Being Vendor Neutral

Rimesh Patel CEng

What it means for Cyber Security.

 

  • Executive: Didn't we just spend £millions upgrading IaaS, PaaS and SaaS?
  • You: Well, the vendor needs us to spend a little more to access the full security features and controls that we need.

 



This scenario is typical of most businesses, and demonstrates that you're only as secure as the products you use, and in some cases the products have become the weakest link in your business. We knew this already, yet somehow, we still manage to fail the external audit or experience the consequences of having mute-security controls that were meant to work 'straight out of the box'.



Being vendor neutral gives you a considered ability for broad compatibility, interoperability and changeability of products and technologies. Your technology selection should complement your proprietary designs with unbiased business practices. It's not always about following others in the market-place on which vendor solutions are used in each industry, but instead, what considerations are involved in your vendor selection process? Will it increase the internal capabilities of your team? will the solution allow you to have better governance or engage the diverse technologies of other economies? at what cost?



Vendor neutrality by design is not new but becoming a rediscovered design principal within cyber security especially as we become challenged to consider other influences within the vendor digital transaction and ecosystem such as privacy or data integrity. Your vendor selection should not limit your core business or have a need to up your resources skillset for the solution to work - you've paid a premium, the security controls within should 'just work' - and indeed some vendors today are giving value straight of out the box as they know your business definition of holistic-layered-defence is better complemented by their solution without any vendor lock-in mechanisms.



Of course, there are times when you must take the vendors lead, but if you can't explain why it helps with risk mitigation or operational success then you're already within the vendor lock-in zone and need to consider your vendor exit strategy.



It doesn't just mean to find the first open-source or open-systems provider in your industry, you have to consider how you are empowered by them to integrate platforms and systems through your business functions - you want to set trends, not follow them and for that you need qualified assistance where our products at SAIBER Ltd have already considered vendor neutrality by design and work alongside your business to ensure your cyber security posture progresses the right way.





#RUCyberReady



#RUCyberReady #CyberSecurity #AI #2026

2026! The Year of Informed Intelligence!

by Rimesh Patel 29 December 2025
What does 2026 mean for Cyber Security?

2025! The Year of Secure Evolution!

by Rimesh Patel 31 December 2024
What does 2025 mean for Cyber Security?
#RUCyberReady #CyberSecurity #2024

2024! The Year of Digital Codification!

by Rimesh Patel CEng 30 December 2023
What does 2024 mean for Cyber Security?

Securmeo & Cyberette - Shakespearean period drama. #RUCyberReady’s adaptation

by Rimesh Patel CEng 5 March 2023
Securmeo & Cyberette

2023! The Year Of Articulated Data.

by Rimesh Patel CEng 30 December 2022
What does 2023 mean for Cyber Security?

2022! The Year of Federated Ecosystems.

by Rimesh Patel CEng 28 December 2021
What does 2022 mean for Cyber Security?

Automating Autonomy

by Rimesh Patel CEng 15 October 2021
What it means for Cyber Security ?

Bring Your Own Security

by Rimesh Patel CEng 13 June 2021
Empower your customers and partners, by not being their digital weakest link.

2021! The Year of Cognitive Monetisation.

by Rimesh Patel CEng 28 December 2020
What to expect in 2021 for digital ecosystems.

Owning Vulnerability Management

by Rimesh Patel CEng 17 August 2020
For your customer it means they feel safe and confident that your products or services are less likely to get caught out by the trending hack in the news. For your business, it means you are not the weakest link in the supply chain, and for industry, you can interact with others who also demonstrate good governance a chosen threat and vulnerability management framework. A vulnerability management framework has to consider assets, inherent risks and frequency of threats, including; Secure Development Life Cycle Programme User Acceptance Testing & Penetration Testing Risk Remediation & Ownership Resilience Services Patch Scheduling A vulnerability management programme will unite the above into one programme that will increase your security posture. If you are dependent on your online internet facing servers, laptops or devices, then having a dedicate resource is recommended, you can also look at outsourcing repeatable activities, however assessing each risk should have final sign-off from internal leads only. Internal risk postures are constantly moving as are external ones, so making the assessment on how actual attack vectors are going to effect your core business activities is best done internally as the vulnerability categories for risk remediation is only understood by you - including how they effect your security policy. You might have a vulnerability management policy, especially if you are risk appetite is low or your core business interacts with regulated products like heath devices, smart vehicles, utility services or any critical service. Having a dedicated policy will let you validate you have selected the right framework to make assessments of each vulnerability and making sure old vulnerability patterns are not repeated. A good vulnerability management programme will make sure you own your risk and have the right security controls in place, even if you use compensatory controls, they too will be in scope for vulnerability tests, so you must know how your resilience frameworks take effect if those controls fails. SAIBER Ltd's Vendor Neutral Vulnerability Management package will let you execute vulnerability management efficiently by empowering your resources will the correct mechanisms that consider all the above, including technical assessments. #RUCyberReady