When reporters asked Willie Sutton, one of America’s most prolific bank robbers, why he robbed banks, his response instantly became legend: “Because that’s where the money is.”
This story is quite likely apocryphal, but remains ensconced in our cultural memory because of its unremitting logic. Of course, the logical targets of modern bad actors aren’t bank vaults, but the IT infrastructure and proprietary data of financial institutions.
As these IT and data assets continue to get more distributed and complex, managing information security has become one of the paramount concerns of financial organizations, regulators and governments.
Unfortunately, there simply aren’t enough cybersecurity specialists to go around. A 2013 Burning Glass Technologies report shows that demand for cybersecurity professionals has risen more than three times faster in the past five years than the demand for other types of IT professionals.
At the same time, the threat environment has become increasingly dangerous, with nation-state and organized crime actors joining cyber-criminals and hacktivists in deploying very sophisticated malware tools and strategies.
We are, in effect, increasing the number of bank vaults, facing more and better-equipped adversaries while running out of cops on the beat. Is it any wonder some organizations feel like they’re living in the new Wild West?
However, by leveraging managed security services providers that specialize in “security-as-a-service” – services delivered as a cloud-based SaaS model – financial services organizations can benefit from security controls that can cost-effectively augment the dedicated infrastructure they already have in place.
True to the cloud paradigm, this model lets security be scaled up or down, on a subscription basis, across various service elements – depending on the service provider’s delivery model. This means one firm could outsource basic management of firewalls, intrusion detection and prevention measures, while another enlists the same third-party for encryption services, vulnerability scanning and other advanced mitigation solutions.
These services are extremely cost-effective, and require little or no capex, enabling firms to build a multilayer security envelope around critical IT assets in a way that would have previously been cost prohibitive.
If leading cybersecurity professionals are worried about the lack of security experts and the threat of malicious software, then financial firms need to think seriously about new approaches to security.
Managed security services, along with newer security-as-as-service delivery models, can free resources from many security-intensive tasks, giving firms more time to focus on the ways technology can differentiate and grow their businesses.