Who Is At Fault For A Security Breach?


CIO Central Guest

October 3, 2016

Ten years after the launch of the first commercial cloud services, such as AWS and Softlayer, the security industry is finally on the verge of a similar breakthrough.

As online threats evolve and billions of new devices come online, the moment has come for a fundamental shift in the current security model. It’s no longer enough to seek a solution from dozens of vendors all promising the cure all and training can only go so far to prevent human error. As organizations continue to realize this, we can expect a shift to a broader, more comprehensive strategy to security that takes a cohesive data-driven approach—much like the tools optimizing other industries from retail to the enterprise.

But this shift will not just change how we practice security, it will also shuffle traditional organizational roles—most notably that of CIOs, CISOs and developers. Here’s why this is happening and what we can expect of the outcome.

Security’s Breaking Point

From developers and security professionals to the the board, there has been a constant and underlying struggle in addressing security issues. Since the advent of the internet, the solutions offered provide insight into narrow instances of threat, usually specializing on just one facet of an organization’s attack surface and protecting against known threats. This has remained the case even as companies switched their (also disparate) physical systems to cloud-based technology, creating a chasm between networks and the products that are supposed to protect them.

What’s more, these disparate tools mostly fail to work together. Like the people in the organization themselves, security products need to share information in order to automatically bolster each other’s capabilities.

There are three major challenges to overcome in this segmented system: Security pros are inundated with noise from different products and often fail to catch the threat in real-time. The board is unclear on what’s working and what’s not. System protection is not prioritized or optimized—meaning resources can be spent on security aspects that are not worth the time and effort when compared to others

As organizations struggle to put the pieces together, all this culminates in a game of responsibility hot potato. Leadership could have planned better, developers should have coded more securely, security pros should have caught the threat sooner—the blame game goes on. Unfortunately, there is no streamlined way to understand why or how a breach happened and, most importantly, what can be done to prevent or mitigate such problems faster. Ultimately, more money is spent, new solutions are piled on top of each other and the ecosystem (both of products and the people managing them) grows more complicated with every attempt to fix it.

The Shifting Security Model

But there is a way to calm this chaos, and it’s been right in front of our eyes since Web 2.0 rewrote the way our online systems run. If the widespread adoption of cloud technology has the ability to change the face of the internet, security can—and needs to— follow suit. Company leaders, IT practitioners and developers are beginning to see this, taking a more holistic approach to the wider systems rather than focusing on the attack du jour.

The future of security, reminiscent of the era trailing the advent of the cloud, is starting to lean toward coalescing the current disjointed approach to security and provide a comprehensive platform. We are already seeing a shift toward integrations between solutions. For example, network access control, security information and event management, and network behavior analysis all take a step back in attempt to provide a broader picture.

So now comes the time of security-as-a-platform. A product of advancements generated by automation, machine learning and the cloud, security-as-a-platform will provide a single truth from which to work from. It will eliminate tedious manual workflows and will facilitate mitigation. Providing a comprehensive perspective will in turn flip the security blame game by turning it into a lateral system requiring everyone’s responsibility as it permeates development, production and management. From the developer ensuring their applications are secure to the CISOs and CIOs that can be effective shepherds, security-as-a-platform provides all relevant and necessary access to a single point of security insight from which action can take place.

Security today carries the image of exhaustion: companies chasing after attackers with disparate point solutions that lack cohesive visibility. But finally, we’re at a tipping point that makes this as exciting a time to be in security as it was to be on the ground floor of the cloud revolution. The movement is gaining speed, but it will take time to shift momentum away from the old ways and into the future—and this change requires everyone to consider their role in the greater scheme of security systems.

The choice is yours—are you part of the next generation?


This article was written by CIO Central Guest from Forbes and was legally licensed through the NewsCred publisher network.

Comment this article

Great ! Thanks for your subscription !

You will soon receive the first Content Loop Newsletter