The 3 Pillars of Cybersecurity: People, Process, and Technology
Note: This post was updated on June 26, 2024.
Some organizations build their cyber defenses by acquiring best-in-class technology, but their security team lacks the staffing or knowledge to fully implement it.
Other companies hire the brightest minds in the security industry. But without strategic processes in place, they fail to fully leverage the team.
In other cases, teams are laser-focused on superb policies and processes, but are missing the advanced technology to carry them out.
In each of these scenarios, cyber defenses are like a two-legged stool, unable to bear the full weight of an organization’s security requirements. For this reason, many organizations look to managed services partners to provide a more stable and balanced cybersecurity platform to protect their operations.
“People, process, and technology” have long been cited as the three pillars of IT, and the same principle applies to cybersecurity.
People as a Cybersecurity Pillar
The people part of the three pillars includes the following:
- Security awareness and training for all users
- Adequately skilled members of the security team
- Sufficient staffing for 24x7x365 cybersecurity coverage
Process as a Cybersecurity Pillar
The process part of the three pillars includes:
- Appropriate policies and management systems
- The use of proven frameworks like the NIST Cybersecurity Framework
- Planning, performing audits, and reporting on audit findings
Technology as a Cybersecurity Pillar
Maximizing the technology pillar within cybersecurity involves having the right people and processes and integrating those two pillars with items such as:
- Systems in place to mirror your security policies and risk appetite
- Predictive AI-powered solutions that can stop attacks before they start
- Generative AI solutions that assist your team and reduce escalations
- Appropriate mix of in-house security — and outsourced managed services — based on staff size and skillsets
Graphic: People, Process and Technology in Cybersecurity.
While it’s easy to say that a program is well-balanced between these three pillars, it is not so easily achieved. Too often, organizations lack a strong foundation in all three, and the resulting imbalance makes them an easier target for threat actors.
And these imbalances can appear within security teams of all scopes and sizes.
Cybersecurity Challenges for Organizations With Big Security Budgets
Some enterprise organizations have adequate budgets to maintain their own security operations center (SOC) or SecOps, and choose to deploy and maintain multiple point solutions, each designed to address a specific threat.
The challenges for these security teams include mounting labor costs, multiplatform complexity, and “alert fatigue” from triaging endless security alerts from so many solutions. Recent research reveals that 83% of security professionals suffer from alert fatigue, and struggle with managing alerts alongside their other priorities. If left unaddressed, this increases employee burnout and turnover. The burden of training also grows in this scenario.
Cybersecurity Challenges for Organizations with Small Security Budgets
On the other hand, smaller organizations often cannot afford to hire or retain highly skilled talent, and many are also unable to maintain their own SOC, as the cybersecurity skills gap leaves them without the necessary internal expertise. As a result, we often discover that small and medium-sized businesses (SMBs) —and mid-market firms — underutilize the security tools they have because small teams lack the bandwidth to take advantage of all these solutions offer. This is part of why experts say SMBs represent “soft targets,” potentially attracting the attention of criminal and nation-state actors, and placing their organizations at risk of damaging and potentially business-ending data breaches.
Cybersecurity Challenges for Teams of All Sizes
There are additional challenges security teams face regardless of organizational size or budget. Many have incomplete or poorly defined cybersecurity strategies, and may lack cohesive processes for investigating, detecting, and mitigating threats. They might believe that their deployed technology will protect them, but if the people and process pillars are out of balance, it limits their ability to correlate and act on the telemetry from their existing tools and technology.
Balancing the Three Pillars of Cybersecurity
What can organizations do to overcome these challenges, in the face of a continually evolving threat landscape, and with limited resources corresponding to any of these pillars? How can security teams ensure that they have full visibility into their ecosystem, and the capacity to respond to any threats they encounter? Many organizations find that security services provide the bridge — the critical link from where they are today, to where they need to be.
Let’s look at one example where this approach can successfully bring people, process, and technology together, to deliver on all three pillars of cybersecurity and produce the desired business outcomes.
Security Services Case Study: MDR
A growing number of organizations are adopting managed detection and response into their security model to reduce risk, prevent attacks, and, when necessary, respond to and remediate advanced cyberattacks.
MDR is a unified cybersecurity approach that collects and analyzes data from multiple sources to improve visibility and security controls across the enterprise. Think of it as an integration of existing endpoint detection and response (EDR) and XDR (extended detection and response) capabilities.
By itself, EDR only does part of the job, and XDR currently takes significant resources, including people and money, to fully implement as a stand-alone business. This leaves organizations feeling as if effectively balancing and solidifying all three pillars of cybersecurity remains out of reach.
That's why a growing number of organizations are adopting MDR to scale their cyber defenses and improve their security posture. Recent research reveals the potential savings of implementing MDR vs. the cost of building a round-the-clock security operations center (SOC) in-house.
Detailed analysis from the BlackBerry Managed Detection and Response Buyer's Guide (pdf).
In addition to significant cost savings, a recent Foundry MarketPulse survey conducted for BlackBerry found that managed services — such as MDR — deliver a wide scope of experienced benefits. See the chart below for how IT and cybersecurity decision-makers say they benefitted from implementing managed services.
Foundry MarketPulse report example on Managed Security Services Expectations and Experience.
People, Process, Technology in Cybersecurity
Weakness in any of the three pillars — people, process, or technology — can jeopardize your cybersecurity capabilities and increase risk to the organization. An increasing number of organizations of all sizes are turning to managed detection and response solutions to strengthen all three cybersecurity pillars, thus reducing the risk of a successful cyberattack affecting or interfering with the organization’s operations and business goals.
Learn more about choosing a managed detection and response solution in the MDR Buyer’s Guide.
CylanceMDR Services
BlackBerry offers CylanceMDR™ which brings people, processes, and technology together into a single, consolidated solution. It combines cutting-edge artificial intelligence with expert human analysis from BlackBerry’s world-champion SOC (security operations center) team to proactively hunt down and eradicate threats wherever they appear, extending your team and security stack. And it achieves all of this at a fraction of what it costs to build similar capabilities in-house.
CylanceMDR also features a variety of service levels including CylanceMDR on-demand, for rapid help during critical moments. Learn more, here.
For similar articles and news delivered straight to your inbox, subscribe to the BlackBerry blog.
About Bruce Sussman
Bruce Sussman is Managing Editor Director at BlackBerry.