One Article Review
| Source |  SecurityWeek |
|---|---|
| Identifiant | 547896 |
| Date de publication | 2018-03-28 15:31:02 (vue: 2018-03-28 18:00:59) |
| Titre | Risky Business: The Fifth Element |
| Texte | Last month, I talked about the elegant beauty in offloading parts of your risk portfolio in four distinct ways. The logic is to streamline the company's mitigation efforts and allow you to focus more time and investment where it matters most-on the unique risks inherent to the business. But there is a fifth element, and it is going to be in your future. While security-as-a-service for functions like WAF and DDoS protection are well-established, they are just the beginning of a new industry that is emerging around consumption-based security models. To a certain extent, security in the future is going to be Uberized, and for some situations, you may be able to get rid of your car entirely. No insurance. No maintenance. No hassles with parking. And you won't even have to wash it or vacuum crumbs out of the seat cracks. That is to say, you won't hire a company just for DDoS and WAF. You'll hire a company for IDaaS, IPS, encryption/decryption, SSL orchestration, governance, risk and compliance (GRC). And over time, you'll dial in your use of these services. Spin them up when they're needed most. Ratchet them back when they're not in demand. Pay only for what you use. This is a strategic way to contain costs as you may only fully use your GRC service when it's time for an audit, enabling the company to increase its capacity without having a consulting service on site. All of this will dramatically change how CISOs function and how their teams are structured. Instead of hiring dozens of people to build and maintain multiple systems, CISOs will shift to focus on the data that powers the business and how it flows through and interacts with these outsourced relationships. And yes, I am going so far as to say this shift is inevitable, because it's being driven by some pretty clear economic pressures: Talent scarcity It's well-known that there are a lot of open job reqs in cybersecurity. I mean a lot-more than a million today. And according to Center for Cyber Safety and Education's 2017 Global Information Security Workforce Study, there may be as many as 1.8 million open jobs in the field by 2022. In this market, finding the right person can take months. You either have to poach them from another company or develop them yourself. Development means trial by fire. I don't know about you, but I don't want trial by fire. And if you do steal a great hire from another company, the cost-benefit analysis is such that you're basically being driven to a vendor anyway, simply because the salary pressure makes it more cost-effective. There are also specific areas of |
| Envoyé | Oui |
| Condensat | 2010 2018 ago air align analyst april architect architectures assets audits automation bay beauty before began building built business business: businessuser career certifications cisa cism ciso cissp columns company complementary compliance conference contradictory crisc current currently cyber demand designing director element elementrisky enabling enhanced evangelist experience fifth force forum governance grc half has hogue hogue:risky holds ics industry information infrastructure insertbefore insights integration joined joining links management manager marketing media moon need network networks not oct operational opsec oriented out parentnode part performing planrisky preston previous previously product professional proven provider record register responsible risk risky security served serves service should simplified singapore social specializing sponsored ssoa system systems tags: team track transfer treatment tweet understand usa when where why worldwide years your |
| Tags | |
| Stories | Uber |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.