Managing Security with a Lean Team
Post-Covid security teams are lean, and getting leaner. To meet a rising threat level, they need to revisit what they do and how they do it.
- Six stratagems can help CISOs meet the challenge of lean security in a post-Covid world.
- Promoting enterprise-wide security awareness is a key first step.
- It is also important to reduce vendor sprawl and adopt a risk-based approach.
When the Covid-19 pandemic hit, countless businesses shifted to remote operations virtually overnight. That pushed many already lean IT security teams one step closer to the breaking point, forcing them to revisit how they operate.
Michael Madon, SVP & GM for Security Awareness and Threat Intelligence Products at Mimecast, frames the post-Covid challenge this way: “Security teams are under unprecedented stress, which has made them more vulnerable to attacks and breaches. At the same time, the number of attacks has skyrocketed. Individual employees facing disruptions in their own lives are craving ever more information, and attackers have seen that as a golden opportunity to double-down on web and phishing attacks.”
Recognizing that Covid-related disruptions are not going away anytime soon and that they will need to do more with less for the foreseeable future, CISOs and their teams have begun taking some or all of these six steps:
1) Above All, Promote Security Awareness Training
No matter what processes and technologies are employed, good cybersecurity depends first and foremost on the behavior of people. But while it has always been important to raise awareness and encourage good security habits throughout a company, rising threats and shrinking resources have made more effective employee security awareness training an urgent priority.
The good news is that as their work lives and personal lives grow increasingly intertwined, many employees have become more receptive to the cybersecurity message. They recognize that they can’t be careless about security at work without also endangering themselves and their families. But that doesn’t mean they know what to do—or will remember to do it—when the moment of truth arrives. For that, they need ongoing professional training, which—to be effective—is also entertaining and easy to consume.
2) Reduce Vendor Sprawl
With fewer resources, CISOs no longer have the bandwidth to manage scores of vendor relationships and assemble a potpourri of products into a coherent cybersecurity infrastructure. “It’s time to push yourself and your team to figure out how to reduce vendor sprawl, and get rid of point vendors wherever that’s possible,” says Madon.
Reinforcing this point, a May 2019 study by IDG found many companies deploying potentially redundant security tools, including VPNs, firewalls, network-access-control devices and cloud-access security brokers. The report noted that overlapping products were often deployed in response to new threats or due to decentralized management, and that nearly half of the companies surveyed were exploring ways to consolidate these tool sets—often through the use of secure-access platforms or suites. In the wake of Covid-19, this has become an even higher priority.
3) Leverage the Cloud
Just as companies moved key business applications to the cloud to reduce their upfront costs and management complexity, many were already looking to do the same with their security infrastructure. Now the rise of the remote workforce has accelerated this trend.
With more users and devices operating outside the company’s traditional network perimeter, and more digital assets stored outside the security team’s traditional sphere of influence, cloud-based security capabilities such as uniform email filtering, web monitoring and traffic analysis help CISOs bring such a massively distributed infrastructure back under control.
4) Automate (Carefully)
Automation is helping CISOs handle routine tasks such as maintaining infrastructure, providing new credentials and responding to alerts. They are learning that, judiciously applied, automated processes and machine learning can reduce human configuration errors and improve predictability, allowing them to rapidly scale their operations in response to new business requirements and reassign scarce security professionals to higher-value tasks.
The emphasis is on “judicious.” If the wrong kind of processes are automated—issuing a steady drumbeat of demands for password resets, for example—employees tend to get resentful and careless. But freeing a security team from mundane chores offers many dividends, not the least of which is giving them more time to analyze new attack techniques intended to outsmart your automation.
5) Move Towards a Risk-Based Approach
Nearly every security team performs some tasks that can be de-emphasized or eliminated. For instance, Madon notes that many groups spend significant time and effort attempting to identify the precise source of an attack. But knowing which city in China an attack came from doesn’t necessarily help halt it or prevent the next one.
Moving to a risk-based approach helps a team re-prioritize and zero in on what really makes a difference. “Instead of thinking you have to protect every bit of infrastructure, ask: what’s most important, and how do I mitigate those risks most efficiently?” Madon advises.
6) Move Towards DevSecOps
By leveraging technologies such as microservices, containerization and public clouds, DevOps has accelerated the process of software delivery at many companies. The next step is to move towards DevSecOps, which brings security into the equation from the outset. This ensures that developers are building safer code from the get-go and that security testing is included in the development team’s continuous integration (CI) and continuous delivery (CD) pipelines.
A relatively new discipline, few companies have a robust DevSecOps process. But forward-looking CISOs are working to instill this into their organization’s development culture, hoping to inoculate the company’s code base from many common avenues of attack.
The Bottom Line
The post-Covid environment poses more cyber threats, but gives security teams fewer resources with which to counter them. In response, CISOs are seeking to streamline their processes and realign their priorities, while also making judicious use of new technologies.
 “What Happens When 'Tool Sprawl' Makes IT Security Operations Too Complex,” Security Magazine
 “Security Automation: Understanding the Risks and Benefits,” BrightlineIT
Subscribe to Cyber Resilience Insights for more articles like these
Get all the latest news and cybersecurity industry analysis delivered right to your inbox
Sign up successful
Thank you for signing up to receive updates from our blog
We will be in touch!