Why risk assessments are key to strong security strategies

Lancy Andrade, Gulf Software Distribution
Lancy Andrade, GSD

Lancy Andrade, security consultant, Gulf Software Distribution, sat down with Security Advisor ME to discuss why conducting a comprehensive risk assessment is key to the success of any security strategy.

What do you think are the biggest challenges faced by the cybersecurity industry?

One of the biggest challenges that we see  in the Middle East region is skills shortage. The market is teeming with many vendors offering a variety of solutions. While organisations today make significant investments into the latest tools available, there are fewer professionals who are skilled enough to manage and optimise those solutions.

To be able to implement an effective cybersecurity strategy, every organisation needs to identify the primary risks that make their systems vulnerable. We have seen cases where an organisation had the latest tools at all levels of security and they still suffered a data breach. This is because many companies just simply plug a solution into their environment without even considering if it’s compatible with their IT capabilities or if it goes with their security requirements.

What do you think differentiates GSD as a security distributor in the region?

I believe what differentiates us from our counterparts in the market is our key focus for our business partners. We make sure to choose vendor partners who specialise in focused security segments.

There are players in the market who have a huge range of products but lack in focus when it comes to which solution set they want to emphasise on. On the other hand, we only have a specific group of products in our portfolio but we make sure that we put in-depth focus and expertise on them.

Our in-house security experts who are adept with vast skills and knowledge to support both our channel partners and customers further differentiate us from our competition.

In addition, we also have our own demo lab, an environment set up within our premises where our partners can showcase our vendor solutions to their customers. More than that, we also ensure to support our partners during all stages of their business from pre-sales activities to creating RFPs to compliance and so on. Our key focuses include ensuring our partners gain maximum profits and helping them grow their businesses.

How do you tailor your offerings to address your customers’ specific needs?

The first step we take, along with our channel partners, is conducting a risk assessment for our customers. Based on the outcome of the risk analysis we can help them develop a security strategy as well as recommend products that suit their needs.

As the largest IBM value-added distributor in the region, we offer a variety of customised solutions with flexible licensing options. We have multiple security vendors within our portfolio that are focused on delivering solutions that are pertinent to combatting the threats that regional firms are facing today. We have Cloudflare, which provides content delivery network services, DDoS mitigation and Internet security; we also offer deception technologies from Smokescreen; we carry Reveille, which offers application monitoring and management; and finally, we have STEALTHbits, which focuses on data access governance and security. All of the vendors within our portfolio offer a range of solutions that are compatible for different environments whether it be on-premise or for private or public clouds.

In addition, another key area for us is our managed security services. Due to the skills shortage, many organisations are employing the help of managed security service providers (MSSPs). Doing so helps them gain the right security expertise and lessen the workload of their security teams.

As cloud adoption increases, many organisations have the tendency to deploy their workloads on multiple environments. Do you think this poses significant security risks for enterprises today?

A lot of customers are opting for the hybrid or multi-cloud approach as it gives them flexibility. However, it does present a number of bottlenecks. For one, running systems on multiple environments present challenges around data visibility and control.

To counter this, organisations need to apply a multi-layered security approach. Now, to ensure the effectivity of this approach they also need to trust cybersecurity partners who have extensive knowledge of the underlying infrastructures of different cloud platforms and can assist them in monitoring and implementing sophisticated mitigation strategies.

That’s where we can come in. So, whether it’s on-prem or cloud, GSD has the right partners that can help regional enterprises build security strategies that will enable them to remain vigilant against future threats.

What can we expect from GSD this year? Which technologies will you be focusing on?

IBM technologies are at the core of our business. So, continuously enhancing our IBM-focused products and services is always on top of the list of priorities. As for our security offerings, we see a lot of demand for technologies around Internet of Things, blockchain and AI so we will be looking at onboarding vendors who specialise in these areas.

We will also be focusing on enhancing our capabilities and offerings around security analytics, application control, incident management as well as data governance and compliance, which involves GDPR and identity and access management.

We aim to grow our portfolio and look for vendors who have niche offerings that will not only complement our existing partners but also further add value to our offerings.

Previous ArticleNext Article


The free newsletter covering the top industry headlines