FeatureIn the past year tensions have grown between many CIOs and CISOs. Why? The changing needs of businesses have created what we refer to as the cyber-time paradox. Technology has for many been seen as the business path forward, a way to open new markets and drive greater business efficiencies – for the CSIO this means more things to secure.
With the shift to working more flexibly, there is a considerable volume of connected devices now outside the business, leveraging a new range of collaboration tools. This requires new security capabilities that generate new kinds of telemetry for the security team to comprehend and correlate into actionable outcomes.
Equally, the threat landscape continues to expand both in volume and complexity as well. These factors inevitably also become force multipliers on the workload of any business’ Security Operations Centre.
Whilst the workload on the security teams is increasing, businesses become more dependent on the processes that they have now digitised, and the amount of down time allowed has been shrinking – particularly during the pandemic. This then creates the paradox of less time to act, but more work for any SOC team to complete.
With rapid adoption of SaaS solutions, suddenly many are back to requiring multiple accounts
They are already having to adapt to working from home and now have to deal with another headache. The only solution is to better automate the SOC to empower scale, but the main challenge for many organisations is balancing the time to shift processes and capabilities with managing the current workload – like juggling and sprinting at the same time.
In some ways this is an old problem, there simply are not enough security staff to cope with the growing business demands. This can result in security teams looking for quick fixes to keep pace with the business and the accelerated shift to the cloud.
Often the quickest solution to the problem can also be the simplest, but not always the best – in this case the native security provided by the cloud, be it infrastructure or SaaS. Quick as it is, this option effectively creates vendor lock-in, the very thing that most CISOs wish to avoid.
There is also a domino effect on the CISO’s work as the native security is inconsistent, each cloud or SaaS solution has its own interpretation of what security they provide and how it is delivered, creating longer-term challenges for the security team. A simple example of this is credential management.
For years companies have worked towards single sign-on solutions to simplify user experience
For years many companies have worked towards single sign-on solutions to simplify user experience and, with rapid adoption of SaaS solutions, suddenly many are back to requiring multiple accounts. More accounts add more complexity, and with complexity comes mistakes, which in turn create work for the security teams, and likely business impact.
The key for any security team is having broad visibility across their IT ecosystem. Yet if they cannot take that viability and apply it into actions, which typically takes correlation between both differing IT systems and security tools, the quick fix becomes a legacy drag that will continue to hamper the ability to keep pace with business needs.
Today most CISOs strive for best of integrated solutions, a change from the historical best of capability. That said, in recent times demand has often led to accepting satisfactory standards taking precedence to keep pace, but it is important not to lose sight of the strategy goals. CISOs are looking to simplify what has become a complex problem space, that means being able to integrate data from the security tools they use as well as adopting actionable processes.
Most critically, this is required if they are to automate some parts of the daily security tasks. If we cannot scale up human capacity at the rate required, we have to find smarter ways to keep pace with business demands.
CISOs strive for best of integrated solutions, a change from the historical best of capability
CISOs should always have a long-term strategy in place, which ensures that when business plans are accelerated, they are ready with their own strategies to support them. The aspect that may have caught some off guard is remote working and the associated growth in shadow IT. Whilst legacy security only looked from the inside out, now they must do both.
CISOs must consider three imperatives to meet the cyber-time paradox problem and the increasingly distributed shift left cloud world:
Multiple CISOs utter the mantra for every new solution, remove two legacy solutions but in terms of costs and scale, consolidation is king.
Teams get more alerts than they can process – Being able to correlate, consolidate and, more importantly, convert alerts into actionable outcomes is critical. Otherwise, there is no means of extending capabilities.
Any incident typically has many follow-up procedures and automation is not just a big singular STOP-GO button, it is much more about the augmentation of human skills. Teams must first identify the highly repetitive steps in every process that can be automated to shorten the process timeline.
CISOs are looking to simplify what has become a complex problem space
At this moment in time, many organisations are undergoing digital transformation, making technology and infrastructure shifts quicker and on a larger scale than normal. To ensure security needs are being properly met, organisations require more frequent updates on how this impacts their risks, which are often amplified by the interoperability in these changes.
Whilst CISOs want to build digital trust, CIOs are concerned about business continuity, speed, and agility. With cloud migration at the top of the CIO’s agenda, it is in their best interest to evade the cyber-time paradox, but they do not always realise the extent to which the security team is drowning in data and struggling to keep up.
Therefore, the most effective means of eliminating tensions between business leaders is understanding the languages of their stakeholders to have a meaningful conversation; always keep in mind that every part of any business has its own language, priorities, and procedures.
Business transformation is the way forward for business but is creating the cyber-time paradox, with CISO’s struggling with too many things to secure.
