The Three Levels of Enterprise Security Maturity

Enterprise Applications

level1_squareIn enterprises that take IT security seriously, where a data breach means significant loss to sales and/or brand value as well as regulatory fines, there are three distinct levels of cybersecurity technical maturity. Let’s take a look at each of these levels and examine their common features.

Level 1: Professional

Professional organizations strive to meet commercial best practices in security. They typically have a CISO (chief information security officer) and an institutionalized security program that includes incident response, a rigorous security development lifecycle (SDL) for software and systems, and regular threat modeling and independent risk assessments. Another example of commercial best practices is the use of “container” software that isolates business applications and data from an employee’s personal use on the same device (e.g. laptop or smartphone when the enterprise supports BYOD and/or COPE mobility programs).

Personal use is often characterized by the wild, wild west of third-party app stores, untrusted Wi-Fi access points, and the Internet, and the container ensures personal privacy is protected from the enterprise while enterprise information and networks are protected from personal use. Another aspect of commercial best practices is leveraging solutions that meet the highest level of internationally recognized security certification.

How do you know your business is following the latest and greatest commercial best practices? BlackBerry’s CHACE research team develops the free SHIELD assessment tool, continuously updated as threats and requirements evolve, which provides enterprises with confidential, vendor-agnostic expert feedback on security best practices, as compared to industry peers, in about 90 minutes.

level2_squareLevel 2: Advanced

The next level up, Advanced, means having a security strategy that addresses the core challenge that security is often viewed as a cost, both in terms of expense of implementation as well as the way it can inhibit productivity and efficiency throughout the business. In a recent survey, 82% of businesses said they are held back from implementing improved security controls because of employee frustration – security gets in the way of getting the job done.

BlackBerry approaches security from perhaps a unique perspective: while most enterprise security firms focus on the enterprise and IT security perspective, over the past 30+ years, the BlackBerry focus has always been as much about business user productivity as it has been on the enterprise IT staff and management team. For example, BlackBerry Dynamics (formerly Good Dynamics) includes data-at-rest encryption, data-in-transit protection, and many other security controls designed to operate “under the hood” to protect information without the user even realizing the controls are there. The VPN is automatically managed and enabled without requiring the user to fiddle with a client app or settings. Enterprises that meet the Advanced level of maturity are constantly striving to find security approaches that make security easier to adopt, use, and manage. Security that fails to meet simplicity requirements is often ignored or circumvented, regardless of how “necessary” it seems from the security team’s perspective.

Level 3: Master

level3_squareFinally, we get to the Master class. Masterful security extends beyond simplicity to become an enabler of new business value. When security actually contributes new capabilities, new efficiencies, new revenue streams that would not otherwise have been possible, we’re really cooking with gas.

To illustrate, I’ll share a story of my meeting with a customer, a large financial services firm, shortly after BlackBerry’s acquisition of Good Technology. This firm uses BlackBerry Dynamics to secure enterprise apps and data on tens of thousands of BYOD/COPE iPhones. But the firm’s executive told me how she side-loaded the Dynamics container onto a BlackBerry Classic, which was preferred by some of their executive team. The Classic’s BlackBerry 10 OS pioneered the concept of enterprise container technology, so I asked the executive why she would go through the trouble of loading Dynamics when a container was already built into the OS?

The answer was eye opening. The executives were familiar and happy using Dynamics on their iPhones, iPads, and Android devices. They were using BlackBerry Work, BlackBerry Access, and other productivity apps running within the Dynamics container. So when executives chose the BlackBerry Classic, they still wanted the same consistent Dynamics environment because it was an enabler of productivity – they didn’t care a whit about the security features under the hood (other than to know they were approved by the CISO).

BlackBerry Dynamics provides yet another example of the Master craft. While enterprises usually select container tech to reduce security risk, they soon discover that Dynamics comes with a complete enterprise SDK, with a rich set of productivity APIs that enable enterprise developers to create apps that best match their organization’s workflows and business processes. Analysts 3levels_tnestimate that 80% of enterprises are already developing at least one custom app, and the average number of custom apps per enterprise is expected to grow to well over 1,000 over the next five years! Secure containers have become a massive enabler of digital transformation.

Level Up Your Business

With BlackBerry’s recent portfolio-wide software release, Dynamics’ cross-platform capabilities – extending beyond iOS and Android to provide great Windows 10 and MacOS productivity experiences and additional enterprise APIs – are pushing this enabler even further ahead. BlackBerry Dynamics is the world’s only container and enterprise SDK supporting all major enterprise operating systems.

As a business grows in cybersecurity maturity, it increasingly learns that cybersecurity maturity means growing business.

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus