Original article written and published by cybersecurity news publication Threat.Technology on September 2, 2021, based on an interview with Brad Thies, founder and president of BARR.
BARR Advisory specializes in cybersecurity and compliance for SaaS providers and enterprises with high-value information operating in cloud environments like AWS, Microsoft Azure, and Google Cloud.
With a nearly 100 percent client retention rate, BARR’s cloud-based clients trust us as their cybersecurity solutions provider. By providing unparalleled service, following the data, and focusing on security first, we take a comprehensive approach to cybersecurity and compliance for every client we serve. Our mission is to create a more secure world, one enterprise at a time.
What problem are you trying to solve?
Cybersecurity, at its core, is about humans feeling safe and protected. Safety creates trust in the marketplace. The challenge 10 plus years ago was to get cybersecurity a budget and a bullet point agenda item in the boardroom. Today, spending on cybersecurity is up, but so are data breaches.
The challenge now is transparency and educating the market to make better decisions to address cybersecurity in our interconnected world. This means taking cybersecurity from a compliance based exercise to a real security exercise that equips decision makers with the information they need not only to meet regulatory standards but to actually address cybersecurity risk. This sentiment was highlighted in a recent report by Debate Security, aptly subtitled “Is cybersecurity the new ‘market for lemons’?”
In the last 18 months, we’ve seen an accelerated shift to the cloud. Before COVID-19, many organizations had cloud adoption top of mind, but the pandemic definitely sped things up given the almost overnight necessity of remote work and digital strategy.
Inevitably, concerns about security within the cloud quickly followed. In fact, according to security software and hardware company Sophos’s “The State of Cloud Security 2020” report, 44 percent of organizations stated data loss/leakage was one of their top three security concerns, and a study by Flexera reported that 81 percent of organizations using the cloud indicated that security is a main challenge.
And, believe it or not, as stated by a study from Tanium, C-suite executives reported a 90 percent increase in cyberattacks after workers went remote, and 98 percent say they saw a rise in security challenges in the first two months of the work-from-home period.
In short, cloud security has moved from a nice-to-have to a need-to-have for organizations across the globe, and one of the most serious mistakes an organization can make when it comes to cloud security is assuming that security is entirely handled in the cloud. You can delegate everything except for accountability, and knowing who is responsible for handling each security measure is critical.
How are you solving that problem?
BARR solves this problem by simplifying the path to security and compliance. We do this through three key differentiators: 1) we take a human first approach, 2) we have perspective, and 3) we drive value for clients through our connections. Allow me to elaborate.
BARR brings a human first approach to cybersecurity and compliance by educating and empowering our clients without using scare tactics. We use real talk (not tech talk) to raise awareness, change behavior, and embed the best practices into our clients’ company cultures. We also have perspective. We understand the challenges our clients face every day—because we faced them when we sat on their side of the table.
BARR has supported hundreds of SaaS and enterprise-level clients, so we offer solutions based on experience, not theories, and we can show each client how to use security as a differentiator in the marketplace. Finally, we drive value for our clients through connections. BARR uses its global network of providers to connect our clients with the best-fit experts. And these go far beyond a simple referral. These partners are integrated into our own tools, processes, and services.
How has the pandemic impacted your company?
According to the same previously mentioned Flexera study, 99 percent of organizations use at least one cloud in 2021, reflecting the business world’s reliance on cloud computing which has only accelerated during the pandemic.
As workers around the world transitioned to working from home, cloud computing guided businesses through the pandemic by providing the necessary solutions for remote work. This process didn’t come without security challenges. The 2021 Verizon Data Breach Investigations Report found that the rate of cyberattacks, such as phishing and ransomware, was on the rise throughout the pandemic.
With the increased reliance on cloud computing, security and compliance are paramount—that’s where BARR comes in. Throughout the pandemic, BARR has guided our clients through the new and unprecedented challenges they’ve faced with tailored security and compliance solutions.
Where do you see your company going in five years?
In five years, we anticipate continued demand for cybersecurity and products, but our ultimate vision is greater automation and collaboration. To manage cybersecurity risk, we need great visibility into the threats. Today, we spend countless hours with outdated assessment and manual audit techniques.
These hours may achieve compliance but it distracts us from a higher calling with real security. Compliance is important because it creates a standard way to communicate externally but the resources put toward compliance take away from thinking through evolving threat models that a compliance standard or regulation cannot possibly see. Our goal is to automate close to 100% of the primary compliance reporting such as ISO, SOC, NIST, and others so we can focus on the real value add of addressing cybersecurity strategy and evolving threat models.
Our vision of collaboration is twofold: we want to create a collaborative security culture and minimize the barriers to entry in the field of cybersecurity. Short term pain is always worth it for the longer term gain and we are all responsible for being more forthcoming with our issues and gaps.
A culture of continuous improvement is needed, rather than assuming that a compliance report is the end goal. Today, businesses are too timid to share their security vulnerabilities with prospects, customers, regulators, and stakeholders because of the fear of not closing a deal or receiving a huge fine or penalty.
A change in thinking is needed to recognize we are all in this together to solve the same problem of achieving confidentiality, integrity, and availability in our interconnected systems. Our vision here is to help our clients by partnering with their customers, vendors, regulators, and other stakeholders to solve problems instead of thinking this is an individual company’s issue.
Because cybersecurity is always evolving and a human issue at its core, our vision is to continue to build out our platform to cast a wider net for pulling in cybersecurity talent. Cybersecurity can be intimidating when you read job postings that require tons of certifications, years of experience, special degrees, and specific technology needs for very entry level positions. Our vision is to change that by collaborating with partners to minimize the barriers to entry and to fill a more robust pipeline of cybersecurity talent the industry demands.
What is the next big challenge in information security?
The major challenge ahead is recognizing security is a differentiator in any business, rather than the traditional view of it being a cost to do business. The cloud is no longer an emerging technology. Just as we’ve shifted into a centralized cloud environment, we’ll soon begin shifting to other places and relying on new technology solutions.
Cloud computing will support the next wave of computing, edge computing, and emerging technology such as artificial intelligence (AI) will have a central role to play in helping organizations solve cloud issues. By recognizing security is a differentiator, and not just another business cost, we can ensure that transition is secure.
Preparing for the challenges ahead requires managing the challenges of today. Implementing strong security practices like zero-trust identity management and multi-cloud security now, rather than later, will support the secure integration of emerging technology into our everyday workflow.
There’s also a major shortage of skills and resources in cybersecurity, specifically those with cloud skill sets. Without the skills and experience necessary to prevent security threats, organizations are all the more vulnerable to data breaches. By minimizing the barriers to entry in cybersecurity and prioritizing security as a differentiator, we can expand the workforce and ensure each organization has the necessary resources to secure their network and protect their data in the future.
How do people get involved/buy into your vision?
Our goal is a simple one: to secure the world. Whether you’re a thriving SaaS startup or a well-established enterprise, when you partner with BARR, we’ll educate and empower your people, show you how to use security as a differentiator, and connect you to the best-fit industry experts and tools.
With BARR, your challenges are our challenges; our successes are collective; our one team is unified. Bring us your security and compliance pain points, and we’ll work with you to solve them. You can contact us today to schedule a free consultation.