If companies keep throwing even more money and tools at the problem, the situation could continue to get worse from a complexity standpoint. However, there are alternate solutions out there. It is time to launch a strategy to make security simpler, automate processes, and better allocate resources.
Twin Challenges: Growing Complexity and Lack of Skills
The IT infrastructure at a typical global enterprise, or even a mid-sized company, is nothing like it was even a few years ago. Then, it was still quite common for organizations to base their IT environments at on-premises data centers and keep all critical data protected by the corporate firewalls.
Today, a growing number of companies are deploying multiple cloud or hybrid cloud strategies, often using a variety of services from different providers. The cloud promises a number of benefits, but it also adds new levels of complexity in terms of managing data, applications, access, and other areas.
Increased complexity is also coming from the burgeoning mobile infrastructures that businesses are relying on more and more. Along the same lines, the emergence of the Internet of Things (IoT), with countless connected devices, sensors, products, assets, and locations, is creating complexities of its own.
Research firm International Data Corp. (IDC) in a 2019 report said the number of devices connected to the Internet, including machines, sensors, and cameras, continues to grow at a steady pace and estimated that there will be 41.6 billion connected IoT devices generating 79.4 zettabytes (ZB) of data by 2025.
To help protect their IT environments, companies have deployed a growing number of security tools, which generate a huge volume of alerts—to the point where security teams can’t keep up. Those responsible for monitoring activities, such as the movement of data, can’t possibly watch everything that’s going on, and are at risk of “alert fatigue.”
Alert fatigue — all security teams know the feeling. Many teams become overburdened by managing multiple security tools. This leads to ignoring or disregarding the never-ending security alerts, defeating the aim of detection and response.
On top of all of these challenges, organizations continue to struggle to find and retain skilled cyber security professionals. The IT environment—hardware, software, networks, services—continues to become more complex and yet there are nowhere near enough staffers to keep it safe.
A 2019 study by (ISC)², an international non-profit membership association of certified cyber security professionals, shows that the cyber security workforce would need to grow 145% to close the skills gap. The group’s 2019 Cybersecurity Workforce Study estimates that the current workforce stands at 2.8 million professionals worldwide, and the number of additional trained staff needed to close the gap is 4.07 million professionals.
Solution: Keep it Simple
The best way to address these challenges might run counter to what many enterprises consider the normal approach to cyber security: keep it simple.
The concept of security simplicity is undervalued, because for many it might imply a lackadaisical approach to protecting systems, networks, and data. That’s not the case, however, because simplicity means fewer tools generating fewer alerts.
By scaling back on the number of tools and trying to monitor everything at all times, security teams can reduce the “noise” from all these resources and focus on the areas that are most important to the business.
Rather than try to monitor every bit of data as it moves or is acted upon through the organization, why not focus on how, when, and why data is leaving the organization? Where is this data going and how is it being used?
The alerts that really matter are the ones that indicate when a valuable document, such as customer lists, source code, or intellectual property, is going out the door.
This highly focused, simplistic, and more cost-effective approach enables security teams to better maintain visibility across their organization with fewer resources. That makes far more sense than constantly dealing with a never-ending stream of false alerts.
To help monitor data leaving the organization, and to keep the process simple for their security teams, companies need to deploy an automated solution that notifies managers when data is leaving, how it’s leaving, and what value the data has to the business.
Such a solution would detect when employees move files to removable media, Web browsers and applications, and cloud sync folders; identify files that are shared externally via corporate OneDrive, Google Drive, and Box accounts; and define alert criteria based on user, data exfiltration vector, and file count or size.
Conclusion: CISOs Don’t Need to Despair
Clearly this is a challenging time to be a security executive. There’s a lot more to be worried about from a threat perspective, far more tools in place to address these risks, an ever-growing IT environment that typically includes multiple clouds, and the complexity all of this creates.
At the same time, many security leaders are trying to figure out how to acquire the specific skills needed to meet the company’s security goals.
As daunting as this sounds, security leaders don’t need to despair. By taking a simpler approach to security, focusing on the context of data leaving the organization, and leveraging automation, they can actually get more done with fewer resources.
Rather than throwing more money at the problem and adding more resources that only add more complexity, they can do much more with less. It’s simple.