Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

1/11/2021
10:05 AM
Lamont Orange
Lamont Orange
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

When It Comes To Security Tools, More Isn't More

Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success.

Companies fast-tracked their security plans in 2020 due to the pandemic. Timelines that had stretched into the next three or five years were condensed into six months as the business landscape underwent rapid change and the remote workforce boomed. 

Even pre-pandemic, many companies were undergoing significant transformation as they transitioned to cloud or hybrid architectures and grappled with problems caused by tool sprawl due to the quick adoption of many disparate tools. For some, COVID fueled and exacerbated these challenges.

Organizations, and especially chief information security officers (CISOs), should keep the following in mind with the COVID-accelerated shift to the cloud, where they're running into trouble with tool sprawl and looking to implement new security solutions.

Related Content:

Cloud Identity and Access Management: Understanding the Chain of Access

Building an Effective Cybersecurity Incident Response Team

7 Infamous Moments in Adobe Flash's Security History

Factors to Remember When Shifting to the Cloud
It's no secret that companies have been moving to the cloud in droves. In some cases, the pandemic sparked this shift, but many were already on the path. And COVID's impact hasn't been all negative; in many ways it let organizations hit the "restart" button and take a close look at their security strategy. 

Regardless of what prompts a company's move to the cloud, it's important to not neglect the first requirement of any successful security program: Visibility. 

Companies must be cognizant that their existing tools may not provide as much (if any) value in the cloud. Visibility is the key to determining whether old tools still provide value, and if not, what should be replaced. 

Additionally, companies need to set a cadence of patching and maintaining systems that are no longer on-premises. Even though an organization is in the cloud, there are still infrastructure components that must be patched, like software as a service (SaaS), infrastructure as a service (IaaS), function as a service (FaaS), and containerization. 

When it comes to data loss prevention (DLP), storage strategies used on-premises won't fit the bill. There will be an onslaught of SaaS applications storing data, so companies need a strategy for gaining the data control and protection they need. 

It's also critical for organizations to manage endpoints effectively, since that's where the data is going. Companies need to ensure that their endpoints control threat protection at every stage of the journey.

In the rush to adopt new technology and transition to the cloud, companies tend to neglect these practices and fail to uphold security standards. This can cause major security gaps down the line.

The Trouble With Tool Sprawl, and the Perks of Eliminating It
Many organizations felt tremendous pressure to bolster their security strategy when their workforce suddenly went remote in 2020. For some, this sparked panic-buying of new solutions without much consideration to security, return on investment (ROI), and integration. We have yet to see the long-term effects of these actions, but there's no doubt that they caused numerous gaps in security, and bad actors may be lying in wait. 

But COVID isn't 100% to blame: Tool sprawl has been alive and well since long before the pandemic. This added complexity creates natural gaps, with negative effects including breaches, disclosures, and even a scramble to remove new tools that create vulnerabilities. Tool sprawl also generates more operational challenges for security teams and can increase how long it takes to identify, resolve, and report incidents. 

Another issue with many disparate tools is a dip in workforce productivity and satisfaction. Managing multivendor environments is operationally challenging and adds complexity. Complexity introduces gaps and mounting alerts that stress teams' productivity and endurance. If, for example, small teams are bombarded with thousands of security alerts per day, it hurts their work efficiency and sense of well-being. Alert-management tools (especially those powered by artificial intelligence and machine learning) can help teams sift through the signal-to-noise ratio and uncover what's important. However, the ultimate goal should be to eliminate tool sprawl altogether through optimization. Integration is the key to simplification.

At its core, tool sprawl may be due to security leaders trying to "technology" the business with a tool-centric approach. By taking a more business-centric approach and focusing on optimizing tools, companies stand to enhance security, increase ROI, save on budget, and see immediate value from moving to new stacks.

Still in the Market for New Tools? Consider This
Of course, not all tools are bad. But companies need to do their due diligence when researching new solutions because their old checklists may no longer apply. 

Focus on rationalizing and optimizing new tools by taking a more business-focused approach. For example, CISOs can ask themselves: Can I consolidate these four solutions that provide marginal value into one that covers all my bases? 

When onboarding new solutions, CISOs should put as much emphasis on the capabilities of new tools as on who they're purchasing them from. Does the vendor pride itself on its security standards? Does it have the most robust certifications? Does it employ individuals who are exclusively responsible for security? 

Since applications have access to an organization's data, workforce, and team, these factors should be closely examined before diving into a tool's capabilities, integrations with existing tools, management, risk factors, and more.

Businesses have undergone a massive amount of change recently, and there are no signs of that slowing down. As companies take on security, it's important to remember that, when it comes to tools, more isn't always more. Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success as the world continues creating new demands for security.

Lamont Orange has more than 20 years of experience in the information security industry, having previously served as vice president of enterprise security for Charter Communications (now Spectrum) and as senior manager for the security and technology services practice at ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
priya7june
50%
50%
priya7june,
User Rank: Apprentice
1/12/2021 | 4:52:48 AM
Who is responsible for security in the cloud?
Tightly said the "cloud" has become an inseparable part of today's business.

When adopting cloud solutions, many organizations fail to balance the benefits of the cloud against the cloud security threats and challenges they may face.

But the major question to ask is, who is responsible for security in the cloud?

Being an entrepreneur I had to go through the same especially in this lockdown. I also tried many solutions but it was expensive for a start-up like mine. I finally landed in some free solutions with a limited number of otp users and quite satisfied till now.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
CVE-2020-12525
PUBLISHED: 2021-01-22
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
CVE-2020-12511
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.