To say information technology has changed considerably over the last few years is an understatement. As new technologies emerged and connected endpoints multiplied, the attack surface scaled up, fast. In the not-so-distant past, our network perimeter was a meaningful security barrier. Security teams could easily discriminate between assets from within their organization and those which lie outside it. Today, society demands greater flexibility and with this, a transition toward mobile endpoints. Stationary workstations are obsolete—with COVID-19 putting the final nail in the coffin—and replaced with laptops, smartphones, and tablets. More importantly, data no longer resides on such devices, nor is it safeguarded in organizations’ datacenters. Rather, data now sits in the cloud where security is managed by a third party.
Nearly every company has moved core IT functions off premise—be that through Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS), or Platform-as-a-Service (PaaS) tools. To accommodate the intangible nature of today’s cloud-based IT environment, security teams are having to re-examine their strategies. Further, security teams are pressed to do so quickly, as the pace of cybercriminal activity continues to accelerate. Given the conditions and realities of the day, it’s unfair to expect internal security teams to do everything alone.
You need a security ally
Security teams need an ally that can help them make meaningful progress, no matter where they are in their maturity. In other words, you need vendors who support your mission—an Alfred Pennyworth to your Batman, if you will. While your organization is out serving society, you need to have someone watching your back, making sure operations run like clockwork.
An ally is fundamental in enabling your security team to move faster to keep up with the dynamic threat landscape. How fast an organization moves is highly dependent on preparation. As the Navy SEALs say, “Slow is smooth, and smooth is fast.”
Organizations need to be intentional in setting aside time to understand the ins-and-outs of their teams’ processes and what steps to take if an incident were to occur. Allies should be there to facilitate this, whether that is through providing the tools to perform simulations or consulting on business continuity plans. A good ally is also proactive, always looking to stay one step ahead of the bad actors. They would analyze the latest intelligence to optimize their detection of emerging adversarial techniques and monitor all activity within the IT environment, constantly hunting for threats. By doing the groundwork to get processes firmly in place and understood by all team members, organizations can tackle any issues that come their way with a cool head because they have a plan. This will help in avoiding impulsive decisions that ultimately only create more problems and cause more friction in the response process.
How to find them
In a world where so many purport to be an ally, how does one decide who has their best interests at heart?
This is a big question, and one that can be determined when security teams are honest—both with themselves as well as with others. Nothing compromises the strength of a security team more than ignorance to their own weaknesses. It is only once these weaknesses have been accepted that work can be done to address them and organizations can take steps to build a stronger security posture.
While I’ve been speaking mainly of third-party allies, security teams need allies within the company, too. They need to know that management will listen and not penalize them when issues with processes or gaps in coverage are brought to light. Only by having frank and open conversations will organizations be able to discern what can feasibly be taken care of by internal teams and what will require outsourcing to an ally.
In shedding assumptions that their internal teams have everything covered, organizations can then better approach potential allies. Meeting with vendors will no longer be framed as a business transaction, but rather an opportunity to find someone who will stand in your corner and/or be an extension of your team. This transforms the conversation and allows businesses to ask smarter questions to help determine the best fits.
How much effort will the vendor put into understanding your organization’s unique environment? Are they offering a one-size-fits-all solution? How do they plan to overcome your unique security issues? Will there be an open dialogue between yourself and the vendor throughout your partnership?
In the end, you are looking for an ally, not a service provider. You want to be certain that the vendors you work with will listen to your feedback and align their goals with your own. You need them to be by your side with the expertise and resources to train you for the upcoming battles, and to fight by your side when adversaries are at your doorstep.