Pay-As-You-Go Cybersecurity

Uploaded on 2018-11-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Shifting from a monolithic, high investment, capex-based cybersecurity consumption model to an on-demand, pay-as-you-go one is clearly the way of the future.

“By the glass” consumption, whereby businesses pay for IT resources and services as and when they need them, offers widely accepted financial and operational benefits that promote agility, scalability, and digital transformation.

This model has already proven successful in the cloud and for IT. Amazon Web Services (AWS), Microsoft, Google and other leading cloud service providers are charging by smaller and smaller increments, allowing service access to users on an as-needed basis. AWS even charges by the second.

Addressing the Gap

More and more often we encounter cases whereby business executives and technical leaders find themselves in opposing camps of thought in terms of the best way to achieve goals.

Analysts have found that 67% of business leaders and board members are pushing CIOs, CISOs, and other technical leaders to evolve services and approaches faster and more aggressively.

Board members have climbed aboard the digital transformation bandwagon, and they want their organisations to move quicker than their competitors toward that goal.

Research from Palo Alto Networks’ cloud security study which surveyed 500 CISOs in eight countries indicates that most cybersecurity executives believe things might be moving too fast for them to properly assess risks and their implications.

Board members and business leaders have fast become big believers in the notion of “disposable IT,” which imposes a smaller footprint on enterprises while providing greater agility and, potentially, cost savings. Many CISOs, however, are still in a traditional mindset of purchasing multiyear licenses for security, backed up by a lot of testing, risk analysis, and methodical decision-making.

Organisations must find ways of spanning the chasm between the “go faster” mandate from the board and the “let’s tame the cyber-risk monster” philosophy of the CISO.

DevOps to DevSecOps

Paying attention to actual usage patterns of IT and cybersecurity, as well as how security maps to IT services, helps ensure consumption models of cybersecurity and IT match-up. For instance, if your IT organization has adopted a DevOps process, your IT usage and availability profile could change weekly, daily, or even every few hours. Security consumption must align with those IT-usage trend lines.

The process can be viewed as a three-legged stool. First, there’s an operational need; second, the developers build the solution to meet that need; and, third, security must be bound to those operational and development cycles. Unfortunately, DevOps, so far, doesn’t typically include this security leg.

Business leaders are demanding real-time adaptation of software to match operational requirements, and security must match that every step of the way. If not, new DevOps requirements will have come and gone before the security team figure out what was needed, yesterday. Hence, there’s a need to shift from DevOps to DevSecOps, where security is natively part of the process.

Business Benefits

Adopting pay-as-you-go cybersecurity enables the agility, responsiveness, scalability, and cost efficiency today’s application-development and deployment cycles require.

Maintaining traditional forms of cybersecurity consumption can mean organisations find themselves over-investing in security and not being able to pivot on a dime when new risks emerge.

A case in point: a CIO who wanted to transform his company’s data center, says it took an inordinately long time to re-architect, get approval for, and roll out. So much so that he admitted that, today, the data center is already out of date.

Getting caught up in monolithic, long-term investments simply doesn’t make sense if you wish to remain competitive in increasingly digitised markets.

Moving to pay-as-you-go cybersecurity is a win-win for both business leaders and the CISO. Both parties are safe in the knowledge that data, business processes, routes to market, intellectual property, and sources of competitive advantage are protected against cyber threats.

Moving to this model affords the business greater digital agility while avoiding over-provisioning, keeping its executives and board members happy. Meanwhile, the model ensures that the organisation is completely protected from cyber threats no matter how fast the business’s development. It also prevents the organisation from under-provisioning on cybersecurity, keeping the CISO happy.

Discovering and thwarting breaches before they happen, and doing so against a rapidly evolving and increasingly innovative set of bad actors, can become prohibitively expensive and very manpower-dependent. However, pay-as-you-go security enables agility, reduces costs, and can speed up response times (since there is no limit to capacity).

The value of such a consumption model is clearly already working elsewhere, and there is no reason we should not be embracing this same idea for cybersecurity.

Infosecurity-Magazine

You Might Also Read: 

What Every Small Business Should Know About Hackers & Cybersecurity:

Big Companies Have An Achilles Heel:

 

« Blockchain May Break Tech’s Hold On AI
British Airways Hack Was Much Bigger Than First Admitted »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Fox-IT

Fox-IT

Fox-IT prevents, solves and mitigates the most serious cyber threats with smart solutions for governmental bodies, defense, law enforcement, critical infrastructure, banking and large enterprises.

Halcyon Knights

Halcyon Knights

Halcyon Knights is a specialist executive search and IT recruitment agency in the APAC region. Areas of specialisation include cybersecurity.

World Congress on Industrial Control Systems Security (WCICSS)

World Congress on Industrial Control Systems Security (WCICSS)

The World Congress on Industrial Control Systems Security (WCICSS) is focused on emerging trends in protection of industrial control systems.

Bessemer Venture Partners (BVP)

Bessemer Venture Partners (BVP)

Bessemer Venture Partners was born from innovations that literally forged modern building and manufacturing. Today, our team of investors works with people who want to create revolutions of their own.

Connectria

Connectria

Connectria provides cloud hosting, remote monitoring, and compliant cloud security solutions and services to enterprises, medium and small businesses.

GitProtect.io

GitProtect.io

​GitProtect is a fully manageable, professional GitHub and Bitbucket backup and recovery software that protects repositories and metadata from any event of failure.

Surefire Cyber

Surefire Cyber

Surefire Cyber delivers swift, strong response to cyber incidents such as ransomware, email compromise, malware, data theft, and other threats with end-to-end response capabilities.

IriusRisk

IriusRisk

IriusRisk is an open Threat Modeling platform that automates and supports creating threat models at design time.

Trustmarque

Trustmarque

Trustmarque delivers customer-centric IT solutions that enable better outcomes. We combine the technology, expertise and services to release value at every stage of the IT lifecycle.

Darktrace

Darktrace

Darktrace is a global leader in cybersecurity AI, delivering complete AI-powered solutions in its mission to free the world of cyber disruption.

ISO WISH

ISO WISH

Take your Business to the Next Level with ISO Certification in UAE.

Avanade

Avanade

Avanade is a leading provider of innovative digital, cloud and advisory services, industry solutions and design-led experiences across the Microsoft ecosystem.

Robosoft Technologies

Robosoft Technologies

Robosoft Technologies is a full-service digital transformation partner. We provide end-to-end digital transformation services in areas including cybersecurity.

Metrodata Group

Metrodata Group

PT. Metrodata Electronics, known as Metrodata Group, is the leading information communication technology company in Indonesia.

Prowler

Prowler

Prowler is at the forefront of the Open Cloud Security movement, championing a new era of transparency, customizability, and community-driven security for cloud environments.

Lithuanian Cyber Command (LTCYBERCOM)

Lithuanian Cyber Command (LTCYBERCOM)

The Lithuanian Cyber Command is responsible for planning and execution of operations in cyberspace and installation of strategic and operational communications and information systems.