To nobody’s shock, security shortcomings exist everywhere. Take senior IT leaders and the customers they serve. These customers believe IT leaders have taken every security precaution possible, yet any knowledgeable IT professional can look at their setup and see gaps. Unfortunately, the disparity between perceived protection and actual exposure also exists at the enterprise level.
Most security leaders believe they need three types of overlay technologies to keep their enterprise infrastructure secure: network monitoring, policy management, and security incident and event management. While those technologies involve varying degrees of monitoring and automation, they do not look at the device settings and configurations based on industry or device best practices. Additionally, it's unlikely these companies have in-house teams capable of finding and investigating every edge-case issue.
To correct the issue, CISOs, CIOs, and CTOs should take a careful look at their security infrastructures and operations teams with an eye towards automating as much as possible.
The evolving demands of security
Historically, enterprise network managers leaned on vendor solutions from CA, HP, BMC, and Cisco to monitor information flow and process entry and exit efficiency. But thanks to the Internet of Things, the cloud, and a growing number of security point solutions, the traditional network management options now leave enterprise networks susceptible to breaches.
It can be difficult for humans to reflect on weaknesses. Rather than consider all the illnesses and diseases that we regularly expose ourselves to, we use best practices like sleep, exercise, and nutrition to strengthen our immune systems. It's only when we don't have the knowledge to continue treating ourselves that we visit doctors.
In the same way, enterprises rely on input from entities like the National Institute of Standards and Technology to guide their decision-making. Because noncompliance can result in penalties, many enterprises outsource security and repurpose or let go of their internal security teams. As a result, security operations technology becomes a bottleneck that struggles to meet performance requirements. The care and feeding of security infrastructure devices are shifted from the network team to the security team, or from an internal security operations center, or SOC, to a managed security service provider.
Optimised security operations technology maximises the amount of revenue that can flow through the network. It also demands less from the individuals who are responsible for it, which frees them to work on other value-producing projects.
Security infrastructure operations are the same or more work than network monitoring or policy management, but it doesn't have to be that way. You can add security infrastructure operations to an existing team, with many solutions ready to plug and play straight out of the box. To optimize your own network security, follow these three steps.
Automate in bulk
Most enterprise executives will be familiar with the Pareto principle — also known as the 80/20 rule — that is applied to a wide range of concepts. In the context of automation, network security operators spend 80% of their time on tasks that can be automated easily.
When automating functions, massive obstacles cease to hold back enterprises because a wealth of time becomes available. Humans only have so many hours in a day to contribute, and there is a finite supply of information security professionals. By automating lower-level tasks, you can amplify the efforts of your team without increasing its size — increasing its productivity and happiness.
Once you’ve automated the 80% of tasks that fall under an acceptable level of risk, it’s time to turn to the remaining 20%. Chances are your security engineers and operators will come up with additional use cases to leverage automation, and the experience you’ve gained in dealing with the 80% will help pave the way. Instead of identifying an issue before it happens, for example, allow the automation technology to take the next step — perhaps deleting a core dump file or disabling a feature. Leverage technology to make your existing employees even more productive.
As the automation use cases expand, craft a strategy that enables your operators to become more skilled. They’re used to performing the same tasks repeatedly on security devices they've managed for years. With a larger scope of responsibilities and devices to manage, they’ll need to adjust to a less familiar and more dynamic environment. Get your team members to work together to define the use cases for automation and the remediation steps to employ to avoid unintentionally amplifying errors.
Implement effective training or coaching program
Now that you’ve automated the bulk of validation tasks, your employees must address pieces that defied automation. By definition, these functions will be some of the most complex; it's critical to make sure your employees can handle them. Few enterprises have adequate training processes in place, especially related to working with business counterparts or with new cloud security and development technologies, such as Python.
A 2017 study by the Technical University of Munich illustrated that 64% of organisations couldn’t pull off a digital transformation by relying on their in-house personnel, and one or two training sessions won't solve the issue. Make on-the-job training an ongoing initiative in your enterprise, building an infrastructure that supports ongoing learning and development.
With so much at stake for enterprises, shoring up network security is a critical initiative that can’t wait until your organisation suffers a debilitating outage or data breach. Fortunately, improving security infrastructure doesn’t require an army of specialised information security personnel. Instead, turn to automation to amplify the efforts of your existing employees and adopt a proactive approach to security.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, Cyber Security & Cloud Expo and 5G Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.