How better standards can decrease data security spending needs
Companies across a variety of industries are feeling the strain of increasingly savvy malware and other digital attacks that threaten data security – but it’s not just information that’s at risk.
According to businesses, these attacks are also putting pressure on their budgets, with 92 percent of companies planning cyber security budget increases, according to a report by Enterprise Strategy Group. But can budgets keep up with growing security needs? Particularly for small businesses, the only option may be to standardize security practices to hold down costs.
As in any industry, standardization makes it easier for companies to assess their needs, access appropriate tools, and can help reduce the cost of those tools overall. Data security, however, is a quickly changing field, creating a barrier to standardization. Recently, though, standardization at the highest levels, specifically starting with the federal government, has opened new doors for companies seeking cyber security solutions that don’t cost a fortune and work better than current approaches.
FedRAMP’s Security Standards
FedRAMP – the Federal Risk and Authorization Management Program – is a new initiative designed primarily to standardize data security across over 100 government agencies, over 150 cloud service providers, and over 40 auditors, with solutions scaled to data sensitivity. This initiative also has important implications for businesses outside the government, though.
For those companies that aren’t directly covered by FedRAMP, the initiative offers broader guidelines for how companies and service providers can move forward. And this is a large part of what’s making available security solutions more affordable.
Some companies have already made meaningful changes to their programs in order to establish FedRAMP compliance. Encryption program developer Virtru, for example, has rebuilt their entire cloud infrastructure as part of meeting FedRAMP standards. In the process, they’ve also successfully improved software reliability and reduced latency, all while keeping downtime at a minimum. Though Virtru is still scaling towards FedRAMP standards, the fact that there are standards means that they know what their final goal is and that there will be a significant market for the improved product.
Another company that has made a splash by pursuing FedRAMP certification is AINS, Inc., a SaaS company that makes legal software. AINS, Inc. is the first small business to earn this SaaS FedRAMP certification making it a competitive, affordable option for federal agencies, as well as for practices that want to use a program that meets recognized security standards.
Keeping Cloud Costs Down
Ultimately, increased reliance on cloud-based programs was supposed to help companies keep costs down and make it easier for businesses to scale and grow, and many assumed cloud-based software would be safer than traditional server systems. As the cloud has expanded into more sensitive industries, however, development teams have continued moving more quickly than security system developers can handle. And with no standardization, these developers have no reason to slow down or change course – but with new recommendations in hand, leadership is calling for a more conservative approach.
According to Thread Stack’s 2018 report, 91 percent of company leaders worry development teams are introducing security threats into their operation, and they’re pressed for funds to protect themselves. FedRAMP offers companies a new set of standards, for development and security teams alike, that can help keep the process of track. DevOps teams can be tasked with designing to new security standards, companies will have access to a greater variety of off the shelf solutions, and, most importantly, business won’t be constantly retrofitting their programs at great expense.
There will always be new cybersecurity threats, but fighting them doesn’t have to cost a fortune. With clear security standards, though, businesses can stop struggling to scale their budgets alongside their operations. Instead, standardization offers businesses time – and money – to focus on what they do best. Fighting hackers shouldn’t take precedence over innovation.