Hello, I’m just back from a great Gartner security event in London right next to Big Ben. The event has brought together over 700 IT Security professionals in town for two days to get the latest on how to build an effective cyber security foundation. This year the Security and Risk Summit was the largest Gartner Summit in EMEA and is now bigger than the well-known Gartner datacenter summit. It looks like security has finally made it to the CEO and the top table. The role of security is increasing important thanks to the increasingly hybrid mix of technology in most organisations. This was reinforced by one of the opening quotes:
“Every Business is becoming digital – By 2017, 50% of your company’s IT spending will be outside of traditional IT department control”
In the opening keynote, Peter Firstbrook, research director at Gartner, mentioned we will see a new role in the coming years – the Digital Risk Officer. They went on to explain that the Digital Risk Officer will need to consider the Six security principles security managers should use to become resilient against emerging threats, improve cybersecurity strategy and apply tactics that enables cost effective security and risk management programs. These principles are essential to support the growth of the digital business and drive enterprise success.
Let’s look at the Six Principles of Resilience for Digital Business Risk and Security from Gartner:
Principle No. 1: Stop focusing on check box compliance, and shift to risk-based decision making
- Peter mentioned that the companies who have been victims of some of the top breaches last year, were PCI compliant. At one customer the breach was going on during they had their PCI Compliance Audit! That illustrates that being compliant doesn’t mean organizations are secure. The key point was that don’t expect that generic compliance regulations know better than your team how to protect your assets the right way. Makes sure you have the proper risk assessment and put the right tools in place to drive a “Risk-based thinking” in your business.
- Here at Splunk we support this initiative by moving from rule based to risk base analytics. For example we have build into the Splunk Enterprise Security Platform a risk scoring framework to allow you to identify and prioritize important entitys and if/when security incidents are happening to them you can increase their current risk score accordingly to notify and alert the right people at the right time to mitigate risk.
Principle No. 2: Stop solely protecting infrastructure, and begin supporting business outcomes
- During the last few decades, the industry focused mostly on protecting infrastructure, and Peter discussed that this has to and will change. Organizations need to focus on protecting everything that is related to business outcomes and protecting infrastructure does not mean that the business is secure.
- That is what Splunk customers are embracing and delivering within their organization. such as Telenor, Finanz Informatik and Nasdaq (as you can see from last year’s .conf keynote)
Principle No. 3: Stop being a defender and start becoming a facilitator
- Peter’s advice for this principle was to stop being the defender for initiatives. Instead become an advisor for risk awareness and negotiate how much risk can be accepted to business requests.
- Many of our Splunk customers use machine data to measure how their security strategy is being enforced and based on security key indicators they can monitor the trend if given decisions increased or lowered the security risk. This enables organizations to detect trends and react proactive which reduces security risk as well as increases operational efficiency.
Principle No. 4: Stop trying to control information and instead determine how it flows
- In the near future the flow of information will no longer be in the hands and control of an IT department’s infrastructure. As cloud and SaaS continues to be adopted, CIO’s won’t be able to stay out of it and it will be important to have an understanding of the information flow to allow effective risk management. You can’t protect something where you don’t know where it is.
- Check out our offering for Splunk Stream and our Developer Guidance to connect to remote services and APIs to collect various kind of activity data so that you have visibility what is going on. With Splunk Stream you can even collect data from cloud instances to get full visibility into the information flow.
Principle No. 5: Accept the limits of technology and become people-centric
- Peter mentioned that enabling people to make the right decisions and make them accountable for activities is key. Traditional security approaches no longer mitigate the risk high enough for many organizations. For example, there isn’t a technology solution that can guarantee 100% protection from phishing attacks and in most of the larger attacks, phishing is the initial entry point.
- Splunk’s mission statement is to “Make machine Data accessible, usable and valuable to everyone” – our data driven security approach puts people in the center. By connecting people to data and applying risk information as well as contextual information, people can build and design what is right to protect their business.
Principle No. 6: Stop striving for 100% protection of your organization, and invest in detection and response
- Most security investments are made for protection. However, it is vitally important to ensure you’re also ready to detect and this is highlighted by recent breaches. This approach does not just include technology, it includes people that support that initiative with the right skills.
- Detection and Response is a key component of why customers are using Splunk. If traditional security tools miss a given threat – the only chance to investigate, respond appropriately and mitigate risk in long term is by analyzing the trail in machine data with the power of the most powerful analytic language: the search!
We were very lucky to have a great Splunk customer speaker on the second day of the event. Gianluca, Head of Information Security at YOOX Group presented how they built an enterprise-grade security intelligence platform with Splunk. YOOX Group operates in more than 100 countries worldwide. They have a number of multi-brand shops like YOOX.com but also operate online flagship stores of leading fashion and luxury brands like ARMANI or Dolce & Gabbana. They are processing an order every 9 seconds, so for them any kind of issue, be it operational or security related, can directly impact their business. If you want to learn more in detail how they do it they are presenting at .Conf this year or the next SplunkLive in Italy.