When is security really “good enough”?

rakhirhif8963 · Post by **rakhirhif8963** » Thu Feb 06, 2025 4:15 am

The big shift for organizations, he says, is changing the culture and behavior of people. When you move to an “everything as a service” model, you recognize that the organization uses technology differently, he says.

To capitalize on the move to XaaS, Illsley suggests organizations consider the immediate costs, the potential growth (and its impact on costs), the margins generated by the activity/product, and making sure people across the supply chain understand that they need to turn off the lights when they leave the room. “In other words, you need to get everyone to adopt an ethic — a personal responsibility — for how you use the services,” he says.

Finding the right balance between cost and security is another key trend for enterprises in 2024. The Omdia report says a “good enough” approach to security can potentially meet needs without breaking the bank.

Omdia’s Cybersecurity Decision Maker Survey 2023 found china mobile database the top three challenges facing security teams are talent and skills shortages, ransomware, and supporting cloud and digital transformation projects, said Maxine Holt, Omdia’s senior director of cybersecurity research. All of these challenges, she said, are driving the adoption of a compromise notion of “good enough” security — focusing on security while taking into account the perennial shortage of cybersecurity talent, the ongoing threat of ransomware, and the need to continually stay relevant to customers with new products and services.

“One approach to determining what is actually ‘good enough’ is for the CISO to present scenarios to the CEO, CFO, and board to determine the level of spend and risk that is appropriate for the organization,” says Holt. “Three, four, even five scenarios are presented based on spend and risk, and then the final decision makers can weigh the risks and costs and choose what is ‘good enough’ for their organization.”

What constitutes “good enough” depends on the industry in which the organization operates, its financial position, etc. For organizations in highly regulated industries (e.g., healthcare and financial services), the bar for “good enough” will be higher than for organizations in less regulated industries. Smaller organizations may not have the resources necessary to take on the level of risk they would prefer.