Jeroen van Yperen, Business Development Manager at Proact
To achieve a superhero level of security you need to tread a long road that no IT manager can walk alone. So that you’re stronger than those who may target your IT infrastructure, you need a range of diverse skills to reinforce your ability to identify and respond to threats. As enterprise network environments increase in complexity, and as new solutions and capabilities are introduced, very few organisations are able to deliver seamless security integrations across all innovations.
In order to assemble an all-star team, internal departments, vendors and managed service providers need to work together to identify where any security gaps lie. By combining everyone’s expertise, you can figure out how you can fill them consistently and comprehensively. By rising to this challenge, IT managers can become a central player that steers a superstar team to address security concerns.
The changing IT manager role
To understand the pivotal role the IT manager can play in coordinating a security team, it’s important first to understand how their role has changed. Once an inwards-looking, technology-focused position, the IT manager now has a broader range of responsibilities. This is especially the case as IT security becomes more central to the business. This means that the IT manager must plan and orchestrate security operations across the organisation.
IT managers should focus on what’s referred to in NIST’s Cybersecurity Framework as ‘Identify’ and ‘Protect’. In other words, IT managers should gain a deep understanding of their environment and build the defences – human and machine – to take effective action.
Building a collaborative culture
As a security team, you get stronger by selecting the best partners. Security technology is becoming more integrated, enabling the IT manager to focus on coordinating partners and breeding a culture of cooperation and information sharing.
No partner can do everything, so they should be selected to fulfil a specialised role. This ensures each has a defined function within the security mix – i.e. they’re not doing the same job – but are equally able to interlink and support each other for the best outcome.
Mistakes to avoid
To get these forces aligned to a communal goal, there are two key mistakes the IT manager should seek to manoeuvre:
Misalignment from the beginning
Finding alignment between the organisation and the service provider is crucial. This means that the partner needs to gain an in-depth view of the practices and threats relating to the organisation’s security. This understanding is usually gained during onboarding and is a recurring topic during the service delivery engagements. Every organisation evolves in maturity, practices are optimised, and we see a shift in threat actors as the organisation evolves over time.
Yet, we often see cases where this step is ignored. This can be a massive error as the security partner should be paying close attention to this information in order to find the right way of working together. If this step isn’t followed, the IT manager may find they are out of sync with their provider. Receiving alerts and security messages that aren’t relevant is a less risky outcome than monitoring the wrong systems, services or being misaligned with security service delivery.
Underestimating the risk of user errors
No matter how good your security infrastructure is, human vulnerabilities will always be targeted and exploited by cyber criminals. You should educate all employees to reduce the risk of such criminals succeeding with common tactics such as phishing or social engineering attacks. Don’t make the mistake of thinking that it’s just the more junior or fringe employees that need to be trained. We’ve seen situations where CEOs or other senior figures have been specifically targeted, so everyone needs to be working on their awareness and understanding.
Aligning the delivery of security services
Establishing the rock-solid defences necessary to combat cyber threats needs alignment of people and technology. The technology available in enterprise security is becoming more sophisticated and integrated; services such as vulnerability scanning & intelligence and firewall management work together for better detection, and advances in AI and machine learning will further enhance security capabilities.
As an IT manager you need to pay attention to the outputs of these technologies and contextualise the insights into a coherent picture. Solutions such as Security Information and Event Management (SIEM) can help uncover the security intelligence you need, but you still need the service element – i.e. people – to interpret the logs and draw insights on where potential vulnerabilities may exist.
With more of the enterprise’s IT environment moving into the cloud, you must evolve your security approach in-line with your changing IT perimeter. You need to make sure your processes are aligned for optimal outcomes.
What support you should expect from your MSSP
Getting this broad insight can be challenging for in-house teams, but you can jump start your security baseline by working with a Managed Security Services Provider (MSSP). A good MSSP will focus on understanding your IT operations, and work with you to ensure security is built into every element of your technology.
At Proact, we are focused not only on your IT, but also how it works across your business. We work cohesively with your vendors and other partners at every level – from data management to cloud applications – to make sure security solutions and processes are aligned for success.
The way in which administrators manage and maintain data can play a vital role when it comes to laying the secure foundations that underpin responsive IT service delivery. That’s where NetApp ONTAP data management software can come in. You can improve your security posture by establishing visibility across your infrastructure while leveraging NetApp’s long-established security best practices to adhere to and support industry regulation and security compliance.
As well as offering NetApp’s leading technologies and solutions, that also provide a vital layer protection in our own managed services, we offer security assistance via our virtual Security Operations Centre (vSOC). Drawing on our experience gained by designing and implementing secure solutions for more than two decades, we understand operational technology and can lend our expertise to make it a living part of your processes.
Working together, we’ll provide all the support you need to align your security services for superhero delivery.