I am reminded of the wisdom of the old saw that “no news is good news” as almost every day brings us headline after headline highlighting that yet another company has experienced a systems breach and valuable data has been compromised. Companies continue to increase the amount of money spent on cyber security in an attempt to stay ahead of the attackers, and identifying the right level of investment in the right security solutions remains a challenge. In talking with the Chief Information Security Officer (CISO) of a large enterprise recently, we were somewhat taken aback by his candid feedback that the quickest way to still draw business attention – and funding – for cyber security projects, is to suffer an actual breach!
The Cisco 2014 Midyear Security Report highlights the various weak links existing in systems that can expose organizations to cyber security risks. No matter how many sophisticated security technologies are deployed within an organization, a security solution is still only as secure as its weakest link.
Identifying the right level and type of security investment often starts with understanding how to operationalize security, because that allows organizations to gain a better understanding of what they need to protect and how well their current measures are working.
Where does a good operational model for security begin? Often times, it begins with articulating and implementing effective policies, strong change management processes, disciplined access control mechanisms, and automated authorization and verification rules. A strong operational security model is also built by security and IT leaders having an open dialogue with business leaders. Leaders who define common goals and measure progress with metrics are able to determine acceptable levels of risk that translate into the most efficient deployment of a company’s limited IT resources. Once business and security decisions are made in tandem, security solutions become part of an organization’s operating fabric.
However, even if security and IT leaders are working in concert with business leaders, the shortage of trained security professionals contributes to the escalating challenge of running an effective security operation, as organizations are finding it difficult to attract and retain talent. One CISO mentioned to us that he could find the vulnerabilities but couldn’t fix them fast enough. At such times, working with a strategic IT partner who has a committed investment in people and operations and can provide the right consumption model for your business may be the best answer to your security problems.
As cyber security becomes a strategic area for risk mitigation, increased visibility, partnership with a trusted advisor and the right operational focus improves available options for deploying the right set of security solutions via the right operational model for your business. Organizations face a dynamic threat landscape that evolves at a rapid clip, and changing business models increase the complexity for already resource-constrained security teams. But make the effort to connect security to processes and reap the benefits by effectively integrating, simplifying, and operationalizing security solutions to intelligently protect your business.
For more information on how Cisco helps customers operationalize security, please visit our Cisco Security Solutions website.