Scott’s questions centre on reducing risk, improving resiliency, assessing business impact, and balancing security with business considerations. This wasn’t always the case, but his approach has matured to become more business-focused. “Early on, I wasn’t asking those kinds of questions and you can end up with a very technical, shiny new object, but it doesn’t solve a problem — and that’s what we’ve got to focus on,” Scott says.
3. What’s the integration and ongoing maintenance burden?
Couchbase CISO Vasanth Madhure evaluates new tools by asking about not just license costs, but also implementation, training requirements, and the learning curve for the InfoSec team.
Before considering adoption, Madhure wants to understand the time and effort required to configure and run the product. “Some products are pretty straightforward, but others require a lot of configuration,” he tells CSO.
