“We Make It Accessible” - ProtectedIT’s Automation Conversation with CyberSaint Security
This month, ProtectedIT focused on a crucial topic within cyber - automation! Generally referring to the use of advanced technology that goes beyond conventional data manipulation or record-keeping, business process automation (also referred to as BPA) is a solution that has and continues to make headway in improving functionality and overall efficiency in vital areas of the economy. As a Managed Security Service Provider (MSSP), ProtectedIT finds that the best path forward is to consistently seek out ways of taking new and distinctly original steps as an innovating service provider. In this mindset, we work towards a deeper understanding of our loyal partner companies and the products and solutions which they have meticulously crafted.
Along these lines, ProtectedIT recently sat down and chatted with partner company CyberSaint Security about the importance of a people + systems approach and the significance of people-assisted automation in their platform. CyberSaint is a powerful, leading force in the security market these recent years. They have innovative solutions for automating the reporting and auditing functions for many sectors of business operations and have created an unprecedented approach to Integrated Risk Management (IRM). As such, CyberSaint has gained the recognition of the industry and the respect of security experts worldwide.
We spoke with Alison Furneaux, CyberSaint’s Vice President of Marketing. On top of making our conversation a fun and interesting one, we found her to be a powerhouse of perspective and a wealth of knowledge. In her words, what makes CyberSaint’s product unique is that their approach “is just fundamentally different.” The importance of people assisted automation is a topic upon which Alison brings an abundance of experience and some welcome insight.
ProtectedIT: So what does a people + systems approach mean to you and how would you say it’s meaningful or effective for the company?
Alison: I think a lot of people - when they think of automation - think of replacing people. Obviously, that’s part of it. But at the same time I think that when you put systems in place that do what they’re supposed to do, they actually just empower people to do their best work. If you have a system in place that is truly accessible and that is truly built as a solution and not just as a product, you’re going to empower the people that you’re serving to do their best work and be the best version of themselves for their company.
ProtectedIT sought to dive deeper into just what it is that makes automating so important and how the CyberSaint platform fits into those ‘niches’ of problem solving and risk management on a high-tech level for cyber. Interestingly, Alison shared with us an insider’s understanding of how truly “human-powered” automation is, contrarily to what many might assume.
ProtectedIT: So how has CyberSaint positioned their products for solving problems with automation?
Alison: One of the more difficult parts of running programs like this is really just the reliance on manual effort. Like when people think of security they think of data flying between screens and they think of tons of automation… and it is SO people focused. It’s so human-powered as an industry that it’s actually shocking. That’s why adding in automation as much as possible will really enable teams to manage risk in a way that matters to their business and will allow them to grow and go through digital transformation initiatives without fear of the unknown.
Our solution is really made to create a world where a CISO cybersecurity program is just as measurable and actionable as a financial model or a CEO’s growth plan. But to do that, there’s a lot that comes with it, there’s a lot of baggage…there’s figuring out what risks from a cybersecurity perspective matter to your business but also: Why do those risks matter? How do they tie into the organizational objectives?
Building off of this point, we discussed some of the more common challenges that CyberSaint runs into when marketing automation solutions to prospective clients. One of the bigger ones, according to Alison, is that a lot of people use the term “automation” but they don’t use it in a way that is actionable. Citing legacy GRC (Governance, Risk, & Compliance) platforms as an example, she makes notable remarks on the differentiation between automation and integration, and how often these platforms will use a vulnerability feed to display information inside the system and claim it is an automation solution…but then nothing is actually done with that information. Automation is a concept often misunderstood outside of as well as within the industry.
Alison: The challenge in marketing automation is you need to really clearly delineate between automation and integration, and you need to call out people who are saying they have automation but really haven’t been able to deliver that to the market yet in a way that is meaningful. Yes, we can integrate with a billion different things, but just because you have all those integrations doesn’t mean you’re doing anything meaningful with the data that will give the result you want!
Alison’s insight is rich in points-of-view. While specializing in business and marketing, she also had exposure to the industrial world early on in her career and feels a wider perspective helped with looking at businesses and startups through a more “thoughtful lens” on top of a market or investor perspective. She credits these experiences towards helping her to put a sharper focus on the big question: How do you build a company with substance and realness? And once past that point: How do you communicate the value of your program in the best way that everybody will understand? And to understand the answer to that, examining the concept of a market’s maturity comes into play.
Market maturity and a company’s maturity is a key concept that we touched on a few times. In referring to the current market of cyber security, Alison wisely points out, “we want to help them mature.” It works in best interests of all stakeholders involved.
ProtectedIT: Do some of your prospective clients think that they can jump into or buy GRC software and then not do a full integration into a full cybersecurity program? Or, can they buy into it and do they not understand it in a complete sense?
Alison: I think it depends on the maturity. In our space, the market is maturing. For example, right now we’re working with a Global 500 company - they want to automate 90% of their controls that they’re aligning within their company. We have the ability to do that, we’re the only one that has the ability to do that. We’re working with them to get there…that’s a very cutting edge approach, though. There are organizations that are just using spreadsheets and their goal is to be able to track things, measure their posture as an cyber secure organization, and just get off spreadsheets!
And as a BONUS, CyberSaint’s VP of Marketing also offered up some thoughtful and intriguing foresight into what the future of risk management, automation, and a people + systems approach may look like:
Security operations centers are so overwhelmed right now with all these false positives and vulnerabilities coming in…you have all this automation, but how do you manage that? I really think that something that is going to be developed is a risk operations center - similar to a SOC [Security Operations Center], all the security and notifications are linked to risks that matter to the business. We’re going to have to extract that from security and create a hub for risk in a lot of organizations…and we’re already seeing that starting to happen.
Bringing it full circle: Utilizing a people + systems approach to automation is dynamic and allows for scalability. It allows for pioneering and innovation in technology, puts security measures of those who utilize this strategy ahead of the curve, and intrinsically develops a deeper understanding of the mechanisms of their success.
Alison: We’re serving some of the Fortune 1000, some of the biggest companies in the world but we also serve companies in the defense and industrial base that are small and just need a way to wrap their head around cyber. We make it accessible.
One of the biggest takeaways from our chat is an understanding of how vital this kind of scalability and flexibility can be. “We make it accessible” - a simple yet resounding idea.
A huge THANK YOU to CyberSaint and to Alison Furneaux for taking the time out of your work day to chat with us! This kind of communication helps us at ProtectedIT to improve the level of service and understanding we are able to provide clientele, as well as evolving and strengthening our partnership with CyberSaint. I’ll leave you with one last quote from Alison that was particularly resonant: