Published: April 12, 2021 | Comments
This article first appeared in HDI.
It seems like we have been hearing about security breaches resulting in the loss of thousands of peoples’ personal identifying information and ransomware attacks for years, so why haven’t we solved this problem?
This blog looks at some of the foundational reasons organizations may be failing at security, even when they are generally successful with service management initiatives.
Securing the Enterprise Takes Diligence & Money
There are a wide variety of tools available designed to help organizations prevent breaches in their enterprise, taking several different approaches:
Vulnerability Protection: Tools that combine a database of known vulnerabilities, with the ability to scan systems and alert operators if a vulnerability is detected.
Email Protection: Utilities that enable administrators to quarantine known email attack vectors (like those related to phishing and spear phishing attacks) and even remove existing mail from peoples’ inboxes.
Network Prevention Devices: Firewalls and related proactive monitoring systems, including threat detection and alerting systems.
With just these few examples, the picture becomes clear: to do security right, you need to invest in a variety of different tools. What is more, each and every one of these efforts takes time, knowledge, and diligence to implement, and most IT organizations are at the breaking point of bandwidth already. This is especially true when you factor in the speed of change and the need to keep up with business needs.
Also, vulnerability scanning and management software alone will result in hundreds (possibly thousands) of alerts daily, making it even more difficult to keep up.
All of this leads many organizations to take some standard precautions and then take the chance that it is enough. They also put their users in front of the issue as the front line of defense, reminding them constantly to watch the emails they open. This is more than likely the least effective protection they can choose.
Developing a Security Practice
Organizational maturity and the ability to translate good practices into automation are the foundation for success with security management. Success requires several foundation items before a robust security initiative is undertaken:
Strategy First: Security must be a strategic initiative that starts at the CEO level or equivalent. IT leadership needs to drive this message home to their staff as well, so people understand their responsibilities when a vulnerability is detected and must be addressed.
Data and Analysis Capability: To understand and prioritize which vulnerabilities could impact the enterprise and which could impact critical services, a fully developed configuration management database (CMDB), with services mapped, is required. In many organizations this is still a failure point. Get it in order first, so you don’t overwhelm IT trying to address every single vulnerability immediately.
Tool Consolidation: We need to be able to leverage the CMDB for prioritization of work, and the security operations team needs a single console that can pull all of the information together.
Automation: Using rule sets and artificial intelligence, true effectiveness comes from being able to analyze data and open tickets for vulnerability response automatically, and even execute simple and repetitive solutions wherever possible.
The action plan to drive success in security management can be digested down to a short list, working from the foundation up:
The Business Value is in the Result
It’s impossible to look only at the cost of protection. Organizations have to be ready to continually invest large sums of money on protections against breaches and disruptions of service. The challenge is that when security management is successful, it looks like money has been wasted, but the opposite is true. The lack of security incidents means the organization is achieving business value from its investment in prevention. Without it, the cost could reach billions of dollars in lost data, productivity time, and public opinion. Thus, the business value of good security management is the loss it prevents.