The Gartner Security & Risk Management Summit brings together some of the brightest minds in the industry across executive leadership, security practitioners, industry analysts, and more. This congregation of passionate cybersecurity experts is one of the best platforms to share industry best practices, become more educated about emerging threats and how vendors are solving them, consult with top tier analysts, as well as network with their peers. As the dust settles from the event, I wanted to unpack some of the key themes that were presented through the event’s keynotes and breakout sessions.
Theme I: Tooling Consolidation
There is an undeniable feeling that both security leaders and ‘hands on users’ have to do more with less. Tooling consolidation is very top of mind with the macro economic environment that we are now faced with. CISOs are challenged with stagnant or declining budgets, and attrition rates for security professionals are less than ideal leaving teams very much overwhelmed. There is an unsolvable supply and demand issue with security professionals –and the security threats are not letting up in this current landscape. Although this topic of tooling consolidation is nothing too revealing (we all knew about it!), it is clear that it remains a pain point for organizations of all shapes and sizes, throughout every industry vertical both public and private.
One of the key messages throughout the day 1 keynote was focused around minimum effective mindset, toolset, expertise, and friction. Let’s dial into the toolset. A minimum effective toolset is one that is effectively addressing your highest levels of risk first – but with relative ease. That is of course easier said than done. There’s also the notion of ‘making things work better together’ (i.e. 1+1=3). The reality is security leaders often inherit a number of existing tools and technologies when they walk into a new role, making the most of what you have through value-add integrations is low hanging fruit.
However, making the most of what you have as well as tooling consolidation cannot come at the expense of security. Do not consolidate for the sake of consolidation if a vendor doesn’t meet critical criteria. For example, if your SSE provider is unable to protect an unmanaged device connecting to ServiceNow and that's a critical use case for your organization, then a single vendor SSE may not be the best approach – at the same time managing (and paying for) multiple SSEs is not ideal either. Having an excess subset of tools can be overwhelming, and will lead to mistakes. So again, it's easier said than done.
With that all said, ‘platformization’ is certainly the optimal approach. Time and time again Gartner analyst’s mentioned the need for ‘Platforms and not portfolios’. There was a lot of noise around the SaaS security market at the event, in particular all of the both traditional and more modern approaches to securing SaaS applications and cloud-hosted data. Let’s now pivot and talk about the second key theme.
Theme II: Data Protection
Digital transformation has driven the need for data protection. Data is at the center of the business. Data is what the attackers are after – not the device, server, endpoint, etc. Why are they after it? Simply because they can demand a ransom for it. Data security needs to have a human-centric approach. Security is not a technology problem, it’s a behavioral problem, and that problem is centered on the end user (humans!). The amount of data that is generated today is unfathomably high and will continue to grow. The risk of data being overexposed and exfiltrated also runs high, when the users who create, access, share, and manipulate it are people. Whether it's deliberate or otherwise, people make mistakes.
Most every organization has the foundational controls to provision access, and then provide a secure connection to the necessary applications they require to do their jobs. But what happens after that access is granted? There’s a need for deeper security controls. From a data protection perspective, data needs to be protected throughout its entire lifecycle – when it’s created, accessed, shared, edited, etc. Organizations today do not have the ability to truly understand what their data exposure risk looks like, which in this case becomes impossible to protect. The end result is this concept of ‘dark data’ which is totally out of the scope/visibility of the IT/security team – similar to dark matter, we know it's out there, but we cannot make sense of it. You cannot protect what you cannot see.
Stop chasing data and start understanding people. What are the specific controls that need to be in place based on human behavior? User and entity behavior analytics (UEBA) are now table stakes in this context. Speaking of context, being able to provide the business-context of ‘what is taking place in my environment’ is so important in order to differentiate between standard business practices compared to material risk to the organization. IT and security teams need to continue to make access more granular, and use cloud and SaaS adoption as a catalyst to adopt zero trust. Least privilege needs to go beyond the identity, device, and network layers. Data protection across all forms of ‘as a service’ technologies is paramount.
Platformization in the SaaS Security Market
DoControl has felt the need for platformization within the SaaS security market. Technology providers need to offer up a ‘single hand to shake’ that addresses all the critical threat models and use cases that challenge organizations consuming business-critical SaaS applications. Prepare for remediation and invest in prevention! This is why more modern businesses are choosing to partner with DoControl. Read our ‘Buyer's Guide for SaaS Security Platforms (SSP)’ and arm your security teams with the considerations and recommendations they need in partnering with a SaaS security provider.
See you at BlackHat!