Tech Rx- 6th Edition

The Power of Partnership in Enterprise IT

One of the things I’ve learned over 25 years in this industry is that some customers are looking for a partner and some aren’t. You could argue that those that aren’t looking for a partner don’t need one. They have all the expertise they need in house. They can evaluate solutions, develop strategies, do solution design, implement, and support everything all on their own. Certainly, those exist but in my experience that’s not normally what is happening.

Those organizations that either don’t want or feel they don’t need a partner, are of a particular mindset that prevents them from ever developing and experiencing the benefits of having trusted partners. Trusted is the key word here. The lack of trust mostly stems from the fact that they are certain that the partners are charging them too much or will, if given the opportunity.

Why Some Shy Away from Partnerships?

They are hyper focused on price - not the actual price of the solution but how much they think the partner is making. They see “partners” as simply middlemen whose soul intention is to gouge them. Their primary role then is to make sure this doesn’t happen - to try and get the absolute lowest possible price on everything they buy.

In the context of enterprise IT, this is a terrible approach. It is based on a fundamental misunderstanding of how enterprise IT products are priced and sold. It is an overly simplistic view where the vendor has the lowest price, and the partners simply mark it up. The reality is, vendors cannot cover every account they would like to sell to and using channel partners, lowers their cost of sale. This allows the vendor to share the profits with their partners. Channel partners don’t make money so much based on how much they charge the customer but based on how much the vendor is willing to share.

The Misconception of Direct Purchasing?

You might ask, well then why does the price seem to vary from partner to partner? The same reason different customers pay different amounts for the same products, even when buying direct. I assume everyone understands that everyone buying direct is not getting the same price. What may be less intuitive is that you can and often will pay more buying direct than you would buying through a partner.

So, what are the ramifications of working together when one side is always convinced that the other side is trying to pull a fast one, that they’re going to get ripped off?

The Price of Mistrust?

The main impact is that instead of working together, collaboratively to solve a problem, you get caught up in gamesmanship, misunderstandings and ultimately a very poor experience for everyone involved, to at best save a point or two on the price. If this resulted in better outcomes, it might be worth it but that is not my experience.

Because the parties don’t trust each other, communication is poor. Both end up keeping everything close to the vest, they withhold information, because they’re afraid it will give the other side an advantage. This little dance is repeated over and over again, both sides are frustrated, objectives are not achieved, and the customer becomes even more convinced that partners are terrible and add no value. Every year or two the old partner and often the vendor is kicked out and they start all over again.

The Successful Approach

On the other hand, the most successful enterprise organizations we work with tend to have several trusted partners, many of which they have been working with for a decade or more. What do I mean when I say they are successful?

The IT team consistently accomplishes their objectives on time and on budget. This leads to greater trust in that team within the organization. The user community has a better experience and business leadership develops confidence in the IT team. They trust them because they have a proven track record. This confidence leads to a willingness to take on more ambitious goals, to business leaders being more open to what IT tells them they can do, can’t do and what it will cost. What we see from these organizations is all the fundamentals are well taken care of, technical debt is minimal and understood. IT is always progressing, always moving forward and seen as a competitive advantage of their organization. These organizations also do not pay more than their peers, if anything the get more out of their investments than their counterparts.

Becoming a trusted partner to an organization like this is not easy. These organizations have high standards for themselves and their partners. Trust isn’t earned quickly, it comes from years of working in the trenches together, going through the inevitable challenges that come up. These organizations are very demanding and won’t hesitate to let you know when you’ve missed the mark. But because trust exists and you’re truly working together, they understand that sometimes the issue is on their side of the street.

Not all 3rd party technology companies are worthy of trust, or being called a partner but some are. If you can focus on that and embrace the ones that do add value, you will have better outcomes and a much better overall experience.

Best Regards,

Terry Murray and the Prescriptive Data Solutions Team

The Eight Edicts of Castle Fortification

Who knew that looking through a medieval lens could bring the process of building a strategic cybersecurity program into focus?! Our own cyberknight, Nick Whittington, dons his chainmail and lays out a useful outline to follow in the quest to protect your company’s data in a modern world.

As the frequency and severity of data breaches rise to mythological proportions, erecting a sturdy cybersecurity defense can seem like an impossible quest. But with the right strategy, and by pursuing a layered approach to internal and external fortification, every company can empower their armies to successfully repel adversaries from their corporate castle. Following are eight edicts of castle fortification straight from the House of Whittington.

Know the Terrain: Risk Analysis

First, survey the landscape and assess vulnerabilities. Conducting regular threat-informed risk analyses helps shape the blueprints for architecting the castle’s defenses, providing insights into weak points attackers might exploit, for example, to breach the walls or poison the moat. Understanding probable threats facilitates effective and efficient investment of resources into tailor-made defenses. Consider these assessments the foundation of your security. They inform the placement of inner and outer defenses, enabling the smart allocation of limited resources to protect your most critical assets. Regular reviews will help keep you informed of the ever-evolving threat landscape.

Strong Offense Trains a Stronger Defense

With the ramparts standing, it's time to test the integrity of infrastructure and walls. Proactive penetration testing reveals cracks which real enemies could infiltrate. By seeing through an adversary’s eyes, gaps are illuminated before the enemy can exploit them. These offensive exercises improve defensive posture. Shore up security holes and ensure defenses are battle-ready from every direction. Test often, as new vulnerabilities will emerge over time. Leverage the services of ethical hackers to probe defenses from creative angles.

Patrol the Keep: Adversarial Detection

To detect sneaky intruders, implement internal alarm systems. User behavior analysis can contrast typical activity patterns with anomalies that might signal compromised credentials or insider threats. Deploy decoys and honeypots to catch adversaries that slip through the gates. Adopt the hacker’s perspective from inside the walls. Use a mix of tools and techniques to monitor critical assets, privileged users, and suspicious behaviors. The earlier malicious activity is detected, the less damage done.

Defend Smarter, not Harder.

Managing multiple security tools causes confusion during a siege. Automating coordinated response playbooks allows for unified action upon alerts. Let orchestration do the repetitive work so analysts can focus on critically urgent threats at the gates. Streamlined internal processes make defenses more effective. Build playbooks for common scenarios based on best practices and customize protocols for your unique environment. This reduces chaos when under attack.

Joint Defense: Integrating Security Tools

Weave tools together to gain a tapestry of unified visibility. Correlating insights makes each solution more meaningful, providing a panoramic view from the tower of threats across the kingdom. Integration also strengthens communication between security teams at the gates, on the walls, and in the courtyard. Integrate data sources, add context, eliminate silos. Combined threat intelligence paints a clearer picture so you can prioritize your limited resources.

Tabletops: Role-Playing Security

Even robust tools need skilled humans behind them. Conduct incident response simulations to sharpen teamwork and reveal blind spots when faced with a full-scale cyber siege. Tabletop exercises and cyber-war games strengthen cooperation across layers of defenses. Practice until responses are second nature. Run drills on a regular schedule to account for evolving threats and technologies. Bring in leadership, IT and other teams for cross-functional coordination.

Wax Seal: Compliance Standards

While compliance provides a minimum viable security baseline, consider frameworks as roadmaps rather than the destination. Checkboxes alone cannot stop dedicated marauders any more than a wax-ring seal on a sensitive message. Build upon compliance, using it as a foundation for comprehensive risk management and continuous controls improvement. Use audits as opportunities to go above and beyond mandated controls. A king's stamp does not guarantee robust defenses. Prioritize security, not just certification.

Arm the Villagers: Cybersecurity Awareness Training

Finally, equip users with cybersecurity awareness to enhance human threat detection capabilities. Provide training so they can spot phishing lures, identify social engineering, and make security-minded decisions. Make users the front line of defense. An educated citizenry makes for a resilient kingdom. Refresh training frequently, as both threats and workforce change. Customize content to be engaging and role relevant. Turn users into sensors protected by knowledge.

Constructing multi-layered cyber defenses requires ongoing diligence and cooperation across teams. But with sturdy digital walls and battlements, wise investment, integrated visibility, and a garrison of prepared users, organizations can keep adversaries at bay and thrive securely ever after.

Nick Whittington is a professional musician/multi-instrumentalist and music producer turned?ethical hacker and cyber-security enthusiast. As a valued Security Engineer at Prescriptive Data Solutions, Nick views challenges as the scaffolding of growth and wisdom and approaches all that he does with wonder, humor, and enthusiasm. He takes pride in his ability to see solutions from unconventional perspectives and is passionate about observing, learning, adapting, and creating.