturer of the device, and the integration and support of that device to keep it from becoming a liability. There is no business model for this, but there is a cost and risk for not having one.
The outsourcing of infrastructure, analytics and knowledge to optimize the security program and, more importantly, allow it to invest in advanced threat analysis and resilience. We call this managed services. And it is much more than a hosted application in the cloud.
The convergence of the vendor ecosystem through security risk management services (SRMS) creating a new category of service provider.
These imperatives must be turned into working groups that will include internal and external stakeholders. What we do know, is that enterprise security executives do not need products or integration. They need actionable measurable outcomes based on their imperatives. They need to be confident that there is a methodology to advance these outcomes based on a path to value and key performance indicators (KPIs). These can be turned into service level agreements so that the SRMS vendor is aligned with the organization’s imperatives. This is a new model, anchored by outcomes that are not being achieved today. Welcome to 2017!