I recently had the opportunity to host IBM's Bob Kalka, VP of Security, to discuss how the acceleration of digital transformation is impacting cybersecurity in organizations far and wide. The event was well attended and if you registered and attended, thank you. For those of you that missed the event, here is a summary of the topics discussed during the session. We addressed security strategy and transformation, managing your security program, and leveraging threat management to protect the business. These are all topics that both IBM and Solutions II have on a recurring basis with our clients during this acceleration of digital transformation. We are trying to answer the question of "how do you modernize cyber while the organization around you is going through its own transformation?"
Wisdom and Horsepower
Many organizations are transforming their cybersecurity strategy from one born out of compliance and shifting to risk management. As organizations are making this transition to the continuous cycle of risk management, they are running into the problem of "Consumability." This can be summed up by the fact that none of us have enough people or time to consume all of the data from all of the controls to adequately address cyber risk. The solution is wisdom and horsepower. The wisdom comes from talking and learning from those who have gone before you, those who lived through the transformation experience. The horsepower comes from leveraging technology accelerators like Cloud, AI, Orchestration, and Collaboration to increase your ability to consume data in a normalized and streamlined manner with automated actions and responses.
Security Programs Today
We then shifted into how organizations are managing and running their security program. Today most of us are using a 3-phase approach of find, confirm, and then fix. Find is where we spend so much of our time today pulling in event data from logs, network flows, etc, which in of itself is a reasonably large effort and THEN spend even more time trying to find the relevant and correlated security data. Confirm is where our security operations team spends time searching (hello Google!) and investigating to confirm what our disparate controls may be telling us. We then shift into the fix phase where, depending on the organization, either the security or IT team (or both) address and remediate the security incident. There's a new 4th phase that we talk about on the webinar around Federation. That is worth listening to due to the way it can modernize and accelerate the first three phases.
Zero Trust Architecture
The last topic addressed was how threat management is being leveraged to better protect the business. If we all agree (and we should) that the perimeter is ANYWHERE and EVERYWHERE that our sensitive data is, then we have all accepted the premise of Zero Trust Architecture. This would dictate that we are continuously confirming that the right users are accessing data for the right reasons. We discussed how to address the necessary controls for each of those steps. Moving to a Zero Trust Architecture allows you to better manage both external AND internal threats (malicious or unintentional).
I believe we answered the question of how to modernize your approach to cyber while your organization is going through transformation. It was fun, educational and I look forward to our next event. If any of the above items are of interest to you, you should watch the replay. If you would like to have a discussion or deep dive into any of these topics, please reach out to either myself or Solutions II.