We often hear the saying “too many cooks spoil the broth” when too many stakeholders are involved in a project, problem, or plan, and it fails. Imagine – what if the broth is a massive data breach threatening to expose sensitive customer data for the world to exploit?
When an organisation is attempting to contain a breach, there is no such thing as too many cooks – but instead, too many siloed cooks. For instance, in large-scale incidents, remediation teams will typically involve IT operations, product engineering, and customer support, in addition to the security team. These teams unfortunately operate in separately managed silos day-to-day.
This approach needs to change, especially as Asia Pacific experiences a rampant increase in organised cybercrime. More than half of Asia Pacific businesses already lack confidence in their cybersecurity defences. Cutting through the silos will allow for more robust security and enable agility across areas of a business that are, in fact, complementary to each other.
The journey begins with introspection; businesses must first understand the nature of their IT environment and identify any overlapping functions that can work more efficiently hand-in-hand.
A brewing convergence
Let’s take the example of IT operations and security. In any organisation, security and threat detection capabilities will largely affect the operations of networks and systems. From data to applications and identities, organisations must look at safeguarding everything within the IT perimeter, not just the perimeter itself. This trend, where security and IT operations become increasingly intertwined, has intensified with digital transformation.
However, security tools typically fall into two categories, with each being used by separate groups within the enterprise. Even more so, these tools overlap in functionality.
The first category is protective controls, which are commonly used by the IT operations team. This includes authentication and authorisation enforcement, least-privilege access model, entitlement management, and security policies compliance.
Security teams rely on the second category, detective controls. This includes monitoring network activity and behaviour, correlating events, and searching for anomalous activities, among others.
For an effective security program, organisations need the synergy from both categories of tools; protective controls to block down or slow down the progress of an attack, and detective controls to detect and respond to these attacks. The two sets of tools strongly reinforce each other to minimise damage from potential threats.
There is therefore a massive opportunity to harness mutual value from both teams, if organisations embrace the convergence of IT operations and security. As we move to an increasingly digital-first world, it is these two functions that will take the first step in the direction of convergence.
Breaking the silos
Historically, the rationale for having two sets of different tools is that the two groups have different goals in mind. For instance, the security team may focus on preventing an attack from occurring, while the IT operations team’s goal may be to upkeep mean time-to-recover failed systems. The traditional approach has been to create two sets of separate tools that operate on a parallel attack.
However, the pattern for responding to a security incident is not different from the service assurance incident on the IT side. In both cases, the incident needs to be detected or observed, logged, and both will trigger remediation and forensic actions. Hence, there is potential for current IT operations tools to evolve and be applied to security use cases, rather than reinventing them from scratch as separate tools for security teams.
One may argue that this may not work as security incidents may imply that IT operations has failed. However, professionals across both functions have a common understanding that no network is perfectly secure regardless of how hardened an organisation’s security is. With the mindset that security incidents are nearly impossible to prevent, it is more productive – not to mention, more secure – if IT and security teams worked together using a common set of tools, rather than working in isolation.
Moving forward as one
With these trends emerging in the last few years, the industry is now heading in a unified direction.
Nearly 80% of CISOs have 16 or more tools in their cybersecurity vendor portfolio, and over 10% have more than 46 tools to ensure effective cybersecurity. This is a massive undertaking that not only fuels complexity and drives up costs to the organisation, but also ignores years of history and best practices developed by IT in the enterprise. We are now at a time where juggling this number of vendors and solutions can result in lapses or compromises in security.
The good news is we are seeing more organisations interested in consolidating their security and IT tools, moving in a direction of more streamlined operations and reduced security risk for the longer term. Security vendors are also coming around to the idea of automating remediation. This is a strong and efficient stepping-stone forward in the constant race with the bad guys.
As digital transformation is expected to reach US$6.8 trillion by 2023, organisation that are already at the centre of this convergence will unlock tremendous value for long-term business resilience. IT operations and security are stalwarts of each other, and businesses that embrace this will find themselves better placed to address security gaps with seamless risk management. Overall, convergence will enable businesses to focus on critical systems that need stronger security, open doors to innovation, and drive enhanced agility and flexibility by bringing two complementary functions together. These two cooks will surely make for a powerhouse broth.
