[Reading time: 41 seconds]
The Irish Open golf tournament is taking place in Co. Kildare this weekend.
I know this because:
- There’s an oversized golf ball in the middle of a roundabout in our village, and
- There’s an increasing number of brand-new BMW limousines driving by, ferrying VIPs to and from the event.
It got me thinking about the interview process for the limo drivers.
When asked about their driving skills and the risks they might pose to their passengers, I wonder how many of the limo drivers answered:
“I drive a BMW, which has all of the latest safety features. So, your passengers will be 100% safe with me at the wheel.”
I bet none of them did. Or, at least, none of the successful applicants!
Instead, I’d say they talked about:
- Their driving history,
- Previous accidents and insurance claims, and
- Any advanced driving courses that they completed.
You know: Meaningful evidence to show that they know how to operate the vehicle in a safe and secure manner.
What has this got to do with cyber security?
When asked about their IT security controls, I see many fintechs and SaaS providers focus on the credentials of the vehicles (i.e. the platforms) that they use.
They provide plenty of information about the ISO accreditation and SOC 2 Type 2 reports issued by Microsoft for Azure, Amazon for AWS, etc.
And that’s all fine: Prospective clients want to know your vehicle is a BMW rather than a bike.
But what they really want to know is how you drive that BMW.
They want evidence that shows you know how to operate the vehicle (i.e. the platform) in a safe and secure manner.
Because if you drive like a rally driver who doesn’t even know how to turn on the safety equipment, your prospective clients will never get into your car.
* It’s a golf tournament. That’s as much as I know about golf.