A platform strategy that works for you is key to your future fitness
Future-fit businesses are more likely to be successful. Forrester found that future-fit companies grow 2.7 times faster then their peers. It takes time to be future-fit, and many companies still have a long way to go. A key pillar to a future-fit business is? Technology that is anchored by modern platforms, with the right underlying technology.
Software platforms are not new. However, cloud computing and modern computing architecture have made it possible to offer fundamentally new options and approaches. The modern platform strategy is centered around:
*Prioritizing modern, versionless platforms which facilitate integration and innovation.The cloud is the core of modern platform strategy. Future-fit businesses will benefit from faster vendor-delivered innovations and greater opportunities to tap into the innovation of peers and ecosystem partners. Everything is tailored to your version.
*Differentiation in high-value markets is key.Technology executives know that the best way for speed and agility is by using existing solutions when they make sense. You need to be careful about digital homogeneity, but there are many areas where you don’t have to reinvent the wheel like accounting and finance. You must distinguish which technology elements are unique in order to differentiate even in areas where you can be different. For example, people are likely to make your company stand out, while payroll to support them is not.
*With agility in your mind, customizing and creating your “secret sauce.”Modern techniques are better than slow-paced, tedious, and difficult-to-sustain methods to create your distinctive differentiation. Particularly, you should use low-code or no-code development and build add-ons from existing marketplaces instead of trying to create everything with slow-paced, traditional development.
Find the Key Trusted Parties in Your Future Fit Platform Strategy
Technology executives have relied on strategic partnerships for decades. However, they must shift their thinking to include ecosystems and interconnectivity among partners in order to achieve the desired but difficult co-innovation (see figure below). These are some of the key recommendations:
*Your sourcing approach should be one-to many rather than one to one.When selecting and managing strategic partners, think about ecosystems. Consider elements such as app stores, bundle options and pre-made add-ons for partners. Also, consider how partnerships are managed.
*Modernizing your perspective on collaboration and competitionCompanies, especially those who are conservative about privacy, worry about sharing information with competitors. Modern trust networks can include customers, as well as those who may be competitors to you, like anonymous benchmarking Workday offers through its data insight services.
*You can use public information to jump-start your decision making.To speed up your security and vetting work, you can use app store ratings and third-party information sources (such as uptime benchmarks) and prevetted contracts (such the Amazon Web Services standard contract). It does not mean that you should abandon the work, but you can and should be more aware of what you need to do and rely on existing information.
Forrester’s Ransomware Resources List
Ransomware continues to be a serious problem with seemingly no end in sight. We have put together some ransomware resources that security professionals can use. These resources can be used by security and risk professionals to prevent, detect, respond, and protect against ransomware.
These links are a mix of Forrester’s research and links from third parties. These links include incident response (IR), which includes ransomware. Some links address resilience and backup. You will also find links to government agencies and, perhaps, the most important link, to practitioners who deal with ransomware infections every day.
Forrester Analysts on Ransomware Topics
Forrester’s S&R, infrastructure and operations teams include a strong group devoted to topics such as ransomware, resilience and recovery. They include:
- Jess Burn: Incident response and chief Information Security Officer (CISO), crisis management
- Brent Ellis: Cloud resilience
- David Holmes: Zero trust
- Brian Kime: Threat intelligence, critical infrastructure and operational technology/industrial controls system security
- Allie Mellen – Threat detection and response, security operations and MITRE ATT&CK
- Jeff Pollard: CISO, board guidance on ransomware & managed detection and response
- Chris Sherman: Endpoint Protection Platforms
- Heidi Shey: Breach response and notification
- Steve Turner: Zero trust and practitioner preparedness
These are some useful links to help you combat ransomware
We have compiled a list of useful resources for S&R professionals who are fighting ransomware. These links will take you to other websites that might be of assistance.
meirwah’s Awesome Incident Response is perhaps the most comprehensive and complete list of links to various IR use cases.
Many of the links below can also be found there.
Australian Cyber Security Centre
Cybersecurity and Infrastructure Security Agency (CISA).
MITRE
National Institute of Standards and Technology
- Preliminary draft NISTIR 8374 – Cybersecurity Framework Profile for Ransomware Risk Management
- Tips and Tactics — Ransomware
- Data Integrity – Detecting and Responding To Ransomware and Other Destructive Events
- Data Integrity – Recovering From Ransomware and Other Destructive Events
National Cyber Security Centre [UK]
Guidedance and Incident Response Playbooks
- PagerDuty Incident Response documentation
- IncidentResponse.com’s incident playbooks gallery
- GuardSight’s GSVSOC CIRT Battle Cards
- Counteractive’s Incident Respond Plan Template
- Matt Fuller (Level Up Coding), Cloud Security Table Top Exercises
Forrester Ransomware Research and Resources
It would be remiss of us not to mention our research on ransomware over the years. Blogs can be accessed by anyone, but research reports are only available to Forrester clients.
Blogs
- Ransomware: Outrun the Guy Next To You
- The Cyberattack on the Colonial Pipeline is A (Another!) Call for Zero Trust and Resilience in Industrial Companies
- Mind the Gap – Making sure your SaaS Application Data is Protected
- Thinking Ransomware Defense – Air Gaps
- Ransomware: The Nightmare Before CyberMonday
- A commitment to best practices is required.
- Victim Blaming Will Not Stop Global Ransomware Attacks
Ransomware and Disaster Recovery/Business Continuity Planning
- Ransomware is a Business Continuity Issue
- Forrester’s Guide to Paying Ransomware
- Zero Trust Ransomware Mitigating
- 2020 State Of Disaster Recovery Preparedness
- Four Technologies Work Together To Protect You from Ransomware Attacks
Incident Response
- The Forrester Wave ™: Cybersecurity Incident Response Services Q1 2019,
- Breach Notification Opportunity
- Maximize the Benefits of Your Incident Response System
- Legal Advice Required for Cybersecurity Incident Response
- Tech: European Cybersecurity Incident Response Services Q1 2020
We have largely excluded security vendor resources from the lists. While there are many vendors that have excellent content for security teams and you will likely find that these links will suffice to keep your teams updated… and even busier (if that was necessary).
Forrester clients can reach out to their account teams to make inquiries with any analyst listed in the report.