Blog | comforte

Beyond IT: Why Security Solutions Must Appeal to Multiple Personas

Written by Mirza Salihagic | Jan 12, 2023

There was a time when cybersecurity was lodged firmly under the remit of the IT department. No longer. Today, the most successful business leaders are those capable of most effectively managing various risks to their organization. And these risks don’t come bigger than cyber. According to the Institute of Risk Management: cyber risk “means any risk of financial loss, disruption or damage to the reputation of an organization from some sort of failure of its information technology systems.”

These IT systems sit at the beating heart of any organization. Without them, the lights would literally and figuratively go out. This makes security far more than a technical concern. And it therefore means that security products must be designed with different user personas in mind.

A Whole-of-Organization Challenge

According to one study, two thirds (66%) of organizations believe that cyber has the highest cost impact of any business risk. It’s easy to see why. The average cost of a data breach globally has risen over the years to a record high of $4.4m as of 2022. It can surge even further in certain countries like the US ($9.4m), some sectors like healthcare ($10m) and for specific attack types like ransomware ($4.5m). That’s enough to get the attention of most business leaders.

Costs aren’t just measured in the immediate impact to the bottom line. A serious breach of sensitive customer data or IP could result in longer term business impacts such as customer churn and reputational damage – much harder to quantify but arguably more serious than a one-off regulatory fine or legal bill. Then there’s the impact on digital transformation initiatives. From slicker customer-facing front-end applications to more streamlined, automated business processes – these projects can be the difference between success and failure for many organizations. But security incidents can cause delays and sometimes even derail initiatives altogether, putting the business at a competitive disadvantage.

All of which makes cybersecurity a challenge for the entire organization – not just its IT team. As does the fact that non-IT staff use business-critical technologies, including security tools, every day. Such tools must be designed with them in mind, rather than solely for IT administrators.

Who Is Impacted?

Consider a data security platform which has been purchased to mitigate risks stemming from business use of cloud-based data analytics tools. There are a range of different corporate stakeholders to consider here, including:

Chief Information Officer (CIO): Needs to enable secure data analytics whilst minimizing cost and the number of vendors involved.

Chief Data Officer (CDO): Wants to maximize the value of corporate data by ensuring its available for analysis by anyone who needs it.

Chief Security Officer (CISO/CSO): Primary goal is to avoid any breaches of sensitive data in the data warehouse environment.

Chief Risk/Privacy Officer (CRO/CPO): Needs to ensure compliance with relevant privacy regulations and that the business impact of any breach is minimized.

Chief Marketing Officer (CMO): Wants to understand and predict customer behavior in order to personalize and better target customers.

Addressing Different Persona Needs

When it comes to securing the data analytics environment, therefore, the requirements of multiple business leaders must be considered – not simply those who lead the IT and cybersecurity functions. This dynamic is replicated across the corporate sphere, and applies to various product areas beyond data-centric security.

It means that security vendors must design products that address the needs of these different personas. They should be intuitive and easy to use by non-IT staff. And they must solve the challenges faced by different stakeholders. That’s why comforte’s Data Security Platform offers benefits beyond mitigating critical security risk. By automatically applying format-preserving encryption to critical data it protects sensitive elements – which is good for CISOs and CROs – whilst allowing them to be used in analytics tools – to drive value for CIOs, CDOs and CMOs, for example.

Specifically, the platform delivers benefits across:

Data analytics:

  • Locate, access, and leverage all relevant data in a compliant fashion
  • Enable self-service access and use of modern, cloud-based analytics tools
  • Simplify data management and governance

Compliance:

  • Simplify compliance process (e.g. risk assessments) with accurate, automatic identification of sensitive data
  • Mitigate compliance risks – by enabling full use of protected data
  • Reduce costs of compliance audits

IT security

  • Simplify security management with a more efficient, cost-effective approach
  • Avoid security gaps arising from a multi-cloud landscape
  • Reduce the data breach risks with next-gen data protection technologies