Why your tech stack is out of control and 3 things you can do right now to fix it.
As a leader, you realize that no problem has one solution. Security problems are no different.
Imagine you had a blank slate to cleanly start a security program on for a new business. What would it have in it? You probably see yourself combining a variety of solutions, right?
When we think about security, many of us think about layering different protections on top of each other, each assisting in keeping criminals (or at least people who shouldn’t be inside) out.
If one layer alone was ineffective at keeping someone out, would someone be able to break in—even if you had other layers of protection in place? How will you ever know other than experiencing it first-hand?
I’m sure you appreciate a multi-layered approach when it comes to your security.
You want to combine prevention, detection and awareness together to stop attacks before they even start, or at very least mitigate the effect of a breach or attack as it is occurring. Worst case scenario, you want a way to restore your systems in the event an attack took place and went undetected.
Last year we saw a record number of data breaches and ransomware attacks. This year, we’re on par for another record-breaking year.
It is probably not surprising that it’s getting harder to protect your network from hackers. The number of vulnerabilities out there is simply growing, and networks are becoming increasingly complex from what they once were.
On top of that complexity, we have tons of cybersecurity tools to choose from. Often times, we opt to buy more simply because it’s hard to understand where the overlap lies and to make sure our networks are gap-free.
That’s when the unruly security stack forms…
For a minute think about your layered security stack. What are you protecting or needing to deal with?
Networking? Storage? Physical servers? Virtualization? Change management? Applications?
On the market right now are well over 350 products, dozens of vendors (amounting to nearly a billion and a half of different versions of tech installations).
What about having to simply ‘deal’ with technology already in place in the field? Are you managing more than one standard simply because your users or clients insist on sticking to a different platform?
As you work with a more diverse set of technology—and I don’t just mean routers and firewalls here—you will incur greater complexity to manage and protect your network(s).
Think of the vendors you deal with. Each has their own set of rules, policies and procedures. Each probably has its own list of best practices to make their system most effective. As you’re following protocols to implement, maintain and monitor each system, with each addition to your stack, it gets easier to miss steps. Think of how much oversight of even small issues can add to your growing risks as an IT team. And how many missed steps have led to flagrant security risks on your network?
Moving past setup and implementation of your stack—which often gets rushed or overlooked--what about all of the information that your security produce? How are you wading through and making sure that information is alerting you in real time to real issues?
Speed is key to minimizing impacts of breaches or attacks. If your detection and response time is twice as fast, how much less damage would you incur?
Now think about your information spread across a variety of platforms. Do you have a way to easily aggregate everything and see that it’s all working the way you expect?
Information that is gathered, consolidated, evaluated and acted upon.
That sounds like an entire process. You are essentially manufacturing your own usable data out of starting ingredients. Your IT team—or security team—has to find a way to essentially manufacture your necessary and actionable data from bits and bites floating around your network.
And you have to do all of this quickly. I’m not sure that’s an easy task!
Now add in the maintenance of systems—including patches—and your job overseeing that everything is protected becomes even more impossible. Your laundry list of security items will undoubtedly create a whole host of distractions—getting you off course from your initial goal and focus of ‘how to protect my network’. Rabbit hole after rabbit hole and one complex system after the next will keep you chasing your tail and avoiding the actual security of your data (and subsequently the true threats on it).
The multitude of attacks on MSPs and IT departments this year is a testament to the fact that our complex security systems are holding us back.
Maybe you’re saying, but I’ve bundled my security—my security is handled by one company that I trust.
Cybersecurity professionals typically use the analogy of an onion when they describe how cybersecurity technology stack protects your business. Most of these companies selling you bundled security use this analogy at least a half dozen times on their websites. They’re very convincing and at first glance the onion analogy seems to make sense. Many layers are definitely better than one.
But when you think about it for a minute, an onion is composed of homogenous layers. As you accumulate a bundled technology stack, you’re building layer upon layer of mainly the same stuff. You’re trusting your security to a company that follows mainly one set of guidelines with one set of priorities and one mission to do everything for you. Essentially, you’re entrusting them with the keys to your entire network.
That is what I perceive as the onion model of security. If I had the right tool—was able to figure out what made that cybersecurity company tick—I could cut right through all 6 or 7 layers you are paying for.
My take-home? Onion security doesn’t really work as well as we’d like to believe.
By now you’re well-aware of the complex tech stack you’re juggling. And I’m sure you’re at least starting to become aware of the multiple circus acts most security programs work within—multiple hoops to deliver a single outcome.
What I’m arguing for you to do is not divest in security practices or even technology.
What I want my clients to think about is how evaluate their security stacks and make sure they are meeting their end goal of actual data security. This circus act of how we’ve been handling security needs a new approach to actually deliver what you’re expecting.
An approach where it’s easy to prioritize vulnerabilities on your network, where you understand the urgency behind an issue and the risk associated with ignoring it. Where you can focus on the end goal first rather than the stack.
As you’re working through the pieces of your cybersecurity platform or program, consider at very least this final question. Do you have a way to quantitate your security? If not, you might want to take some time to strategize and rerack what you’re paying for.
