The race against time and the need for cooperation with the management level
Over the past year, tensions between many CIOs and CISOs have increased. And why? The changing requirements of companies have led to what experts call the “cyber-time paradox”. Many see technology as the way into the future, a way to open up new markets and increase business efficiency. For the CSO (Chief Security Officer), this means that he needs to protect more things. With the shift towards more flexible working, there are now a significant number of networked devices outside the company that use a new range of collaboration tools. This requires new security features that generate new types of telemetry data that the security team must understand and correlate to actionable results. The threat landscape is also increasing in scope and complexity. These factors inevitably also affect the workload of a company’s Security Operations Centre (SOC).
Greg Day, VP and CSO EMEA at Palo Alto Networks explains how current and upcoming changes in the IT threat situation affect the cooperation of managers in companies with IT managers:
“As the workload of security teams increases, companies are becoming more and more dependent on the processes they have digitized. The allowed downtime is getting shorter and shorter, which is especially true during the pandemic. This leads to the paradox that there is less time to act, but there is more work for each SOC team.
Security professionals already have to get used to the work-from-home model and now have other problems to cope with. The only solution is to better automate the SOC to increase scalability. However, the biggest challenge for many companies is to balance the time to change processes and skills with coping with the current workload – like juggling and sprinting at the same time.
In a way, this is an old problem: there are simply not enough security professionals to meet the growing needs of the company. This can lead to security teams looking for quick solutions to keep up with business and the accelerated shift to the cloud driven by COVID-19.
Often the fastest solution to the problem is also the simplest, but not always the best. In this case, this is the native security provided by the cloud, be it infrastructure or SaaS. As fast as this option may be, it effectively leads to vendor retention, which most CIOs want to avoid. There is also a domino effect on the work of the CISOs (Chief Information Security Officer), since native security is inconsistent. Each cloud or SaaS solution has its own interpretation of what security it provides and how it is deployed, which creates longer-term challenges for the security team. A simple example of this is the management of access data. For years, many companies have been working towards single sign-on solutions to simplify the user experience.
With the rapid adoption of SaaS solutions, many have suddenly gone back to requiring multiple accounts. More accounts mean more complexity, and with the complexity comes bugs, which in turn means work for the security teams and is likely to have an impact on the business.
The key for any security team is a comprehensive overview of the IT ecosystem. However, it can be difficult for the team to translate this feasibility into action, which usually requires a correlation between the various IT systems and security tools. Then the quick fix becomes a legacy issue that continues to affect the ability to keep up with business needs. Therefore, most CSOs today are striving for integrated solutions, which is a departure from the previous best-of solution. However, in recent times, demand has often led to the fact that satisfactory standards take precedence in order to keep up. CSOs want to simplify what has become a complex problem area.
This means that you need to be able to integrate data from the security tools you use and introduce actionable processes. This is especially necessary if you want to automate some parts of the daily security tasks. If we are not able to increase the personnel capacity to the required extent, we will have to find smarter ways to keep up with the requirements of the company.
Finding a balance
CISOs should always pursue a long-term strategy that ensures that if business plans are accelerated, they are ready to support them with their own strategies. One aspect that may have surprised some is remote work and the associated growth of shadow IT. Whereas in the past, security was only viewed from the inside out, now you have to do both. CISOs need to consider three imperatives to address the problem of the cyber-time paradox and the increasingly decentralized shift-link cloud world:
- Simplifying cybersecurity – Many CISOs quote the mantra “For every new solution, two old solutions must be removed”, but in terms of cost and scope, consolidation is the be-all and end-all.
- Teams receive more alerts than they can handle – The ability to correlate, consolidate alerts and, most importantly, turn them into actionable results is crucial. Otherwise, there is no way to expand the capabilities.
- There must be a real understanding of the problem – Each incident, as a rule, has many subsequent procedures, and automation is not just a big single STOP/GO button, but rather an addition to human capabilities. The teams must first identify the highly repetitive steps in each process that can be automated to shorten the process duration.
Currently, many companies are undergoing a digital transformation, where they are converting technology and infrastructure faster and on a larger scale than usual. In order to ensure that security needs are adequately met, companies need to be informed more frequently about how this affects their risks, which are often exacerbated by the interoperability of these changes.
While CISOs want to build digital trust, CIOs are concerned about business continuity, speed and flexibility. Since cloud migration is at the top of the CIOs’ agenda, it is in their interest to circumvent the cyber-time paradox. But they are not always aware of how much the security team is drowning in data and struggling to keep up. Therefore, the most effective means of eliminating tension between business leaders is to understand the language of their stakeholders in order to have a meaningful conversation. It should always be borne in mind that each part of a company has its own language, its own priorities and procedures.“