Simple Logic
It's about quality
If we were to break security down to it's simplest form, in a way we haven't seen the security industry do, it's this: Security is fundamentally about quality, not risk.
Risk occurs because of vulnerabilities that can be exploited. But what causes the vulnerabilities? Defects. Quality defects.
Defects in code, applications, architecture, configuration, build, lifecycle management, process, culture, organisational structure, behaviours, etc. This is what leads to the technical (and process) issues that make us vulnerable.
If you're a company selling solutions to mitigate the ever-increasing risks caused by these defects, then ignoring their cause is obviously very profitable. But if you're a business that just wants to operate, ideally with as few costs and disruptions as possible, it really isn't.
Holistic, not technical
The presence of security solutions isn't what dictates whether a company gets breached. It isn't what makes it secure.
In virtually all cases breaches occur due to poor process or a lack of IT maturity. In fact, organisations with mature IT and relatively little security spending are at least 6 times less likely to be breached than those investing heavily in security but lacking IT maturity.
Those organisations tend to perform significantly better as well due to better IT capabilities and agility. But many organisations struggle with this, and are unaware of the costs incurred.
Solving these issues means understanding where issues and costs come from, defining what good looks like for every part of the business, and creating organisational and incentive structures that allow the organisation to move in the right direction on its own - while establishing ratcheting mechanisms that stop entropy.
Astute IT and security organisations know where they need to be, but their efforts are akin to pushing a boulder up a ramp. We take a more holistic approach, helping flip the ramp itself so the boulder not only starts rolling in the right direction, but picks up speed as it does and can never roll back.
Sequoia Consulting and Advisory Ltd, Company Number 15406222, registered at 2nd floor, College House, 17 King Edwards Rd, Ruislip, London, UK, HA4 7AE, under the laws of England and Wales. Click here for our privacy policy.