Editor’s note: Tim Wallen, Regional Director, UKI & BeNeLux, for Logpoint, recently visited with @ISACA to share his perspective on current budgeting priorities and challenges for security leaders, AI security tools and more.
What do you consider to be some of the more common mistakes that C-suite leaders should look to avoid when it comes to their security budgets?
C-suite leaders should avoid chasing best-in-class point solutions. It’s not the winning strategy many have understood it to be and means many security teams now must manage an abundance of tools. Often, the security team lacks the expertise to leverage the full set of highly sophisticated features and, in addition, they just don’t have the time or budget to do the integration of the different tools necessary to achieve the expected value. Instead, organizations need to focus on converged tools, eliminating the complexity of operating and integrating siloed security products and accelerating threat detection, investigation and response.
What do you view as the biggest budgeting challenges CIOs and CISOs face in the current technology landscape?
On the one hand, the current economic situation makes the C-suite eager to save money where possible, while on the other, cybersecurity legislation is being strengthened in the US, UK and EU, driving the need to invest. These dynamics drive a fundamental need for transparency and a shared risk of understanding. While security leaders are facing tougher budgeting situations, they might assume it’s a case of “just” negotiating better deals with vendors. However, vendors face the same challenges as any other business – rising wages, the cost of goods and tougher operating conditions, meaning that the culture of large discounting is over.
The problem is that many security teams manage an extensive and growing cybersecurity technology stack with 30-50 different tools. It’s not only difficult to measure the efficacy of the tools’ security controls, but also to determine whether the coverage is satisfactory. That makes it difficult for CISOs and CIOs to convince the C-suite that the security budget is appropriate and that the security approach is the best one, because they simply don’t know.
What is your perspective on AI security tools and the extent to which they should be prioritized?
AI and automation tools can be a game changer for CIOs and CISOs in several ways. Many organizations today, particularly in the mid-market, scramble to handle all the alerts that are triggered. The advancement in AI enables the fusion of alerts into high-value cases – some of which can be handled automatically. AI and automation provide security teams with the opportunity to save time on time-consuming tasks and focus on what really matters.
What would you say are the best approaches for benchmarking the effectiveness of security controls against other organizations?
The organization needs to become part of an ecosystem that provides meta-analysis, which analyzes multiple organizations’ security environments in the cloud, enabling security teams to measure the effectiveness of their security controls and use it as a benchmark function. Meta-analysis can help CISOs and CIOs evaluate the maturity of security technology and processes, and standardize the way they evaluate technology. It’ll make it easier for them to communicate about cybersecurity performance at the executive level and to the board, can reveal opportunities to reduce cost and determine whether the security approach is appropriate.
What should the organizations’ mindset be when it comes to responsibly dealing with the ever-increasing amount of incoming data that must be accounted for?
Organizations need to understand that cybercriminals don’t care about the scope of the security controls. CIOs and CISOs cannot continue to operate in the dark without confidence about how well processes work; they need an understanding of what needs to be protected beyond the classical understanding of cybersecurity coverage. That means addressing cybersecurity from a business perspective. CISOs and CIOs can gain complete insight into the security posture and performance by converging tools like SIEM, SOAR, UEBA and business-critical security solutions, expanding the visibility beyond the IT infrastructure and into business-critical applications that contain invaluable information. A converged security solution can turn unqualified alerts into real, actionable intelligence by adding contextual information and automating responses.
Another important thing to be mindful of is the pricing model for security solutions. Many are based on data volumes, which means the pricing is continuously increasing and unpredictable. Licensing based on the number of devices sending data to the solution instead can eliminate those worries and allow organizations to scale for future needs in a predictable way.
What makes some security solutions scalable relative to alternatives?
Ease of deployment and ease of use factor heavily in terms of scalable security solutions. It’s not sustainable to have best of breed products if it’s difficult to administer the underlying platform or resourcing is very costly. Organizations need to be mindful of the licensing they buy into because they can often be confusing and difficult to manage for security and procurement teams – or worse it can be hard to know what they really get for their money.
Vendors with a solid support system like customer success teams and robust onboarding process to guide their customers is key to early success and having that regular contact to make sure everything is optimized and ready for whatever the next step may be in terms of the strategy. This will really help any organization to move forward faster.