On Monday, November 12, we will be gathering a congress of security executives to the first annual Executive Summit Series before the activities in and around OSAC week. We will be discussing the threat landscape to their organizations which includes internal risks around their people, process and tools.
We just returned from GSX 2018 in Las Vegas. We thought we would share our thoughts with you before we get together so we can season our discussions at the Summit accordingly.
Founded in 1955, ASIS International is a global community of security vendors and practitioners, each of whom has a role in the protection of assets - people, property, and information. ASIS is working at changing its conference and exhibit approach by renaming it’s conference ‘GSX’. As an organization whose membership of vendors to security practitioners is now nearly 3 to 1, they have appropriately focused GSX on technologies that can create significant changes to the channel that brings security products and services to the marketplace.
Many of these products and services have the potential of revolutionizing the efficiency, effectiveness and quality of security programs in the end-user environment. Success will be determined by the technology manufacturers moving from the Field of Dreams mentality of “build it and they will come” to one that is focused on understanding the end-user environment. Their product solutions musts assist security executives in managing an environment of risk, compliance and regulatory requirements as well as meshing well with the culture of the enterprise. Just as important, they must be designed to morph to address changes in the current and emerging environment in which the enterprise operates without having to constantly replace or add onto systems.
Similarly, the integrator community must be able to address all the same solution criteria as manufacturers. With one significant difference. They must be true advisors on how data is collected, organized, managed and reported. This is critical to the mandate the risk, resilience and security executives have from the C-Suite: To effectively and efficiently manage the enterprises risks, regulatory and compliance environment and coherently and cogently provide guidance to the executive leadership of the company. This will demand organizational and cultural intelligence from the future leaders of security. As things stand today, it is questionable if integrators are prepared to be advisors in this critical area.
As well, integrators are challenged in aggregating data from their clients to provide strategic advisory and consulting which would result in creating a business case. Security executives needs this level of support to assist them in gaining internal approvals and funding for these vital efforts.
Finally, the end users must become better versed in the changes taking place in the security solutions environment, particularly when they are integrating network-enabled security hardware onto the enterprise network. End users who do not fully grasp the risks of security flaws and vulnerabilities in network-enabled security devices may well find themselves out of a job when a devastating breach is traced back to a piece of network-enabled security hardware they installed on the network.
A new business model must emerge to make these things happen. Perhaps we might hear from some or all of you what that might be at the Executive Summit Series.