What It Will Really Take to Build Trust in Security Companies

Wednesday, September 28, 2016

Ori Eisen


Why haven't we figured it out yet?

Cyber attacks are now so frequent that they border on uninteresting. And as attacks have increased in the past few years, so has the number of security startups claiming to tackle the problem. But isn’t this direct relationship between the number of cybercrime incidents and the number of tools to stop them counterintuitive? Are these companies really providing a solution, or have they just been capitalizing on a booming market?

The sad fact is that security companies only have solutions that address pieces of the massive problem and many only provide value after a breach has taken place. They have yet to find a way to truly solve the full scope of the problem and earn and retain customers’—and ultimately consumers’—full trust. Even with industry jargon and all promises of unmatched security, security vendors are at a crossroads where they’re unable to put their money where their mouth is because they’re just not confident enough in their own solutions. As the security market turns to a Darwinian climate, we need to find the diamonds in the rough of a noisy market and find solutions that will actually solve the problems companies face every day. The most effective way for companies to prove their worth is by standing behind their product and insuring its results. It’s time to shake up the security industry and increase accountability in order to truly make the digital world a safer place.

Today’s Security Market

Security, like most other traditional infrastructure systems, is fast becoming outdated as computing becomes decentralized, even extending to remote and mobile users across the globe. Traditional defenses no longer work as hackers long ago outsmarted them, creating a constant cat and mouse chase for the industry to catch up with the criminals. Further, this lag in security is exacerbated by a convergence of new forces like the Internet of Things and the big data explosion. Now, human behavior, especially in the workplace, is immersed in technology, leaving CISOs to scramble to address existent problems as well as newly introduced risks.

Vendors have tapped into this notion and jumped on each passing trend that causes CISOs to wring their hands in frustration. And in their panic, CISOs are biting, buying into the promise of specialized cloud security or next-generation “X” without knowing how well the solutions will perform due to their own novelty as well as that of the threats. This perceived traction in the market also prompts investors to buy in. So continues the chain of adoption and investment, with no clear delineation of practical value—critical in a time where even giants armed with the best solutions continue to fall victim to attacks. Building trust in this environment is nearly impossible.

Product Over Trends

Despite the myriad of claims — “leader of X” or “unique solution Y”— that are muddying the waters of the security market, there are diamonds in the rough, security companies truly solving the problems businesses and individuals face every day. How can these solution providers stand out? Where can trust be instilled?

Avoiding the trend label should be the first step. Worrying too much about “keeping up” with the competition, or about not sounding the same or better is a waste of time. Instead, security companies should focus on their strengths and highlight the functionality and effectiveness of their platforms and solutions. Results are what matter, not claims that are simply meant to instigate interest.

Trust Amid the Noise

This brings us to the idea of insurance, it is not enough for a vendor to tell consumers they are the best; third party validation is required to cut through the noise and prove what solutions can actually hold water. Security companies need to prove their efficacy and have some skin in the game themselves. Most large organizations have some form of cyber insurance from third party insurers, but this insurance only has value after a breach. Companies need a solution strong enough to prevent losses in the first place. We need security solutions so powerful that a third-party insurer is confident enough to back the companies’ assertions of unmatched protection.

The topic may be taboo, as time and again we see that 100 percent security is often impossible. But security guarantees are the ultimate differentiator. If a company trusts their own product to not fail, the customer can too—with this level of trust ultimately reaching the average person. It’s a win-win-win. 

Possibly Related Articles:
General Enterprise Security Breaches
Cyber Insurance cyber attack security guarantees security defenses
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.