Simplifying security: Know your risk, invest well

How to avoid "Frankenstack" and simplify your security.
09:40 AM
Share

I call it the “Frankenstack.”

Everywhere you look across enterprise, people are talking about digital transformation. They are navigating the perfect storm of digital convergence, struggling to enable digitization across every area of the business while also trying to safeguard the proliferation of data, access points and new Internet-connected devices. Digitally transforming the business – expanding networks, virtualizing communications, deploying IoT automation and delivering digital customer experiences – improves competitiveness but also widens access to organizational data. The attack surface has been greatly expanded, increasing the complexity of security programs and making prioritization of spending and quantification of return on investment in terms of risk reduction difficult.

As is always the case, security has had to play catch up with new technologies. With the multidirectional cyberthreat landscape, the response has been to throw a lot of money at the problem. With more than a thousand security technologies and solutions on the market today, enterprise has been investing in an increasingly sophisticated set of defensive solutions—resulting in a monster stack of protocols and solutions that have added cost and complexity.

Working with enterprise customers, we’ve identified some common outcomes that CISOs and IT/IS teams are trying to drive when it comes to their security programs:

  1. Security for all stakeholders. Businesses need security programs that build confidence and safeguard data at all times for customers, vendors, partners and all other stakeholders.
  2. Actionable risk and vulnerability insights. To make the right security investments and effectively mitigate the risk of breach-related damages, they need intelligence-based insights that correlate security-related costs with cyber-related risks to quantify security posture. This can help decision makers determine their ROI and drive an outcomes-focused approach that helps to continually improve security.
  3. Effective threat detection, protection and response. Businesses often lack the expertise internally to navigate the threat landscape. They need a simplified approach to monitoring, detecting and analyzing threats so they can make adjustments to security programs based on that data. Beyond that, they often need support with managing their long-term strategy for enterprisewide security, so they can focus on core business objectives and product/service delivery.
  4. Measurable security program effectiveness. This is the holy grail for any CISO – an agile approach to security that adapts to the unique threat landscape of their business and the industry they operate within. You cannot make resource-allocation decisions in a vacuum, without the metrics around program effectiveness and risk mitigation.
  5. Secure data at rest and in transit. With an increasingly mobile and digitally enabled customer base and workforce, it’s no longer enough to batten down the hatches around your network. CISOs need solutions and resources to keep data secure on mobile devices, they need support with mobile device management (especially under a BYOD model), and they need tools for access/identity management and credentialing to enable secure remote access to organizational data.

This is an inarguably tall order. But the answer to these needs is not “more technology.” The answer is optimization, and that means simplifying. It starts with knowing your risk, and that’s not a one-size-fits-all proposition. Each industry is unique, and each enterprise within those industries is unique – with a specific organizational footprint, business model and risk posture. Investing well can only occur within the context of the right risk picture and the right security blueprint.

Verizon will be featuring solutions that address these priorities for enterprise security at HIMSS 2018. Come see us in Booth #3243 or visit our conference website here.

About the Author:

John Loveland, global head of cyber security strategy and marketing, Verizon Enterprise Solutions​