Enterprises Must Bake “Contextualization” into Their IT Security Strategies | Sherpas in Blue Shirts
Given the rapid uptake of digital technologies, proliferation in digital touchpoints, and consumerization of IT, traditional enterprise security strategies have become obsolete. And challenges such as security technology proliferation, limited user/customer awareness, and lack of skills/talent are making the enterprise security journey increasingly complex.
Against that backdrop, the key thrust of our just released IT Security Services – Market Trends and Services PEAK Matrix™ Assessment 2019 is that the conventional, cookie cutter best practices prescribed by service providers no longer cut it. Indeed, we subtitled this new assessment “Enterprise Security Journeys and Snowflakes – Both Unique and Like No Other!” because the complexities of today’s technological and business landscape are forcing enterprises to use a much more guided and contextualized approach toward securing their IT estates.
What does this mean? To achieve success, enterprise IT security strategies must focus on three discrete, yet intertwined, levers.
Enterprise-specific Business Dynamics
In order to prioritize their investments in next-generation IT security, every enterprise needs to understand which assets it considers its crown jewels, how the business – and its security investments – will scale, and how to best mitigate risk within budgetary constraints. For example, a traditional BFS enterprise has far different endpoint security needs than does a digital-born bank.
Enterprises must also determine how delivery of superior customer and user experiences and exceptional security can co-exist. For example, a BFS enterprise’s introduction of an innovative new payments service backed by multi-factor authentication must operate without degrading the customer experience with delays.
Enterprises need to take an industry-specific, value chain-led view of IT security that ensures optimal budget control without compromising the overall security posture.
For example, BFS firms must invest in security measures that protect their transaction processing and control/compliance capabilities. And building security controls for user access management, introducing behavioral biometrics into an integrated authentication process, and developing identity controls for anti-money laundering compliance are essential safeguards for sustainable competitive advantage.
Stringent regulatory environments (such as GDPR for customer data protection in Europe, PCI DSS for payments in the U.S., HL7 for international standards for transfer of clinical and administrative data between applications) and geography-specific nuances require a circumstantial approach to IT security. This means that geography-specific compliance around data protection, protectionist measures undertaken by the government, enterprises’ digital demand characteristics, and enterprises’ priorities in specific regions need to be taken into account. And global organizations must adhere to a well-defined strategic roadmap to address multiple variants of IT security standards across the globe.
For service providers, this essentially implies delivery of localized services in their focus geographies.
Taking a Phased Approach
While bolting-on IT security capabilities may lead to unnecessary – and valueless – sprawl, enterprises can avoid this challenge by investing in their IT security strategies in a phased manner, as outlined in the figure below.
To learn more about IT security contextualization, please see our latest report delves deeply into the important whys and hows of contextualizing IT security, and also provides assessments and detailed profiles of the 21 IT service providers featured in Everest Group’s IT Security Services PEAK Matrix™.
Feel free to reach out us to explore this further. We will be happy to hear your story, questions, concerns, and successes!