Ask questions, reframe viewpoints, listen to people’s stories and create less friction. Those are some of the things organizations can do when trying to match security solutions with business outcomes, says Michael Santarcangelo, founder and president at Security Catalyst.
Organizations can avoid locking themselves into purchasing a security product with the goal that it will solve their problems by asking questions that are hard for vendors to answer, Santarcangelo told SC Media Editor in Chief Jill Aitoro during a CyberRisk Alliance virtual conference. “I like to ask a really simple question: What problem do you solve? And my follow-up question is: So what value do you create?”
The third question, “What is your impact,” has to do with friction, he explained. The reason companies tend to get a solution wrong is because they fail to ask how a product will make it easier for their employees to do their jobs in their current work environments.
Asking the question “How do people do their jobs” and defining the problem companies want to solve will lead to a lot of insights for the security industry, he said.
Click here to access the CyberRisk Alliance "Steamlining Network Security" virtual conference on demand.
Understanding the value the security industry brings to business is another challenge. The solutions industry is doing things today that it could only dream about in the 1990s because of improvements in compute power, storage and bandwidth, Santarcangelo said.
“What the industry has to get better at answering is, ‘How are we better?' because I’m sure we are.’”