As we all know, the lifeblood of any business is the data it
contains and processes. This could be
anything ranging from PII datasets to competitive intelligence. Not only does this data has to be optimized,
but given today’s world, it has to be as secure, especially given the data
privacy laws that we have today. But the
question of who is really responsible for the protection of this data is one
that all fingers will point to the IT Security team.
But they are too busy trying to fight off the threats they
face, as well at the same time, trying to protect all of the digital assets of their
company. So in the end, who is really
held accountable? Well, it is actually every
employee in the company, and all of the third party vendors that they deal
with.
Even if an IT Security team does all it can to protect the databases,
if one employee lets one piece of dataset loose into the public, that is just
one more hole that the Cyberattacker can penetrate into.
That is why you will keep hearing the importance of conducting
audits and making sure that your employees maintain a strong level of Cyber
Hygiene by giving them proper Security Awareness Training on a regular and
consistent basis. But now, there is yet
another vehicle that is emerging which will given even more strength to a company
to protect its datasets.
This is a newer technojargon in the Cyber industry, and it
is called “SecDataOps”. It is very similar
to another methodology called “DevSecOps”, and this is where the IT Security and
Operations Teams from within an organization all come together to work with the
software development team to ensure that secure source code is being compiled
and delivered. Of course, it is more
complex than that, but that is the general point of it all.
The same can be said of SecDataOps. This is where the IT Security and Operations
teams come together with the other company leaders (or department heads, if you
will) to come with the various means and controls to protect the datasets in the
company.
If they choose to, they can even hire a vCCO (virtual Chief Compliance
Officer) to help spearhead the efforts. In
this kind of methodology, the concept of that all employees are responsible for
the protection of the datasets is strictly enforced.
Although the DevSecOps team is much more formalized, the SecDataOps
team does not need to have a rigid structure, at least for right now. The primary reason for this is that this concept
is still relatively new, and there are no formal frameworks that are established
yet (such as from NIST).
But as just stated, it is important to have a leader, and to
make sure that there is accountability and a system of checks and balances, so
that no group or individual has more power than the other.
But, in the world of SecDataOps, the buck has to stop with
somebody, and once again, this falls onto the shoulder of the CISO, or
vCISO. So a potential team could have
leads from all of the departments of the company, with the point of contact
from the IT Security team coordinating the efforts.
This person would then report to the vCCO, and in turn, they
would report to the CISO (or vCISO). The
primary objective of this new team would be to conduct various Risk Assessments
against the databases the company has, and from there, not only develop the
plan for remediation, but also recommend the controls that need to be deployed
to plug those gaps which are found.
But even after conducting the initial Risk Assessment, the work
does not stop there. This has to be done
at least on a semiannual basis, with audits being conducted at least on a quarterly
basis. But there is also another issue
that the SecDataOps team will have to face, and this will happen if the company
makes use of both AI and ML tools. As I
have written about before, keep in mind that these kinds of technologies
require a lot of data in order for them to learn, and to produce the desired
output.
But you cannot just feed them any kind of data, it has to be
the right kind, and they have to be cleansed and optimized in order to get the best
results. For example, if the IT Security
team is using AI and ML to help predict the future Cyber threat landscape, the correct
and right kind of data has to be fed into it.
If not, the future threat variants that are predicted (which
would be the output) could be totally off, and in the end creating a lot of
false positives, with the end result having a team that is suffering through “Alert
Fatigue”.
Optimizing datasets can be a real pain and be time consuming,
the organization can always outsource this particular function to a third party
vendor that specializes in this task.
But of course, the SecDataOps team will have to go through an extremely
rigorous vetting process in order to select the right vendor. After all, you are dealing with data which
will become proprietary and confidential into the future.
Another key point that the SecDataOps team has to keep in
mind is that all team members do not have time to waste in sifting through all
of the datasets that they need to use for their daily job functions. All of this should be centralized, such as by
using dashboards or consoles. This will
not only help to make your datasets secure, but it will also lead to higher levels
of productivity from your employees as well.
My Thoughts On This:
As this new concept emerges, remember to try to keep things
simple and easy in the formative stages.
For instance, get the team assembled, and share what the objectives
(both short term and long term) should be.
Then from there, out your plan of action together. Don’t get excited by first deploying all
kinds of fancy tools, just start from the very basic and build up from there.
Eventually you will need some new tools (such as AI and ML),
but let the circumstances and your security requirements dictate that for
you.
No comments:
Post a Comment