Expert Panel® Forbes Councils Member
Forbes Technology Council COUNCIL POST| Membership (Fee-Based)
20 Essential Factors To Consider When Vetting Cybersecurity Platforms
In an increasingly digital work world, companies across industries collect and manage sensitive data. And just as companies are finding new and sophisticated ways to leverage that data, hackers are finding new and sophisticated ways to breach cyber defenses. With the volume and variety of cyberthreats always on the rise, choosing an effective cybersecurity platform vendor to partner with is a complicated and consequential decision.
It’s essential for every business’ leadership team to thoroughly review both their internal circumstances and needs and what different cybersecurity platform vendors can bring to the table. Below, 20 members of Forbes Technology Council discuss essential factors to consider and services to look for when evaluating cybersecurity platforms prior to making a purchase.
1. Your Risk Profile
While deciding about a cybersecurity platform, a key factor a business should consider is the alignment of the platform with the business’ specific security needs and risk profile. This involves assessing the types of threats most relevant to the business, the sensitivity of the data being protected, compliance requirements and the existing IT infrastructure. – Shamaila Mahmood, Indus Valley Labs (PVT) Limited
2. The Vendor’s Development Practices And Policies
Businesses should ensure the cybersecurity solutions they purchase reduce their risk, not increase it. This sounds like a no-brainer, but recent vulnerabilities—such as Citrix Bleed and coordinated attacks on firewalls at dozens of energy suppliers—show that there’s real risk. Look for solutions that have secure development practices and zero-trust policies in place so they can’t be leveraged as an attack vector. – Geoffrey Mattson, Xage Security
3. Advanced And/Or Additional Protections
When a business is considering a new cybersecurity platform, its leaders should strongly consider if the product provides advanced and/or additional protection beyond the company’s existing capabilities—and consider the risk of inaction. Businesses should also consider the time and resources needed to operate a new cybersecurity platform, as well as whether any increased allocations are worth the increased protection. – Patrick Harr, SlashNext
4. The Different ‘Weapons’ You Need
Cybersecurity is extremely complex, because not only do you have a multitude of attack surfaces, but you also need different “weapons” to defend yourself. No single company sells all of these, so it’s important to pick best-of-breed solutions predicated on the attack surface. – Douglas Murray, Auvik
5. The Potential Business Impact
Besides choosing between best-of-breed or “single pane of glass” (that is, a platform delivered by one vendor that covers all layers of protection) solutions, one of the top things organizations need to understand is the potential business impact the product or platform will create. It’s not just about security—it’s also about business uptime and minimizing the impact on business continuity the product will cause (and it will). – Oren Koren, Veriti Security Inc.
6. Time To Measurable ROI
The two key questions that businesses should explore when considering the purchase of a cybersecurity platform are: 1. Does it solve a problem in a manner that is measurable? 2. How quickly will we be able to realize value from the product after purchase? Answering these two questions will help you ensure that the product can effectively deliver the expected ROI. – Mike Britton, Abnormal Security
7. Ease Of Integration With Your Existing Infrastructure
When choosing a cybersecurity platform, consider how easy it will be to integrate it with your existing tech infrastructure. Seamless integration minimizes implementation time and cost, reduces operational disruptions, and ensures that the cybersecurity enhancement doesn’t hinder daily business processes, maintaining operational efficiency alongside robust security measures. – Andres Zunino, ZirconTech
8. Scalability
Scalability is critical, and businesses should look at products that can scale with their organization and not just solve the “problem du jour.” Point-in-time solutions may address a pain point today, but products that can grow with your business will provide more comprehensive, long-term protection. – Andrew Kahl, BackBox
9. The Ability To Add New Technologies
An open, flexible platform that allows the integration of new technologies is the most important factor. Cyberthreats will continue to evolve to evade our defenses. A vendor platform lock-in that inhibits the ability to respond to evolving threats is not ideal. Even if the vendor has a great record of innovation, enterprises should preserve the choice between a best-of-suite or single-vendor strategy. – Poornima DeBolle, Menlo Security
10. Complexity
The complexity of any cybersecurity product is critical to its successful implementation. If the product includes setting up new operational processes for a number of employees, then the business should consider that factor when looking at the overall cost. As part of implementing such new processes, leaders will need to ensure that employees are set up for success with access to the right data to make informed decisions. – Atul Tulshibagwale, SGNL.ai
11. Cost And Productivity Benefits
Leaders must ask, “How does the solution enable the business to grow and/or become more sustainable, and is there a measurable impact that can be tracked quarterly?” The cybersecurity solution must help reduce costs and/or increase business output in a manner that the CFO can easily understand. The vendor behind the platform needs to support measurable value reporting throughout the entire life cycle of the license. – Alon Bender, BenderXpert
12. Values Match
A business should check to see if the cybersecurity system vendor’s values—for example, respecting privacy and being open about how they use data—match their own values. In this way, leaders can make sure the business stays true to its principles while keeping its data safe. – Margarita Simonova, ILoveMyQA
13. Ease Of Use
The majority of cybersecurity incidents happen because of human error. Even the most advanced platform will be rendered useless if it’s not used effectively by your people. So businesses should prioritize ease of use and intuitiveness when selecting a cybersecurity platform, ensuring seamless integration with existing infrastructure as well as a quick onboarding process. – Tom Okman, Nord Security
14. Regulatory Compliance
Ensure compliance with the privacy laws in your jurisdiction(s). In the U.S., make sure you’ll be compliant with California’s Consumer Privacy Act, and in the E.U., with the General Data Protection Regulation. Also, remember that the legal obligation you owe customers under some privacy laws becomes more strict as the sensitivity of the data you hold increases (for example, geographic data versus medical information). – Jordan Yallen, MetaTope
15. The Vendor’s Team And Reputation
Review the vendor’s ability to attract and retain top cybersecurity talent (the type who actively avoids working on dated technologies). Also, assess the potential brand hit of being breached through the vendor’s specific solution—some tools provide stronger “due diligence” optics after an incident. Adopting limited-lifespan solutions raises costs due to the need for constant skill retraining, and you may risk negative public perceptions of your brand. – Mani Padisetti, Digital Armour
16. Implementation And Rollout Assistance
When deciding on a cyber product or platform, a key purchase requirement is to ensure (in writing) that the vendor will be a key participant in the initial implementation and rollout of the product. This should be a free service provided by the vendor, and the contract language should be clear in terms of roles, responsibilities and deliverables. – Mark Schlesinger, Broadridge Financial Solutions
17. Usability And Maintainability
Usability and maintainability for end users and administrators should be at the forefront of every purchase decision. Almost all cybersecurity incidents involve some human component. If your cybersecurity action makes IT less user-friendly, users will find a way around the products. – Kevin Korte, Univention
18. Preemptive And Proactive Defensive Measures
Cybersecurity platforms often employ reactive detection techniques that are not 100% effective at preventing cyberattacks. When it comes to data protection (sensitive data is the target of a lot of attacks), it is important to consider preemptive and proactive measures that protect data even if some attacks succeed. The proper use of automation, cryptography and tracing after compromise is key here. – Karim Eldefrawy, Confidencial.io
19. Accountability And Traceability
One factor a business should consider when determining which cybersecurity platform product to purchase is accountability and traceability. It is important to look beyond sales and marketing language and focus on the fundamental capabilities of the product. – Robert Mao, ArcBlock Inc.
20. The Product’s Future Roadmap
When choosing a cybersecurity platform, businesses should look beyond current features to the product’s future roadmap and its ability to adapt to evolving cybersecurity threats. It’s essential to consider how the platform updates to counter new risks, as well as the strength of its ecosystem, including integrations, community support, its partner landscape and long-term security solutions. – Raj Polanki, Wacker Chemical Corporation