Mike Baukes: When most companies think about their transformation effort from an analog process to a digital process, they really want faster speed for delivery of those development activities. The reality is that a lot of organizations have this massive skill shortage that they really need to transform their workforce to be able to take advantage of these newer solutions.
Unfortunately during the transitional period, we see a lot of people adopting these newer types of technologies without really understanding, not only the maintenance effort that’s required, but also what the effort that goes into them really is. Quite often, they are open-sourced or some variation of that. That actually requires foundational changes in the way that a business approaches a problem.
If you’re using open source technology like this, you leave yourself open to needing to effectively contribute back to the community. There’s the rate of change that those projects are undergoing. There’s a lot of vulnerabilities that quite often come out because, typically, you’ve got a large community contributing back. How do you take those lessons and those changes and implement them back into your environment?
If you haven’t thought of that, you leave yourself to vulnerability be it the classic definition of vulnerability, which is a bug that was unheard of, or traditional misconfiguration. Those things are what we consider factors that limit your resilience. Resilience in our context is very much the ability to adapt to change and business context really fast. You should not only be able to have a good handle on what you have and what it does but also have that information distributed across many different teams of the organization.
A lot of people talk about operational awareness. We think of it as more of organizational awareness and the ability to respond to changing needs in the business. It involved having that perspective internally blended with this external capability, and then unifying them in such a way that everyone in the organization can have a really robust discussion on what the risks are, what has to be done, and who’s responsible for it. That is exactly what we think about when we think about digital resilience.
Sramana Mitra: Interesting. Are you the only people providing this kind of scorecard or are there other people doing this as well. FICO is a pretty standard scoring mechanism. It’s accepted by the industry as the world standard. How about your situation?
Mike Baukes: The good news is that it’s still early days. We’ve been fortunate enough to have a lot of classic organisation that help you standardize scores. We’ve had a great deal of success with the insurance industry and we’re constantly releasing new partners everyday. We partner with CSC, which is one of the largest brokers that use our software to determine risk of their client portfolio from a reputational perspective.
On top of that because of the nature of the platform, a lot of companies tend to look at the external scoring as one of the factors. We see it as almost like an iceberg. You’re on the net and you’re looking at this organization. The bulk of their digital infrastructure resides under the water. What we do is we not only have software externally at the tip of the iceberg but all throughout the rest of it so you get that holistic understanding of the capabilities of the solution and the capabilities of the organization in real-time.
As of today, there’re companies that are doing it in bits and pieces, but no one has put it together and unified it together the way that we have. We are unique in the marketplace in that regard.
This segment is part 2 in the series : Thought Leaders in Cyber Security: Mike Baukes and Alan Sharp-Paul, Co-CEOs of UpGuard
1 2 3 4 5