The Fallacy of the Security No-Man’s Land

Mike Rothman of Dark Reading wrote an interesting piece, which Bruce Schneier echoed last week, arguing that security vendors are focused on the top 1,000 enterprises, leaving the meager mid-sized businesses that live beneath the Security Poverty Line to fend for themselves.  Rothman:

“These folks have a couple hundred to a couple thousand employees. That’s big enough to have real data interesting to attackers, but not big enough to have a dedicated security staff and the resources they need to really protect anything.”

I feel this argument is a tad overstated.  Think about what the No-Man’s Land theory says about the business models of security vendors—that they’re collectively and deliberately ignoring an entire forest full of deer and rabbits with hopes of nabbing a few elephants?  Sounds like a surefire way to starve to death.  (My apologies, vegetarians.)

Rothman really nails it on the head here, though:

“What folks in security no-man’s land need most of all is a security program. They need an adviser to guide them through the program. They need someone to help them prioritize what they need to do right now. ”

YES!  This is the secret sauce. But what makes this exclusive to large enterprises?  Despite not having bespoke security, it’s hard to excuse mid-market companies that don’t go after the low-hanging fruit (sorry, carnivores).

Rothman continues:

“They don’t want or need someone to do everything for them. And they certainly don’t need a shiny object to stop the attack du jour. “

The “blocking and tackling” Rothman calls for something every organization can start doing—large or small.  For unstructured data, Varonis has an entire blog series detailing precisely how companies can implement a security action plan, and Varonis will custom-tailor every step around the resources available.

By focusing on the fundamentals, we’ve seen some mid-market businesses with a few ultra-bright security and operations folks implement more comprehensive and successful IT security programs than Fortune 100s with ostensibly limitless budget and staff.


3 thoughts on “The Fallacy of the Security No-Man’s Land

  1. I wish to show my appreciation to this writer for bailing me out of such
    a crisis. After searching throughout the search engines and
    meeting proposals which are not powerful, I figured my entire life was done.
    Being alive devoid of the solutions to the problems you
    have resolved all through your entire article content is a critical case,
    as well as those that would have in a wrong way affected my
    entire career if I hadn’t encountered your web site. Your talents and kindness in taking care of almost everything was valuable. I don’t know what
    I would’ve done if I hadn’t come across such a subject
    like this. I am able to at this point look forward to my future.
    Thanks for your time very much for this impressive and sensible guide.
    I won’t think twice to propose your web site to anyone who needs and wants guidelines on this situation.

  2. Does your blog have a contact page? I’m having a tough time locating it but, I’d like to send you an
    email. I’ve got some creative ideas for your blog you might be interested in hearing. Either way, great website and I look forward to seeing it expand over time.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s