Published on April 9th, 2015 | by admin
Why Process Improvement Should Be Part of Your Security Strategy
With the proliferation of PCs throughout businesses over the last thirty or so years, the tight controls that were once associated with mainframes and dumb terminals fell by the wayside. Having an actual computer on each employee’s desk – and now, essentially, in everyone’s hand with mobile – expanded their capabilities and, in most cases, their productivity. However, this meant that control of the hardware shifted from the IT department to local departments and individuals.
Once the computer genie was out of the bottle, it was nearly impossible to get it back in. PCs created capabilities well beyond any initial vision, and the workforce became increasingly tech savvy. Many companies without a centralized structure found their IT budgets going through the roof to accommodate the changing times.
The advent of programs like Microsoft Access allowed each department to create its own database with very little effort. Soon, companies had data living in numerous, disparate databases. Each was updated independently and, in many cases, didn’t share the same information or the benefit of being backed up. Similar issues arose with hardware assets. If an employee didn’t have enough room on his or her PC to hold enough new data, they could simply buy an external USB hard drive and plug it in themselves without telling the IT department.
Not surprisingly, there were patterns to this loss of control and it wasn’t unique to one company or industry. As these patterns were identified, they could be quantified and processes were developed to address each area of concern. This grew into what is now known as the Information Technology Infrastructure Library (ITIL). ITIL provided a framework that could be used to identify areas of dysfunction and apply specific processes to those areas. While ITIL isn’t the only Process Improvement game in town, it is the largest and spans the globe.
Simply stated, Process Improvement is a methodology that can be quantified and reused. That methodology can then be applied to different aspects within the IT field, providing a definable outcome. This is especially useful in the area of IT Security where threats change on a regular basis and constantly exploit holes in your network to access your company’s most sensitive data. Having a definable process in place to address security threats allows a much more rapid response, and limits exposure and adverse impact.
Process improvement can be broken into four main areas: Identify, Improve, Manage, and Measure. It’s not linear, but cyclical – taking what you’ve learned on each previous pass and improving on it. In ITIL speak this is called Continual Service Improvement, and it brings real value to information security.
Whether handled in-house or contracted out, the focus of information security is on finding and understanding threats as soon as possible to enable rapid remediation. Even if you have an internal team, the challenge is to keep them trained and up-to-date on the latest threats and the tools to protect against them. Add to this the need to circle back at the end of each event and capture lessons learned to use on the next go-round, and you’re looking at a high level of effort just to stay ahead. Your strategy needs to include documented and regular updates, and it needs to be kept at a level of detail that allows it to be a training document in addition to a ready reference.
Is the process improvement knowledge set spread out across your security team, across your entire company, or does it lie with one or two individuals? What would be the impact on your team if the key person(s) left?
Should you choose to work with an outside vendor to provide your information security, the requirements are the same. You’ll need to select a vendor that understands Process Improvement fully and has a track record of successful implementations. This will set the foundation for an ongoing relationship. Whether in-house or contracted, you’ll need to be committed to the ongoing effort especially as companies continue to suffer an increasing number of attacks each year.
What steps are you taking to secure your company’s network? Are you documenting events and adjusting accordingly? By storing and retrieving threat information, you can better prepare your company for future attacks on your network. With Communications Insight, you’ll have a comprehensive toolset – complete with visual analytics and powerful ingestion capabilities – to regularly improve your information security processes.
Learn more about Communications Insight by visiting SS8 in booth 219 at RSA Conference April 20-24. Speak with an expert to get a solution demo and to schedule a future meeting.