"I am looking at these security solutions because they protect these assets that drives 3 million dollars of revenue for our organization. Can you please approve this." is a much better statement to hear from the IT manager than just saying "Please approve this firewall that we need to buy." The CEO or CFO would know that we are thinking about the business. Remapping your proposal using business lingo is a more effective way to convince management to approve your plans.
The same way that Fortinet does not hard sell their products. They try to understand the situation of the organization so they could pinpoint the actual weakness in the security infrastructure to provide the better solution to their needs or requirements. It's not about quickly offering an equipment that they can buy to address the issues but to understand first the problem like the challenges and specific points that needs protection. There really is a need to see the big picture before a recommendation should be given.
It's basically educating the clients on what are the possible things to do or maximize on their existing infrastructure rather than letting them figure it out on their own and adjust on the product's capabilities and limitations. This allows the clients to get the most appropriate solution from Fortinet.
At an intimate media discussion, experts from Fortinet led by Alvin Rodrigues, Fortinet Marketing Development Director for Southeast Asia and Hong Kong.
Also present during the discussions where Jeff Castillo, Managing Country Director of Fortinet, Nap Castillo, Regional Pre-Sales Consultant of Fortinet and Rachelle Alcantara, Channel Account Manager of Fortinet.
The event was held at Café 1771 located at Greenbelt 5 in Makati city and attended by select members of the media. A presentation was held while food was being served to everyone. We enjoyed a delightful feast from Café 1771 while questions were being thrown to the Fortinet guys.
|Alvin Rodrigues, Fortinet Marketing Development Director for Southeast Asia and Hong Kong|
The framework he discussed was generated out from their interactions with more than 200 executives (right now its close to 300 executives already which are also validated over and over again against the values within the organization ) and it focused on how security supports changes in market dynamics and also on customer expectations. It identifies and protects business critical assets and could potentially lead to a corporate aware security culture. We must understand that a business-aligned security is not a substitute to the existing risk-based security framework. It leverages new technology for a competitive advantage.
|Alvin discussing the basic 6 steps model to build a business aligned security strategy|
Organizations are using more online or Internet as a platform to do business. Even though the Internet has been popular for so many years already, the current years are evident that businesses are now more mature in embracing Internet technologies such as social media, big data, analytics, and mobility.
We are no longer bounded to interact and transact using our computers and laptops or notebooks. Smartphones and tablets are now recognized as continuously increasing in market share as the preferred access device of many consumers. There has been a significant decline in the demand for PCs and notebooks in favor of the more handy or portable mobile devices. Naturally, everyone wants a level of convenience out of every experience.
Alvin also mentioned that hackers may already be attempting to penetrate into our mobile transactions (or they might already be in). I hate to think that my online purchases may be compromised while I shop a wide variety of accessories online through Zalora's Mobile App, or as I book a taxi using Grab Taxi’s Mobile App, or when I order food for delivery using foodpanda’s Mobile App.
|Alvin's presentation was very detailed and full of many takeaways|
End user (customer) experience management is a new term coined only in the last 12 months, whereby vendors and sellers are looking at how to capitalize and meet or even exceed customer expectations. One very bad experience right now can be easily translated very massively over social media and viral marketing just as how a good experience can also trend online.
|Fortinet guys answering inquiries from members of the media|
Identify our business' critical assets and do not look at security as a homogenous solution where we provide the same level of parameter protection. We must understand that some assets are more important than others thus requiring more security. It should be a tiered, a bit biased, a bit appreciated level of protection.
|Fortinet listening to our inquiries|
|The presentation, discussion and meals were all filling that it's more like an information overload within just a few hours|
This proposed framework should work in conjunction with existing frameworks and not to replace but to extend the value of security.
Risk-based security is a notch above mere compliance and in IDC's view, business-aligned security is another notch above. Many of the compliance tells you that you need a firewall, but it doesn't tell you what kind of firewall. It tells you that you need testing but it doesn't tell you what kind of testing like penetration, vulnerability, appliance or business resiliency security posture testing. This is where the business-aligned seeks to differentiate.
Focus on our customers. Identify our customer expectations. The IT department needs to look at the alignment and should be able talk the right language with the executives. We need to be able to articulate the value we need to bring to the end users. We need to identify who are our customers and what are the personas we are dealing with. There are three types of customers, one is the consumer, the business customer, and institutional customers - those who look at investment relationships and so on. Each one of these groups has a different level of expectations.
We need to identify the business value proposition that meets or exceeds customer expectations so we can capture the market. Some organizations are known for their reputation or good production services or design and user-friendliness, easy to maintain or repair, of their product, and most especially quickness to respond. Since we live in a fast-paced environment thanks to the advancement in technology especially portable or mobile gadgets, end users think about what businesses can do for them very quickly. The sense of security in engaging with them is also given importance by the customers just as how they transact with banks where the level of security gives them peace of mind knowing their money is in safe hands.
It is important to note that a business' critical asset is a dynamic asset - an asset that is critical today but may not be critical tomorrow. We need to be able to adapt to the behavioral changes of our customers. IT and security needs to ensure that our assets that are driving or meaningful to business have the protection needed to prevent it from being disrupted.
Anything that impacts business continuity, revenue, profits and market share are critical assets.
|Introducing a business-aligned security framework|
|Our organization needs to talk more about our needs at a more intimate level|
Alvin goes on to discuss about establishing protection (Visibility and Intelligence, Security solutions, security management processes) where detection, mitigation and remediation were discussed and this is where Fortinet introduced their Unified Threat Management Methodology.
Lastly is to build a corporate aware security culture since the human element has always been the weakest link that needs to be able to recognize the face of threat. Security should be the responsibility of every employee within the organization. Every employee needs to have the basic insight to recognize and remedy the first signs of threat. Security in place also adds quality to the organization.
This leaves us to reexamine our corporate security implementation, and encourages us to reconsider establishing a framework that's more comprehensive in security preparedness.
Fortinet assures that an in-depth study of our security requirements by understanding the whole scenario is essential if we really want to arrive at a more strategic solution to our needs. It is beyond just selling the infrastructure to our customers but more about a deeper relationship .