By Deryck Mitchelson, Field CISO EMEA, Check Point Software Technologies.
Cyber complexity can impede efforts to secure systems. In particular, cyber security complexity increases risks, drives high costs, and can result in sub-par decision-making. By pursuing a simplification agenda, leaders can build true cyber security resilience.
Reducing complexity means focusing on operational overlap, on duplication and on trying to reduce the number of third-parties that your organization works with. It means having a look around to determine which areas of your security are most cumbersome and impractical.
Reducing complexity: Smarter technology
To simplify your complexity, observe the suite of tools that your organization is using for automation purposes. Could a singular, smarter technology provide better threat monitoring and identification, while simultaneously advancing your risk management protocol?
For example, Check Point’s Avanan product normally reduces the number of emails that come into the SOC by up to a third, enabling analysts to work in a simpler, streamlined and more effective way than they would be able to otherwise. That’s just one example of how to cut down on complexity.
Consolidating the management of your entire security estate -perimeter and cloud- also reduces management complexity. Additionally, using APIs, it is also possible to automate security management, further reducing complexity.
If you want to take the complexity out of that, you don’t need multiple teams. Rather, manage your entire estate of firewalls and all of your network security perimeter the exact same way; removing even more layers of unnecessary complexity. For everything that you simplify, you’ll find that you get much more in the way of visibility.
Revisiting growth strategies
Boards want reassurance that an organization is taking every measure to minimize risk. In reducing complexity, you’re not only minimizing risk, but you may also be able to reduce headcount and deliver better services. I’ve never come across a board that doesn’t like those prospects.
Check Point has been very successful in engaging corporate groups around reducing complexity. For example, we worked with a major aerospace company to make their path to compliance easier and to take the complexity out of compliance.
From the 30,000 metre vantage point, the aforementioned initiative pertains to the issue of critical national infrastructure security. Thus, complexity reduction not only benefits an individual organization; initiatives may have an effect on a national or international level.
Complexity as a quality driver
A lot of professionals believe that simplicity will result in lower-quality solutions; that they’ll have to accept cyber security infrastructure that’s not quite as good as it would be otherwise. But that isn’t the case at all.
The complexity conversation should be driven by the question of ‘how can we reimagine, reengineer and replace architecture so that we end up with substantially higher-quality cyber security outcomes?’
Most organizations have far too many tools to manage. The tools commonly do not interoperate, or do not interoperate as well as they need to. As a result, it’s very challenging to obtain adequate visibility.
In my view, organizations should be asking themselves ‘why have we allowed ourselves to become so complex?’ ‘What can we do about it?’ We’ve all got to step back and make security far simpler.
For more insights from Check Point Field CISO Deryck Mitchelson, please see CyberTalk.org’s past coverage. Lastly, to receive more cutting-edge cyber security news, best practices and analyses, please sign up for the CyberTalk.org newsletter.