Feb 25, 2015 By Brian Reynolds In Blog

Cyber Shelfware

Shelfware.  Noun, informal.  1.  Computers.  software or hardware that remains unsold, unused, or underused.

/shelfweir/ Software which is never used and so ends up on the shelf. Shelfware may be purchased on a whim by an individual or group, or in accordance with corporate policy, but not actually required for any particular use.

One of my good friends and counterparts (SwishData CTO and blogger extraordinaire, Jean-Paul Bergeaux) recently met with an enterprise customer to discuss the cyber strategy for their particular agency.  During the discussion it was pointed out by a respected leader, who had recently taken the reigns of this agency’s cyber team, that there was an initiative underway to emphasize the problem defined above and attempt to solve it.

This is a growing epidemic within the IT community.  Cyber shelfware is today’s version of yesterday’s “need another application brought online, buy another server and a SAN”.  Don’t believe me?  Research is starting to catch on to this trend as well.  Here are some staggering bits from a recent study linked above:YBER

  • A new survey by Osterman Research on behalf of Trustwave shows that enterprises that invest in new security controls often end up underutilizing the technologies in which they just invested or not using them at all.  Osterman surveyed 172 small, midsized, and large enterprises from multiple industries and found this to be true with at least 30% of the respondents. In some companies, survey respondents said nearly 30% of all new security investments were not being used at all or were underutilized. One company surveyed said 60% of its security software was shelfware.
  • “The numbers were pretty eye popping,” said Josh Shaul, Trustwave’s vice president of product management. “We expected some security software on the shelf. What we found was companies are pouring money down the drain, while the folks approving these purchases are getting a false sense of security.”
  • “When the security guys want to put something on the network, the network ops guys don’t understand it,” he said. “They are worried about throughput and latency” and other performance issues.

OK.  We get it.  We have a problem.  A major symptom called cyber shelfware.  So the big ask is “what do we do to stop this and how to we change the trend going forward?”  In order to combat the symptom one must first determine the cause.  At SwishData we’ve worked with customers and noticed three distinct causes.  These causes can be independent of one another or in many cases may be occurring in parallel.  By identifying with one or more of these causes we believe that cyber warriors can take the first step in solving the shelfware epidemic.

  1. The mission problem.  Budgets are being passed and spending is being approved without a real understanding of business and mission requirements.  There’s money to be made and spent – billions of dollars’ worth – when it comes to public sector funding for Cyber Security.  The pace at which the spending is occurring is outpacing the pace at which consumer cyber strategy is being defined and understood.  There is a major disconnect between budget owners, business and mission owners, cyber warriors, network administrators and other IT staff members.
  2.  The numbers problem.  There are not enough Cyber experts in the world to keep up with the bad guys.  Cyber point products are very attractive at first glance – it feels good and it feels safe to inundate the environment with more cyber tools.  Kind of like a kid in a candy shop.  Manufacturers and resellers of these solutions are gainfully employed and growing in size and number with creative marketing and the proliferation of latest and greatest cyber widget to combat the threats.  This creates purchases that never turn into implementations – or just as bad – they never turn out to solve the cyber problem that they advertised.
  3. The IT problem.  Cyber tool sprawl is creating myriad of feature overlap – often times creating more work and more confusing or less useful results.  Maybe your environment doesn’t have any shelfware in the sense of the product never having been installed or on the network?  But have you looked at all of the features within the various products or suite of products that you own and analyzed which you are paying for, which you are using and which have overlap with other tools and products that you also own?  Does one do it better than another?  Could the overlap of 4 tools allow you to turn off one or more of them?  This is another form of shelfware.

Let’s be honest.  Seeing the symptoms of cyber shelfware is not really all that surprising.  History within the IT world tends to repeat itself and this is just the most recent artifact of that trend.  At SwishData we are working to help customers define a cyber-strategy that includes aligning to real business units and mission requirements with the IT spend and implementations of cyber solutions.  Bringing those individuals together and taking the time to cross pollinate and understand needs and requirements is a critical step to take.  We are focused on ensuring the right tool for the right requirement and we are most interested in what a customer owns today and what challenges those tools might be presenting them with.  We are helping customers get a handle on first consolidating tool sprawl and then refocusing their valuable time and dollars on innovative solutions as a result of the productivity gained and savings realized.

Our goal is to take the cyber warrior and his or her business and mission from a state of reactive to compliant to proactive and finally to fully optimized.

What is your plan of attack for cyber shelfware?