The New Age of Corporate Tech and Security Management
Rolodexes have been replaced by CRMs. Pen and paper with keyboards. And filing cabinets are now weightless in the Cloud. To reiterate the driving point in part one of this series, The New Age of Corporate Tech and Compliance, today’s corporate world is experiencing the most innovative period in history. Nearly every aspect of business once incorporating physical, manual methodologies is now transitioning to ones existing in an environment of cyber connectivity. While this shift has been the catalyst to extremely efficient, automated processes, it has not come without growing pains — specifically in the realm of security management and threat mitigation.
Before the advent of computers and the internet, organizations’ scope of security management was fairly narrow. Not to say threats were not imminent, rather the variable complexity of vulnerability landscapes were less complex compared to today. Comprehensive threat mitigation was bound mostly to the physical world and its associated assets; therefore, manual methodologies were adequate in defending against attacks and amending vulnerabilities. Business has since progressed at lightning speed, with advancements in corporate technologies being the primary driver.
The Year of the Breach proved that yesterday’s watchdog methods of security are insufficient if not bracketed with other practices. Long gone are the days of relying solely on building up defensive walls and hoping they’re impenetrable. Today’s blackhats are cyber ninjas capable of sleuthing, at will, through even the most secure networks completely undetected. Several of the companies headlined in the media were compliant with industry security regulations, but still fell victim.
Cloud computing and the Internet of Things are becoming mainstream in the corporate world. Many business processes are now being executed wholly in a cyber environment with their administrative assets existing as intangible properties, not flesh. Because of this change, organizations now bare a multidimensional propensity to malicious activities. Companies must now concern themselves with the protection of these immaterial assets and the resulting data generated. The rash of breaches in 2014 confirmed that enterprise security practices must be revamped to consider these cyber networks in which businesses now exist.
Modern offensive security technologies have been effective at uncovering differing elements of vulnerability. Coupled with existing defensive tactics, companies can construct a comprehensive, detect-and-defend security program. Using an array of security scanners to frontline firewalls, DMZs, and IDSs greatly improves the ability to mitigate threats; however, efforts to effectively analyze the deluge of incoming data can be burdensome if left to conventional methods. The future of enterprise security will consist of supplementing this two-pronged approach with a tertiary element.
GRC solutions have recently entered the arena of security and risk management in a big way. Understanding relevant security data was once a nightmarish undertaking, but can now be automated and streamlined by using these masterful solutions of contextualization. By adding this third element to a security management program, data from all vulnerability scanners, web app scanners, SIEMs, and log files is centralized and correlated. This data can then be reported more contextually via dashboards, allowing risks and trends to be adequately identified. Once threats are discovered and documented, they can be prioritized with assigned remediation workflows to begin mitigation. These functions combine to provide a comprehensive understanding of the enterprise-wide security landscape based on hard data with the end benefit being governed, strategic threat mitigation.
Security management and threat mitigation have been, and always will be, a priority for organizations. The infusion of cyber components into business practices will continuously expand the environment in which companies dwell. Therefore, it’s not a matter of if GRC solutions will become synonymous with enterprise protection, but rather when organizations will adopt these solutions in spearheading their efforts towards effective, efficient security management.
Learn about CIS’s first five controls and examine what each control addresses.
Learn about how privacy programs and the importance of being prepared for a breach.
Learn about the constant vigilance of continuous security monitoring.