The burden of complexity – and how to relieve it
- Markus Melin, Head of Tieto Security Services at Tieto
- 23.02.2017 10:00 am Cyber Security , complexity , Markus Melin is the founder and head of Tieto Security Services, the internal Tieto startup combating cyber-crime and securing clients’ business continuity in lean and agile way. Markus has a long and solid experience in security, software project management, cloud, and agile methodologies. Before starting up Tieto Security Services, he worked for F-Secure, where he, among several other positions, headed the R&D operations of the company in Kuala Lumpur, Malaysia.
What is the biggest burden in cyber security? This question may be answered in multiple ways, but ultimately most answers could be merged into just one single word: Complexity. Luckily, the first step for resolving this situation is within reach.
Cyber security and IT environments in general are overloaded with complexity. First, look at all the hardware that you need to secure your networks. Then think about all software that is supposed to protect your assets including all the endpoints and online services. The list is endless. Take a step out, and get lost in the internet.
The cyber world and its threats around us are becoming ever more complex. From this viewpoint, powerful trends such as IoT, Bring Your Own Device, and flexible employment are not very helpful.
Cyber crooks exploit the situation: They know too well that the good guys are overwhelmed by keeping track of a zillion things.
The dangerous gap in vision
Still, every organisation must survive the challenge of complexity. But what is the best way to address the challenge? More technological solutions? Nope.
The correct answer is visibility. What do we mean by it? In short: Visibility is about getting a full overview of the security posture of your company and making this information actionable.
Why do we say this? First, we have identified a serious gap in how the actionability of security information is perceived between enterprise board members and IT executives. Board members seem to have an overly optimistic look at the realities of cyber security.
For instance, 95 per cent of board members believe that cyber security data is readily actionable, while only 40 per cent of IT and security executives feel the same. Such a wide disagreement in perception can lead to dangerous overconfidence on the part of senior management.
However, successful protection of critical assets and business operations requires broad cyber security engagement from all organisational levels. We can’t afford a split vision anymore.
Lack of visibility has dire consequences. It leads to late detection of breaches, lost credibility and a failure to address regulatory requirements. All of this costs money.
Make cyber security information visible
Creating better visibility is a practical first approach to solving the complexity challenge. Primarily, what is required is a considerable rethink in the ways we share information on cyber security across the organisation. Information must become visible to all stakeholders, not just the experts, in an understandable and relevant format.
Of course, we need technology in order to make the security posture visible. We must gather massive amounts of data in real-time from a heterogeneous pool of sources and implement data-driven methods to make sense of it all. At the same time we must avoid being swamped by an overflow of security information.
The point is to encourage collaboration and to make everyone well-informed all the time, not contribute to the already painful information overload that can cause important events to drown in the noise.
Read about the solutions for better visibility and its benefits in our fresh white paper: Visible cyber security.