How well are you serving the people you serve?
In a recent Akimbo podcast, Seth Godin asks four core marketing questions that I think apply to cybersecurity.
1. Who do we serve?
I believe that in cybersecurity, we serve three different masters:
"The Customer" - is ultimately who we are trying to protect. She funds our business.
"The Business" - signs our paychecks. Everything they do is supposedly for the customer.
"The Regulators" - keep us honest. They set the standards we have to apply to the technology The Business uses to serve The Customer.
We have a relationship with all three of these masters, and we have to earn their trust and stay in their good graces in order to be effective.
2. What do the people we serve need?
It isn't your father's IT anymore. Technology is moving to an "as a service" model. Microservices, chatbots, automation, The Cloud, mobile, wireless, collaboration. This raises a lot of red flags to those of us who grew up defending systems with clearly defined boundaries. The Business demands innovative solutions because The Customer demands it. And the competition is scratching their itch. And new competitors, new disruptions, are cropping up every day. The people we serve want to be served in a different way, and if we don't do it, someone else will. We have to adapt in order to survive. And we have to do it in a secure, accountable manner.
It isn't your father's IT anymore. Technology is moving to an "as a service" model. Microservices, chatbots, automation, The Cloud, mobile, wireless, collaboration. This raises a lot of red flags to those of us who grew up defending systems with clearly defined boundaries. The Business demands innovative solutions because The Customer demands it. And the competition is scratching their itch. And new competitors, new disruptions, are cropping up every day. The people we serve want to be served in a different way, and if we don't do it, someone else will. We have to adapt in order to survive. And we have to do it in a secure, accountable manner.
3. What do we own?
What assets do we already have? How can we adapt them to serve our people's new needs? Can we retool our existing systems? More important, can we reimagine the way we use our monitoring, our firewalls, our intrusion detection, our access and identity management, our logs? Are there new security capabilities in the very disruptive technology that The Business wants to use to serve The Customer? How can we leverage what we already have to scratch the new itch in a secure way?
4. What do we know?
How can we tweak what we already know to adapt to our people's new needs? How do we apply our knowledge of defense in depth, of best practices, of monitoring and incident response to maintain our relevance, and more important, our customers' trust?
Our customers' needs, the technology to provide services, as well as our requirements, are changing faster than ever. How well are you serving the people you serve?
No comments:
Post a Comment