Dependency Versus Autonomy – What Are Cybersecurity Solution Vendors Seeking?
In this month’s blog, I would like to explore the basic concept of ‘DEPENDENCY’ versus ‘AUTONOMY’ in the application of cybersecurity technology to solving common cybersecurity problems. The terms can be defined as follows (courtesy Merriam Webster https://www.merriam-webster.com/dictionary/):
dependency
noun, de·pen·den·cy di-ˈpen-dən(t)-sē, plural dependencies
1 : dependence sense 1
2 : something that is dependent on something else, especially : a territorial unit under the jurisdiction of a nation but not formally annexed by it
3 : a building (such as a stable) that is an adjunct to a main dwelling
autonomy
noun, au·ton·o·my ȯ-ˈtä-nə-mē, plural autonomies
1: the quality or state of being self-governing, especially: the right of self-government
The territory was granted autonomy.
2: self-directing freedom and especially moral independence, personal autonomy
3: a self-governing state
If we exclude the territorial and physical aspects of the definitions, for ‘dependency’ we are left with a simple definition: something that is dependent on something else.
Again, excluding the territorial interpretation, for ‘autonomy’ we are told it means ‘self-directing freedom and especially moral independence, personal autonomy.’
In the case of cybersecurity, I would like to explore the business models of various solutions offered in the market with a view to determining whether they create a dependency or provide the customer with autonomy.
Dependency Business Models – these types of cybersecurity relationships are characterized by control of information, features, knowledge, and a rigid segregation of tasks. Most large cybersecurity companies have tried to use this model of creating a customer dependency on the solutions offered.
You know you are in a dependent position with your cybersecurity solution provider when the following conditions exist:
- Your use of the product requires extensive training by your staff for effective use.
- Related to the point above about training, proficiency in the use of the product is recognized by an extensive grading system where your employees are ‘certified’ – often by the software solution provider granting graduation certificates to your employees – thus making a virtue out of a necessity (issuance of diplomas/certificates for effective use of the product you bought).
- You can only access the higher levels of solution (example threat hunting) when you purchase additional services not offered in the baseline business model – this is particularly vexatious when the need for the additional services is only evident when a serious threat is found.
- You are not offered a technology transfer to allow you to develop your own skills and capabilities.
- You feel that since you have invested so much in the costs of ownership of the solution, you are compelled to continue using it, irrespective of whether the security outcomes are optimal.
Many of the large, well-funded cybersecurity companies have created a virtual cult of dependency and they have made a virtue out of a necessity in creating their rigid training regimens, indeed even their own training academies with extensive diplomas and certificates of increasing proficiency for your staff. If you have ever bought something that you thought was genuine, only to find out it wasn’t…you will understand that it is human nature to resist accepting the deception, especially if you paid an awful lot for it. Once you have drunk the Cool-Aid, it is hard to admit that the solution you invested so much in implementing, may not be up to snuff.
Autonomy Business Models – These types of cybersecurity relationships are characterized by transparency, a ‘need to share versus need to know’ and a significant collaboration in tasks between solution provider and customers. There are risks in this business model to a solution provider: by being so transparent, customers realize there is no real black magic and hence they may be tempted to want to receive a technology transfer to become more autonomous. Although there is a short-term risk to having a customer take on more responsibility (thus potentially decreasing the cybersecurity vendor’s revenue), in the long-term the ‘trust dividend’ will enhance the relationship and lead to more revenue, not less. Customers want to have a hand in enhancing their cybersecurity posture. Customers do not want a solution that is only fully understood by the magic few employees who have graduated to the highest rungs of the cult-like training regime of the cybersecurity provider.
You know you are in an autonomous position with your cybersecurity solution provider when the following conditions exist:
- Use of the product is intuitive, and the data is fully shared and explained – you can see ‘under the hood’.
- Proficiency in use of the product is attained quickly without the need for the equivalent of a PhD in cybersecurity.
- You can pay one relatively low fee and have access to all features and capabilities – there are no hidden fees and/or the cybersecurity vendor is not trying to ‘up-sell’ you on additional features.
- You are encouraged to receive a technology transfer and become capable of training your own staff through a ‘train the trainer’ approach and you are fully supported in your implementation.
- You feel trust and a cooperative partnership exists between you and your cybersecurity solution provider rather than a feeling of dependency that you have invested so much as to avoid any change.
To experience the feeling of autonomy in the selection of a cybersecurity solution is a very liberating sensation. Since your investment in the cost of ownership is modest, you can try other alternatives and decide what solution is right for you.
At OmniSecuritas Technologies, we are definitely offering you the ‘Autonomy’ business model and not the ‘Dependency’ business model. With our technology partners CYDEF (www.cydef.ca) and ESET (www.eset.com) , we encourage you to ‘try a little and buy a little’ to experience that liberating feeling of working with solutions providers who do not want you to feel dependent on us.
Please check out our website www.omnisecuritas.com.ph and take up a free trial…you have nothing to lose but your chains of dependency.