Behind the Curtain of Enterprise Security

When a security operations team spots a security incident, they often record it on an Excel spreadsheet. Over time and through various investigations, that spreadsheet accumulates hundreds of thousands of rows of data in a piece of software that Microsoft launched in 1985 – four years before the World Wide Web was made public and three years before Robert Morris created the first Internet worm.

In 2017, this process for managing breaches doesn’t make sense and it doesn’t work well, and Chief Information Security Officers know it: more than 80% of CISOs are concerned that detected data breaches go unaddressed, according to a new research report produced by ServiceNow.

What should be done with all that data instead? A team that is used to operating behind the scenes and within a specific domain needs to integrate its data and updates with other business units.

Today, addressing a security incident is complicated and requires a multi-disciplinary approach. That’s why security operations should employ response programs that make workflows visible across the organization – although to a limited group within each department. That would make it easier for a CISO’s team to track breaches, communicate with relevant customers through customer support, coordinate with IT and engineering for investigation and remediation, share detection with affected units, determine a response in partnership with legal, alert human resources if personally identifiable information is compromised, keep senior executives constantly updated, and prioritize the thousands of data points based on business context.

In this way, for example, a breach that enters through customer service channels can be resolved with the support of the customer service unit, in partnership with IT and with full transparency to leaders across the C-Suite. Then, when a serious threat occurs, a CISO’s team can prove its value and help protect a company’s reputation – an important asset, considering more than one in ten respondents to ServiceNow’s Global CISO Study experienced a significant security breach causing reputational or financial damage in the past three years.

The technology serves a better process.

Such advancements in security response technology and processes can help overcome the political and cultural walls that have been created over the years within many businesses, where relationships between functional groups are not as tight as they should be to improve security responsiveness.

ServiceNow’s recent survey of 300 CISOs shows that integrating security into the broader organization is a widespread problem: only 18% of respondents strongly agree that other functions understand security and 22% strongly agree that their company sees visibility into internal workflow data as critical to security.

Yet, a common technology platform sends a clear message from the top that siloed functions are unacceptable.

At the same time, CISOs must work on their own houses: just 13% say their people have highly developed skills and expertise at collaboration across business functions, and 21% see highly developed knowledge of the company’s structure, functions, and the interdependencies between them.

Security is too important to keep in a silo. It’s time for CISOs to move from threat detection to response, and use a technology platform that opens the curtain to unveil the true value of enterprise security.