How the Skills Shortage Is Killing Defense in Depth
It used to be easy to sell specialized security gizmos but these days when a point product gets pitched to a CSO, the response is likely “looks nifty, but I don’t have the staff to deploy it.”
You would think that this is the perfect time to be a security vendor. Humiliating breaches lurk around every corner. Denial of service attacks grow ever larger. Bedrock platforms turn out to have (shell)shocking holes. The media love the scent of blood in the water and they keep the papers black, white, and red. It is boom times for security vendors. So what is there to complain about?
We’re going to have to change the way we sell security, that’s what.
Since 2010, security vendors have been developing ever more impressive, but specialized, security gizmos. It used to be easy to sell targeted security products because every gizmo would get air cover from the concept of defense in depth. Conceived of by the military prior to the digital age, defense in depth is the idea that more layers of defense equal a stronger security posture. For vendors, defense in depth meant it was all right if their gizmo didn’t offer wide protection because some other vendor’s gizmos would plug the holes. Forrester analyst Rick Holland called this philosophy “Expense in Depth - the multilayered approach to ensuring minimal return on investment.”