Keeping things simple is increasingly one of the most important – and challenging – initiatives for today’s security leaders. As outlined in our latest guide for CISOs, 5 imperatives to up your security game, IT is dealing with an onslaught of chaos from all angles. From the expansion of IT into the cloud, to the proliferation of endpoint devices and the increased sophistication of attackers, it has never been more important to simplify your security landscape. Below, we’ve highlighted the top five reasons security professionals need to take complexity seriously.
1. Technology sprawl in the multi-cloud era
As organizations continue their push into the cloud, gaining a unified, single view of your technology and threat landscapes is a growing challenge. At a high level, many enterprises are seeing their IT environments scattered across multiple on-premise and cloud environments, requiring teams to master an overwhelming mix of disparate platforms. But that’s not all. Security resources in particular are becoming ever more fragmented and spread-thin, adding numerous ad-hoc security solutions to an already complex landscape. In fact, the average organization has up to 80 different security vendors. Here, less is definitely more. Security leaders must work to pursue hybrid IT and simplify the security technology landscape. Doing so leads to efficiencies, improves visibility and generates cost savings by removing redundant security and cloud management platforms.
2. More devices, more exposure
As computing goes to the edge and workplaces go mobile, enterprises are hoping to unlock new business models and levels of productivity. But these expanding physical boundaries are having an adverse impact on your security stance. BYOD and mobility strategies have led to a steep rise of endpoint devices that IT has to protect and monitor, all while enabling a new, engaging workplace. Meanwhile, the Internet of Things and edge computing are growing rapidly, with Gartner estimating more than 20 billion connected devices by 2020. While every IoT device has its purpose, it also comes with new risks – and an alarming lack of standards. Similar to the hybridization of IT in the multi-cloud environment, holistic security tools and approaches are needed to provide a real time, consolidated view of all your devices and endpoints. CISOs must have the ability to see – and control – devices on premises, on the go and on the edge.
3. The slow pace of detection and remediation
One of the most worrying signs IT needs to simplify is the slow pace of detection and remediation. It’s well known the average enterprise takes over 150 days to detect a breach. But what is even more shocking is it takes 66 days on average to fully contain a breach, once spotted. To speed things up, IT must once again look to simplification. Leveraging artificial intelligence and automation can drastically improve your detection times. Creating a formal incident response (IR) plan is also crucial. With education, exercises and constant communication, IR planning validates your ability to deal with threats, exposes hidden processes and identifies gaps in your response tactics. IR planning simplifies the chaos in case of a breach, improving your reaction times and efficiency when containing and remediating a threat.
4. End users are struggling to stay secure
It’s often said humans are the “weakest link” in every security regimen. And while simplicity won’t solve all your human-error challenges, it certainly will make them less frequent. Here, you should be focused on simplifying the user experience, one that is more secure by virtue of being more user friendly. Consider a focus on reducing the number of passwords and accounts users need to juggle, or implementing multi-factor authentication.
5. The rise of automated, intelligent hackers
External threats, hackers and bad actors are getting more sophisticated and delivering more complex attacks, by the day. In fact, three major security thought leaders, Malwarebytes, Symantec and McAfee have all predicted AI-based cyberattacks would emerge in 2019, and become more of a significant threat in the next few years. CISOs must fight fire with fire. Leverage advanced, automated and intelligent security platforms to stay a step ahead of a new breed of hacker. Platforms such as Microsoft 365 give enterprises access to cutting-edge, global intelligence, automation features and analytics.
Keep it simple, security pros
Perhaps it’s time we updated the old KISS acronym to “keep it simple, security pro.” Simplifying your technology landscape is one of the most pressing requirements – and effective strategies – to ensuring your enterprise is cyber-resilient and compliant.