Most respectable service organizations periodically review their client population with the intent of understanding what makes a good client or what clients are the best fit. They may conduct client focus groups to get external input as well as conducting internal workshops, but it’s always a search for the secret sauce that makes the service partnership work in the way it was intended, and hopefully exceeding expectations on both sides.
For cybersecurity services my answer for 15 years has remained unchanged – it’s any organization that strives to do the right thing. I always get the follow-up question, “what do you mean?” So here goes. What makes a great cybersecurity client?
- Adopt a culture of security first, compliance next.
At Agio, we’re firm believers that if you endeavor to take care of your underlying cybersecurity issues, you’re well on your way to compliance with whatever framework(s) you have adopted or are subject to. Brilliance in the basics demonstrates positive intent and can serve you well in any security incident review.
Further, if you have multiple compliance requirements, it makes sense to approach cybersecurity in this manner, as you’re more likely to address multiple requirements by understanding the underlying best practices controls, and ensuring you have effective controls in place. You can then affect the nuance associated with a specific data set or standard.
- The fish rots from the head.
The organizations we work with whose leaders are concerned about good cyber hygiene and the security of their sensitive data, model the right behaviors within their organization and set the tone for a healthy cyber culture. We’ve seen these leaders be early adopters of security technologies and publicly validate changes, even if inconvenient to the majority of employees. We love having them as beta clients for our new services.
These leaders also have reasonable expectations of their internal IT and cyber-teams and create a culture where it’s ok to not be perfect, but can learn and grow; they also fund appropriate security initiatives and the cybersecurity budget grows as needed to mature the organization.
At Agio, our CEO is that kind of leader and has become a cybersecurity subject matter expert through his passion. He ensures that “we eat our own dog food!”
- View your cybersecurity providers as partners, not vendors or judges.
In today’s environment it’s known that there is no guarantee anyone or any organization can be completely secure, in spite of best efforts and money. Those that insist on guarantees from their providers aren’t being realistic or really viewing them as partners, but rather are looking for an insurance policy. Those that view us and other cybersecurity providers as partners, are actively collaborating and sharing information that will enhance the service relationship, enhance the technologies, and strengthen your security posture through defense-in-depth.
These same great client organizations also view our assessors as an extension of their team with the expertise to make them better. They understand we bring the perspective of having seen many organizations – similar and dissimilar – and view that as inherently valuable. These engagements are enhanced by a willingness to be completely open in sharing information (warts and all) with the goal of having the best perspective possible.
- You get what you pay for.
While pricing variances abound in the cybersecurity services environment, it’s a good idea to dig into large variances between service providers—there’s usually a story. In acknowledgment of the original question, ‘what makes a great cyber client?”, we find our best clients tend to choose their security partner first based on qualifications, perceived value proposition, service model, etc. Then, once selected, we work to finalize a service to budget price point that yields a win-win for both of us.
It should be no surprise these clients have confidence they will weather a security incident, knowing they have the most effective controls in place, a deep understanding of their network, and a security strategy. This is a mindset and the culture that can be achieved by any organization with appropriate planning, commitment and investment. Agio’s Cybersecurity Programs and Managed Services provide the structure and guidance for making steady progress toward a strong cyber culture and a mature cybersecurity strategy.