3 Security Hurdles & How to Overcome Them
When you think about cloud security, it’s easy to see the similarities between managing one’s digital infrastructure and flying a plane. Inside of a cockpit there are hundreds of switches, dials, buttons, knobs and screens. The same can be said about your information security toolkit, with all of its different tools, dashboards, alerts and buttons.
Each of these indicators serves a collective purpose, helping inform the pilot for a successful journey from takeoff to landing. But they are contributors, not the goal.
Would you board a flight if you knew the pilot was more focused on specific indicators over safely completing your journey? Probably not.
But security and compliance has become exactly this. It incorrectly prioritizes tools and certifications when it should be focused on the feeling of being secure. Knowing both the knowns and unknowns of an organization’s infrastructure are accounted for. Here is why that happens:
Hurdle #1: Security is Reactive
If you have ever picked up malware on a machine, the first thing you probably installed on the next machine purchased bought was anti-malware. If a phishing attack tricks an employee, the potential danger of phishing attempts becomes a round table topic in all future company meetings.
Even external circumstances drive a reactive response to security in most organizations. A major data breach or data infringement will have everyone flocking to solutions to remedy the potential risk.
Focusing on tools and technologies, like a pilot’s indicators, is not inherently wrong. These tools and technologies can be very helpful. But having them in place doesn’t mean you aren’t any less exposed to attack. Reactions tend to be short-lived over-corrections. It helps, but to be truly effective, your behavior needs to change. We need to be mindful of the potential risks first, then act, rather than assume it will never happen.
Hurdle #2: Security is Complicated
In security and compliance, there are hundreds of tools and technologies you can use to ensure your environment is secure, but more organizations focus first on the tools, and second on where the tool is supposed to take them. That type of thinking can lead to an infrastructure that is too complex. Complexity makes it difficult to see what exactly is going on, which leads to vulnerabilities.
The goal should be to detect and identify exactly where a breach occurs to mitigate it. That is difficult to do in a timely fashion if you have to log into a couple dozen tools each time.
Hurdle #3: Security is Checkbox Oriented
When it comes to security, companies put an overemphasis on achieving compliance or becoming certified. But attaining a level of security at one point in time doesn’t mean anything for the future if the security focused culture and behavior do not persist. Take Equifax, Facebook or Target into consideration. These companies all had attained some level of compliance at one time, but they still suffered devastating breaches. Why? Because security wasn’t a process for them at the time – it was a checkbox.
Now, in a lot of industries, compliance and certifications matter. You can’t operate your business without them. But if you are designing products and creating a culture of security, these achievements should simply be natural byproducts of the process. Proof of how you operate daily.
Focus on being secure…and that’s it
It’s obvious that all of the indicators a pilot has have some purpose. It’s knowledge to understand what each indicator and button means or does, but it’s wisdom to understand when they don’t matter. Pilots know to prioritize the safe completion of the journey.
When you strive for assurance in your security operations, the distractions fall away. You can spend time putting in place what you know you need to get to where you need to go, rather than assuming the status quo and reacting. You are able to approach your security posture with a healthy skepticism and proactively adjust, rather than reactively scramble.
When you focus on being secure you will simplify your day-to-day operations. You will be able to dismiss things of little value and focus on integrating your tools into a single purview of your digital landscape, rather than buying the best, standalone tools. That single purview makes it easy to spot abnormalities and quickly respond.
When you prioritize being secure, and take the necessary proactive steps, you will find compliance and certifications come easier, without much additional strain, because you are operating at those levels daily.
All of that results in more time spent innovating and/or growing your customer base. That is security fueling business growth.
Posted By JupiterOne Team
The JupiterOne Team is a diverse set of engineers and developers who are working on the next generation of cyber asset visibility and monitoring.
To hear more from the JupiterOne Team, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.
Get updates from JupiterOne Mission Control
Fresh content and cool cybersecurity news alerts delivered to your inbox at least 2x a month! Just let us know where to send it.