In an earlier blog post I wrote about looking at security as an investment (as opposed to an expense), focusing on the value that an integrated cloud-native security platform can deliver to investors, board members, and C-Level executives. In this post, I’m going to broaden my focus to include some of the other issues you need to include in your “security as an investment” plan.
Cloud security operations teams, especially ones that are looking at security technologies for the first time, are often faced with a daunting list of vendors who offer technologies with wide-ranging capabilities. Understanding the pros and cons of each might seem difficult or impossible at first, especially because the enterprise security sector is inundated with technologies that address security from a defense in depth perspective, offering different technologies at each layer. These include Firewalls, VPNs, IDS, IPS, log collection tools, SIEM tools, routers and switches with security capabilities, endpoint security tools, vulnerability management tools, threat management tools, etc.