Heading into 2023 with digital transformation still top of mind for most organizations, CIOs should focus less on what may be new and shiny and more on making what they already have work better.
The economy is up and down. Yes, inflation is a concern. Budgets are tightening, and big tech is seemingly in retreat. Too many companies over-hired and overspent in 2021 and 2022, only to find themselves needing to downsize now. Nonetheless, cyber skills shortages persist, attacks continue to rise, attack surfaces continue to grow, and downtime is up, not down.
So, what can be done? CIOs should ask themselves and their teams three key questions:
- Are we deriving the most value from the data we have?
- Are we getting the most value out of our current tools, systems, and people?
- Are we doing everything we can to ensure improved productivity, retention, and security?
A data-driven approach is the keystone to better security and operational efficiency and efficacy.
Data: A shiny object that’s actually gold
The best way to get more value from your existing tools and systems is to leverage all the data they provide, all in one place, so that it’s useful and makes everyone more productive. With “un-siloed” security and IT ops teams focused on a common operating platform aligned with business goals, experts can begin to “re-strategize” around big data — which, of course, is not without its challenges, most importantly, cost and speed.
To begin, where do you store all this data? Historically, data storage has not been cheap. And even if you can afford to ingest and store it, then what? How do you structure it, search through it, analyze it, share it? How do you automate what should be automated? How do you find the nuggets of gold in your operational data that can lead you to improved productivity, security, and efficiency?
First, you need to ensure your organization has and can access all the data it needs. That means ingesting data — from all endpoints, applications, hybrid infrastructures, users — at scale. Many companies today don’t do this because it’s been expensive. But in a world where the average time it takes to detect and contain a breach is 277 days,* this needs to change. Companies need a way to ingest all data without breaking the bank.
Next, all that data needs context to be useful. So, beyond ingesting it all into an accessible system, you need to enrich it with contextual information so that your teams can focus on what matters. For example, you’ll want to add things like threat feeds, OSINT data, and CVE information relevant to your business. Your ops and security analysts need that context to detect and address risky behaviors.
One way to do all this is to get extremely efficient with the tools and talent you already have, but that change is challenging. Another is to establish a common operating platform that ingests all of your security and operational data and allows your teams to mine and analyze it. The best approach is one that leverages what you have and automates routine tasks to free up time so your people can do more with the data that matters.
In 2023 and well beyond, this “more data is better” model will be key to optimizing tools and personnel and improving the security of digital operations transformation.
“How do data efficacy and analytics drive secure ops efficiencies?”
Increasing the value — and utility — of what you have
In terms of both tools and people, it’s prudent to take a broader, holistic view and consider a fundamental shift toward a more data-driven approach.
That doesn’t mean disposing of the tried and true and starting from scratch. Quite the opposite. There are amazing products on the market, and when it comes to security, vendors should work together toward a common goal of protecting customers and their data.
Instead, the fundamental shift is about appreciation both in the sense of having gratitude, especially for your teams, and in finding ways to get the most value out of every system, product, and person you have.
To get more from your data, technologies, and tools, it’s important to align with industry-standard architectures and frameworks that have been proven in the real world, like MITRE's ATT&CK and Gartner's cybersecurity mesh architecture (CSMA).
Bring all tools and data together into a single architecture that supports workflows and reduces the panes of glass teams work in, and you'll improve efficiency and productivity.
You’ll also reduce your employees’ stress levels. Most security teams are flooded with alerts and spend too much time chasing down false positives, sometimes missing significant issues because they’re too busy with little ones.
With a data-driven approach, they can have the context and situational awareness they need to make better decisions.
Finding common ground: It’s time for security and IT operations to align
The status quo of siloed operations is not working, and it’s not sustainable. Thus, taking steps toward the convergence of IT and security operations should be imperative in 2023. IT and security teams must align around business goals and share a common mission: keep the business running securely and at optimal capacity.
Ops teams view risk as avoiding anything that could affect availability, productivity, or business continuity. Security teams view risk in terms of data loss, manipulation, and damage to the business.
I would argue these are the same, allowing teams to join forces to ensure availability while minimizing risk.
Here are three steps you can take to align security and IT operations:
- Address silo and turf issues. Consider merging teams and aligning everyone around a single mission: to protect and run the business as productively and efficiently as possible. Make sure that roles, responsibilities, and handoffs are clearly defined and understood.
- “Unfragment” your IT and security infrastructure. Find a way to build a common operating picture of your business while your teams work to get more value from the tools and systems they have and determine what and when they need to consolidate and change. Task your leaders with figuring out the best way to do this, leveraging what they already have and investigating new solutions when justified.
- Increase visibility into applications and data assets, so that key team members have access and context to connect the dots and reduce risk. Near term, figure out how to give your best people the visibility they need. Longer term, you’ve got to take step two for this to work and scale.
By having digital operations and security shift from operating separately and instead, working together on a shared data and analytics platform, they could become more effective at delivering on their common objectives of providing availability across infrastructure and assets while reducing risk.
To succeed in their shared mission, creating a cohesive "digital + security" approach, supported by a team that collaborates and optimizes the resources at hand — both human and machine – is key.
“Security and IT Convergence Rise to Meet Business Demands”
New year, new opportunities for digital operations transformation
Every new year represents an opportunity to rethink and refocus. In summary, here’s my advice:
- Take full advantage of the goldmine of all your data.
- Get more – data and productivity – from the tools you have.
- Help your people be more effective and less stressed.
- Invest wisely in ways that accelerate your digital transformation strategies with confidence that you can operate securely and minimize risk.
Twenty-three is a prime number — so, I say, let’s make ‘23 a prime year by finding ways to appreciate and maximize the value of what we have. Fresh thinking about how to leverage your technology investments, people, and data may be just what you need.
* Source: The Cost of a Data Breach Report, 2022, Ponemon Institute and IBM
Additional resources to help you get started: