How good is your security program? It depends on your data

If there is one thing that has been made clear during the Covid-19 pandemic, it is that a cybersecurity program is only as good as the data that forms its foundation.

About the Author

Suyesh Karki, Information Security Manager, Domo.

In an ever-changing cybersecurity landscape, it is critical for organizations to develop and maintain security programs that are backed by complete and accurate data. Such programs not only help security managers “connect the dots,” but enable them to make sound security investment decisions and maintain business continuity. So how exactly does a security organization ensure that its data is complete and accurate? What else does this data allow? And how can a BI platform help?

The two types of data

The backbone of a good security program consists of two types of data. The first type is architectural data, which provides insight into the hardware and software assets that make up an organization’s IT ecosystem. The architectural data structure is essential to create a secure framework and produce cross-platform and interoperable server environments.

The second type is contextual data, such as security logs, security events, heuristics, behavioral data, and threat information. If collected and analyzed properly, this type of data becomes a force multiplier to improve an organization’s ability to successfully implement preventive and detective security measures. Moreover, it also allows you to control access to all levels.

Without architectural and contextual data, security teams must rely on the absence of adverse events, such as exfiltration or data compromise, to prove their value to the business. This approach leads to a reactive and unsustainable security model, which forces teams to constantly “catch up” with ever-changing threats, resulting in an unstable and weak security framework. Therefore, planning a strategy for any potential security threat is not based on accurate and up-to-date data.

In today’s world, where many people work remotely using devices or assets that are not always owned or managed by their organization, a reactive approach to security is also not scalable. With the abundant unknown connections, these devices are susceptible to various security threats. Therefore, it is important that new threat models redefine the concept of “asset inventory” and use contextual information to help organizations make appropriate security decisions and continuously develop their security processes and frameworks to stay one step ahead of threats.

What good data does for decisions and what data-driven decisions do for security managers

When security managers make decisions based on complete and accurate architectural and contextual data, they can align security activities with business objectives, focus on the root cause of a problem rather than the symptoms and allocate the right resources to high priority issues.

Take, for example, mean time to detection (MTTD) and mean time to resolve (MTTR), two of the key performance indicators (KPIs) of incident management. If data on these indicators is tracked, then security managers can see how well their threat detection and response programs are working. In turn, they can make informed and accurate decisions about these programs, especially areas for improvement. And if contextual data is applied, then it becomes much easier to determine when existing resources are at capacity, or when the volume of detected incidents may require additional resources.

This leads to a more effective response to critical security events, which in turn protects the business and promotes its growth. It also allows security managers to gain the trust of executives. Again, the idea of ​​cross-platform and interoperable server environments within various aspects of organizations is easily facilitated by implementing the right data.

Establish a data-driven security program

When it comes to establishing a data-driven security program, one of the most important aspects is the design of the data collection process. Understanding what data to collect and how to process that data is crucial. Understanding these processes allows security teams to make careful decisions based on certain situations.

Another important factor is that the data collection process should also be repeatable. The data collected should illustrate the performance of the security program and identify vulnerabilities requiring additional investment. A large dataset provides true measures of security performance and helps answer critical strategic questions, such as:

  • Are existing security policies adequate to address business risks?
  • What relevant actions should be taken to improve security services designed to reduce risk to revenue, operations, regulatory requirements or reputation?
  • What should the organization invest in to reduce its vulnerability or the frequency of major security incidents?

BI platforms

Using modern BI platforms can help security organizations establish a repeatable and verified data collection process. The right framework for each organization is built and security managers are prepared for all the risks the business may face. What’s even better is that with the advanced capabilities of BI platforms, such as data science and machine learning, the foundation of a security program can be quickly built, delivered to the right stakeholders and lead to intelligent automation.

Connect securely online with the best business VPN.

Ryan H. Bowman