Had my first visit to The Gherkin recently at a “mini” Netevents security briefing in London.
I can certainly recommend the brioche-bun bacon butties with a view of the London rain from the 38th floor. What was different about this Netevents is that we had real people there – i.e. not just tech IT pro’s but guys who actually have to work directly with people and make stuff work. It always makes it more interesting when you get to hear from the coal face (I was there in the 80s, I know what it’s like). Not least Brian Lord, who formerly had the simple task of running GCHQs security but now fronts an independent consultancy, PGI – so he’s still at the sharp end.
One of the realistic messages to come out of the briefings was that what is key is not how you’re protecting your crown jewels, but which crown jewels you should be protecting. In other words – what’s the one thing you would rescue from a burning building that would cost you your business/life? For many industries – retail, transport, manufacturing, banking etc – that answer is obvious – customer data. Have that breached and you could be accountable for billions. Throw in the casual “fact” that only about 20% of investment in IT security is actually put to use, and you do wonder why so many start-up vendors in this sector still focus on how their tech protects and not what it is actually protecting in the first place.
Not that this is a new message, but it’s one the start-up vendors especially need to take seriously. For every one that makes headline news with a $$$$ dollar acquisition, many others quietly fade away and die. At the end of his panel debate, Brian asked “what will we be talking about in cyber security in five years’ time?” Methinks, exactly what we were talking about in the Gherkin, since that’s what we were talking about five years previously… But then that’s IT – it is cyclical. It keeps people in jobs, just like manufacturing new and totally unnecessary features in cars, to lure people to trade in a perfectly usable vehicle, to spend money on features they don’t need. Mind you, my parents used to do the same thing with their three-piece suites; and they were all still made out of dralon…
One of Brian’s key focus areas – unsurprisingly – is government; the biggest cyber target of all. So why is the UK government spending its entire time not working out Brexit backstops instead of protecting its eBorders – discuss! Maybe we should all invest in cyber criminals -)))
The final clear point from the excellent discussions was that – still – security is not aligned with the business process. Back to the car analogy – it’s like having your garage a mile away from the house. OK, so in Dartmouth that’s normal but… I’ve been doing some background work with an old IT buddy, Roger Green, on this very subject. It’s simple enough – strategy comes before technology. Just when are companies actually going to adapt this approach? I guess we’ll be talking about that five years from now…