I bet you never thought that assembling all those puzzles you did when you were a kid would have real world application! As a senior security executive, building your security program within your budget while doing your best to mitigate the risks your organization faces is very much like assembling a very difficult puzzle.
The nearly 5,000 security vendors offering more than 10,000 security products, along with the major cloud providers releasing more and more security services to strengthen the security of their solutions, makes assembling your own security puzzle a daunting task. It reminds me of putting the Red Riding Hood’s Hood puzzle together. It was over 500 pieces all the same color in a round puzzle – probably the most challenging puzzle I ever assembled. These vendors all claim to solve the latest security problems and to do it easily and seamlessly. The trouble is there is no easy button for security and every organization has its own unique security challenges; making it difficult to select the right mix of tools to secure your organization and mitigate risk to an acceptable level for your board and executive team within your given budget. Compounding this is the fact that none of the tools talk to each other effectively; many offer overlapping feature sets and all claim to do way more than they can deliver. This often results in too many tools than can be used and managed effectively along with unsustainable costs.
So, what is Shiny Object Syndrome (SOS)? It is a condition characterized by the rapid, unchecked growth of disparate security tools that clutter security programs and limit their effectiveness. There are two main drivers for this:
Over time, these tools add up. Either poorly leveraged or completely abandoned, they can limit the effectiveness of a security program while putting a strain on in-house resources to implement and manage them. These many tools create multiple pillars of data that is challenging to parse, correlate and turn into actionable information that can be used to protect the organization.
The result is often a security program that looks good from the outside but suffers from internal rot leading to increased risk of compromise.
How can you combat SOS?
In summary, by approaching your security puzzle with thoughtful planning and effective communications to your executive team you can avoid the many negative consequences of chasing the latest security tools and protect yourself against SOS. I am excited to speak about SOS in greater detail at the Paubox SECURE event on Wednesday, October 21st. Oracle also recently announced new cloud security services that can reduce security complexity and strengthen cloud security posture.