Cisco’s 2021 Security Outcomes Study is rich in insights.
“What appears to be a strong correlation between continually upgrading your tech and program success may spell bad news for organizations that use technology like furniture – meaning it sticks around until it breaks. This indicates that “newer is better” isn’t just a lifestyle choice spawned from Silicon Valley.”
If you expect to get a lot of self-interested, promotional plot points from Cisco, prepare to be pleasantly surprised.
I plan to highlight a conclusion I never would have anticipated landing at number one: A proactive, best-of-breed tech refresh strategy allows you to keep up with business growth.
The goal is to provide you with unbiased research that will help you better prioritize spending as it relates to your IT and security infrastructure. We also hope to create more peace of mind around the way businesses view projects.
While the 39-page whitepaper is definitely worth a closer look (link at the end), I will focus on the top four security practices that most strongly correlate with (1) overall security program success and (2) enabling the business.
The following exhibit identifies the scope of the study and underscores the objectivity of the conclusions.
1 - Proactive Tech Refresh
Upgrading your hardware, software, and cloud solutions in strict accordance with The Technology Lifecycle is the best thing you can do to keep up with business growth.
This includes servers (if you’re not fully committed to the cloud), firewalls, email security and protection, advanced threat protection (ATP), security information and event management (SIEM), SaaS apps, desktops, laptops, cameras, switches, backup appliances, and WiFi.
Keeping everything up to date brings two other second and third place benefits: meeting compliance regulations and running cost-effectively.
2 - Well-Integrated Tech
No matter how streamlined and simplified your IT footprint becomes over time, tying it all together is a challenge.
The worldwide exodus to the cloud gives a lot of people the false sense that software and hardware-related headaches are gone forever. They aren’t. The integrations are simply offloaded to unrelated third parties in various data centers.
What happens behind the scenes is of no concern to end users as long as they have access to everything they need to do their jobs.
Whether you’re a large enterprise with an in-house IT security team or a smaller one with an MSP, robust tools and resources are needed to bring structure and coherence to your systems.
Doing so will help you in three ways: retaining security talent, creating a security culture, and running cost-effectively.
3 - Timely Incident Response
The top outcomes associated with this category are minimizing unplanned work and running cost-effectively.
As the previous owner of a used 2002 Lexus LS 300 (not certified pre-owned), I can’t help but incorporate a car analogy.
I spent countless hours out of commission waiting for tow trucks, rescheduling appointments, and working remotely in dealership lobbies when cloud services were a lot less developed than they are today.
That horrible “luxury” car cost me an extra $17,000.00 over a seven-year period and none of the breakdowns were related to accidents. All malfunctions were internal. I can only imagine how that rickety vehicle may have negotiated a traffic collision.
In this day and age, “accidents” appear in the form of viruses, phishing attacks, malware infections, and ransomware.
Is your business equipment up for the challenge? If you’re only sputtering along, it will be a lot harder to respond to security threats in a timely manner.
4 - Prompt Disaster Recovery
It’s not what happens. It’s what happens after “what” happens. When you get this piece of the equation right, you check the following three boxes: managing top risks, retaining security talent, and running cost-effectively.
A quick word on retaining security talent. If your in-house IT team is not empowered (and funded) with the tools to pivot in emergency conditions, they not only fail you but these in-demand specialists also get frustrated and seek career advancement elsewhere.
Similarly, if your MSP is unable to help you briefly weather and quickly recover (because they either lack the expertise or can’t move you to approve security program upgrades), at the very least, you’ll be looking for a new vendor.
The Cisco study is much more comprehensive than what I have highlighted today. I really latched onto their revelations about “cost-effective” equipment refreshes, especially since the scope is way beyond Cisco products. Every piece of technology in your digital estate affects security.
The full report examines 25 security practices and plots their effects on eleven different outcomes.
Learn More: The 2021 Security Outcomes Study
It also includes some interesting data related to the NIST Cybersecurity Framework (CSF). CSF is based on five functions: Identify, Protect, Detect, Respond, and Recover.
This seems counterintuitive since the long-standing historical narrative promotes architecting airtight, impenetrable systems. Protection is definitely important. However, it must be part of a well-rounded strategy that incorporates other defenses.
The ProviDyn team has decades of experience, and we look forward to helping you fuel business growth.
If you enjoyed this article, you may also like some of the related content in our free eBook.