The 3Ps (People, Process and Product) are essential pillars in almost every industry. This is particularly true in cybersecurity where each pillar must be prioritised in equal measure to promote a balanced security posture, says Tim Watson, Principal Architect at cloud and cyber services company Systal.
Security vendors need skilled people who can help customers with their complex problems, defined safeguarding processes that can be easily followed by staff, and class-leading technology products to ensure enhanced customer protection. Having just one or two of these pillars is sadly not enough for success. They should be viewed as a unified framework in which each depends on the other to succeed. Failure in any one of these areas can cause a multitude of challenges for any organisation:
Process
A company could have the best tools in the world. A full suite of products to meet varying IT Security needs from endpoint protection to observability, or SIEM to vulnerability management. But these products wonโt be much use if they donโt have the right people to operate them or the right processes in place to allow them to work as intended. Consider a scenario in which a new employee joins the SecOps team and is expected to help look after Vulnerability Management for the organisation. What happens if the most senior team member happens to be off sick? Are there clear written processes for junior team members to follow? Or are they expected to ask the senior team member who is no longer around to help? If the latter, you may be in troubleโฆ
People
Now, letโs turn to people. Imagine you have the same comprehensive array of class-leading security tools at your teamโs disposal and detailed process documentation in place to operate them. Are you hiring the right employees to diligently check on, and maintain these tools? Are you providing 24/7 coverage that maximises everything they can get out of the tool? Or are they struggling to understand how to use them or (worse still) not motivated enough to put their best effort in? We have all met people who want to run before they can walk; who want to tackle things without asking questions or taking the proper training. But even if they are experts in their fields, if your people arenโt reading the paperwork, learning from others, or fully making use of the tools available to them, then this is where the People side is letting it all down.
Product
Finally, letโs assume that you have the best employees in the world, and a set of processes so robust that anyone off the street would know what to do. That all counts for nothing if you have a tool stack so limited that it doesnโt offer the basic functions that people need to do their jobs, or a tool stack so complex itโs nigh on impossible to operate correctly. Technology doesnโt stand still, and neither should your business. What was class-leading software just last year may not cut it now, so you must routinely review both your products and vendors to ensure you are arming your staff with the best tools available.
All or nothing
Sadly, it can only take one weak pillar to make a tower crumble, or one weak link in a chain to break it. The same rings true in IT security. You need the best processes, the best people, and the best products. Then, and only then, will you truly give yourself the best chance of protection. Without strength in any one of these three essential pillars, your tower may collapse.
