The Security Department is often known as the “Department of No” and perceived as a business blocker. That’s unfair, given that the reasons for this characterization are not entirely under their control. Their primary goal is to protect the organization while allowing business to be safely conducted. Unfortunately, they face significant blockers of their own that prevent them from achieving this goal. Some reasons are:

  • A security architecture that is dominated by a seemingly unending list of on-premises hardware appliance products.

  • Large, expensive deployments that are very complex with no guarantee of success.

  • A lack of integrations across products from different vendors and a limited view of context related to security events.

  • Legacy products that no longer deliver value but are deeply embedded in existing workflows.

Clearly a modern approach to security is needed, one that enables the security department to be perceived as the “Department of Yes” but without requiring them to compromise on protecting the business.

Security-as-a-utility is that modern approach, providing a new model for securing organizations. If your security team doesn’t have to focus their efforts on solving complex deployment issues, or getting point products to work together or deal with any of the other  mundane tasks that get in the way of them being the Department of Yes, guess what else they can do? Ensure that the business is better protected. And given that there aren’t enough skilled professionals to fill current cybersecurity job openings, it is in an organization’s best interest to keep their security teams engaged with higher value, more meaningful work - for example, threat hunting,  

You may be wondering what are the defining features of security as a utility. In my opinion, here are the most important ones.

  1. It must always be on. Security as a utility must allow you to monitor, detect or prevent without giving any thought to what needs to be done to make it happen.

  2. It must be available on demand. With security as a utility, you should be able to use as little or as much needed, without having to think about how to source additional resources.

  3. It must be accessible anywhere. Security-as-a-utility must be available anywhere and not just limited to securing the enterprise perimeter, which is often the limitation with legacy appliance-based security products.

  4. It must work with what you already have. You’ve already made a variety of technology purchases (e.g., endpoint protection, ticketing systems). Security as a utility must work with them so that you can get the most from your existing investments.

  5. It must have a memory. Multi-stage attacks are becoming the norm. Security that only evaluates the present using available threat intelligence misses the opportunity to find attacks that happened in the past as new threat intel becomes available. There are benefits to evaluating the past for threats. Multi-stage attacks gestate over long periods, so by finding them in the early stages of the Cyber Kill Chain you can mitigate their impact. And knowing what happened in the past enables you to be better prepared for similar attacks that may occur in the future.

Security-as-a-utility that can provide these features will be a game changer. The perception of the Security Department as the Department of No will be a distant, fading memory. Instead, security teams will be viewed as partners for safely enabling the growth of the business.

Next blog post