Security Should Fuel Business Growth. Why Doesn't It?

by

3 Security Hurdles & How to Overcome Them

When you think about cloud security, it's easy to see the similarities between managing one's digital infrastructure and flying a plane. Inside of a cockpit there are hundreds of switches, dials, buttons, knobs and screens. The same can be said about your information security toolkit, with all of its different tools, dashboards, alerts and buttons.

Each of these indicators serves a collective purpose, helping inform the pilot for a successful journey from takeoff to landing. But they are contributors, not the goal.

Would you board a flight if you knew the pilot was more focused on specific indicators over safely completing your journey? Probably not.

Airplane cockpit

But security and compliance has become exactly this. It incorrectly prioritizes tools and certifications when it should be focused on the feeling of being secure. Knowing both the knowns and unknowns of an organization's infrastructure are accounted for. Here is why that happens:

Hurdle #1: Security is Reactive

If you have ever picked up malware on a machine, the first thing you probably installed on the next machine purchased bought was anti-malware. If a phishing attack tricks an employee, the potential danger of phishing attempts becomes a round table topic in all future company meetings.

Even external circumstances drive a reactive response to security in most organizations. A major data breach or data infringement will have everyone flocking to solutions to remedy the potential risk.

Focusing on tools and technologies, like a pilot's indicators, is not inherently wrong. These tools and technologies can be very helpful. But having them in place doesn't mean you aren't any less exposed to attack. Reactions tend to be short-lived over-corrections. It helps, but to be truly effective, your behavior needs to change. We need to be mindful of the potential risks first, then act, rather than assume it will never happen.

Hurdle #2: Security is Complicated

In security and compliance, there are hundreds of tools and technologies you can use to ensure your environment is secure, but more organizations focus first on the tools, and second on where the tool is supposed to take them. That type of thinking can lead to an infrastructure that is too complex. Complexity makes it difficult to see what exactly is going on, which leads to vulnerabilities.

The goal should be to detect and identify exactly where a breach occurs to mitigate it. That is difficult to do in a timely fashion if you have to log into a couple dozen tools each time.

Hurdle #3: Security is Checkbox Oriented

When it comes to security, companies put an overemphasis on achieving compliance or becoming certified. But attaining a level of security at one point in time doesn't mean anything for the future if the security focused culture and behavior do not persist. Take Equifax, Facebook or Target into consideration. These companies all had attained some level of compliance at one time, but they still suffered devastating breaches. Why? Because security wasn't a process for them at the time  – it was a checkbox.

Now, in a lot of industries, compliance and certifications matter. You can't operate your business without them. But if you are designing products and creating a culture of security, these achievements should simply be natural byproducts of the process. Proof of how you operate daily.

Focus on being secure ...and that's it

It's obvious that all of the indicators a pilot has have some purpose. It's knowledge to understand what each indicator and button means or does, but it's wisdom to understand when they don't matter. Pilots know to prioritize the safe completion of the journey.

When you strive for assurance in your security operations, the distractions fall away. You can spend time putting in place what you know you need to get to where you need to go, rather than assuming the status quo and reacting. You are able to approach your security posture with a healthy skepticism and proactively adjust, rather than reactively scramble.

When you focus on being secure you will simplify your day-to-day operations. You will be able to dismiss things of little value and focus on integrating your tools into a single purview of your digital landscape, rather than buying the best, standalone tools. That single purview makes it easy to spot abnormalities and quickly respond.

When you prioritize being secure, and take the necessary proactive steps, you will find compliance and certifications come easier, without much additional strain, because you are operating at those levels daily.

All of that results in more time spent innovating and/or growing your customer base. That is security fueling business growth.

Happy Security.

JupiterOne Team
JupiterOne Team

The JupiterOne Team is a diverse set of engineers and developers who are working on the next generation of cyber asset visibility and monitoring.

Keep Reading

‘Type and go’ - New JupiterOne search bar enhancements
October 30, 2023
Blog
‘Type and go’ - New JupiterOne search bar enhancements

JupiterOne aggregates and normalizes data from hundreds of different sources so you can identify and triage security risks easily.

Identify and eliminate endpoint device security gaps using the new JupiterOne Unified Device Matrix
October 6, 2023
Blog
Identify and eliminate endpoint device security gaps using the new JupiterOne Unified Device Matrix

It seems like a simple question. “Are any of our deployed user endpoint devices missing an endpoint detection and response agent?”

Why Better Asset Visibility Matters in Cybersecurity | JupiterOne
August 30, 2023
Blog
Back to basics: Why better asset visibility matters in your security program

At the most basic level of the Incident Response Hierarchy, security teams must know the assets they are defending.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.