Complexity has become a growing problem for cybersecurity during the past few years. As the threat environment has gotten more sophisticated, organizations have typically responded by adding new tools to their security stack—often to the point where complexity is increasing risk, rather than reducing it.
Research from Palo Alto Networks indicates that large organizations and enterprises are using more than 130 tools on average, and even mid-size companies are using 50 to 60 tools.
When it comes to cybersecurity in 2019 and beyond, less is more. Even in these challenging times—especially in these challenging times—cybersecurity leaders must take control of their environments and reduce complexity by using fewer tools and ensuring they can more efficiently and effectively use the ones they already have.
While reducing complexity may sound hard, in reality it can be relatively simple—with the proper approach and a commitment to a vendor ecosystem that stresses integration and orchestration.
Based on my experience at the front lines of cybersecurity across more than three decades, here are eight steps I recommend to help simplify cybersecurity and be better prepared to manage risk now and in the future.
Step 1: Shrink the stack
Having fewer tools that you know how to use properly is much better than having too many things that you don’t know what to do with. Also, by shrinking the number of tools, you will be able to reduce complexity by working with fewer vendors.
Step 2: Automate wherever possible
Any processes that are repetitious and can be automated — should be automated. Prime examples include log analysis and incident response.
Step 3: Integrate
I try to avoid buying any security product that does not automatically integrate or orchestrate with others. I prefer to have one vendor that does 10 different things, rather than a single vendor that does one thing but does not integrate with my other solutions.
Step 4: Orchestrate
For example, today we have different logs for different security tools. We keep making more copies of the same logs. In order to make them useful, we need them in a centralized location where we can centralize enforcement while simplifying and streamlining the workflow.
Step 5: Measure
While you want to keep things simple, you also want to measure it. If a process takes 10 steps, can you reduce that to three? Six Sigma certification is something I look for in security professionals because it ensures a focus on both simplicity and transparency.
Step 6: Communicate
If you’re in cybersecurity, make sure the non-technical business executives understand what you are trying to do. Also, try not to make policies and procedures too complicated. If you don’t keep things simple, people may avoid doing the right thing, which can make your organization more vulnerable.
Step 7: Educate
Everyone in the organization should understand what you are doing and why. Awareness is critical in cybersecurity. If you can make it fun, try that. Instead of quizzing people on cybersecurity, make it more like a trivia contest where you give away prizes to individuals who can demonstrate that they are well informed and doing the right things.
Step 8: Practice good hygiene
By practicing good cybersecurity hygiene, you make things much simpler for your cybersecurity team. You always know, for example, that operating systems are patched and current; data and configuration files are backed up, and secure passwords are being used. Failure to follow best practices can lead to gaps in protection, which adds complexity and results in time spent fixing problems that should never have occurred in the first place.
Today, most organizations are using multiple clouds in addition to their on-premises data centers. In addition, we are seeing exponential growth in data through innovations such as the Internet of Things and artificial intelligence. And the workforce is changing right before our eyes, becoming more mobile and global at the same time.
The key is to take a less-is-more approach. By doing so, we have the opportunity to be smarter and more agile in doing the best job possible to protect our organizations, customers, employees and partners.
Mario Chiock, a Schlumberger Fellow, served as CISO at Schlumberger, where he was responsible for developing the company’s worldwide cybersecurity strategy. He is widely recognized for his leadership and management in all aspects of cybersecurity. Chiock serves on the advisory boards of Palo Alto Networks, Onapsis, and Qualys.