Simplifying Complexity in Cybersecurity

By Jason Norred, Senior Director, Security Solutions II, Inc., friend of Andersen Alumni

Complexity” is the enemy of “good” in cybersecurity. As organizations react to events in the news, they tend to make investments in yet more security tools and technology to solve specific perceived or real threats. However, many times due to vendor and procurement pressures, the wow factor of the technology, and other drivers, essential questions are left unanswered. Is this technology reducing risk? Is it improving the effectiveness of my security operations and incident response? Is it increasing or decreasing complexity in my organization? How does it fit within my existing security controls and technology stack? Does implementing and managing yet another point solution create a bigger problem than the threat I’m addressing?

All the above questions and more should be considered before bringing in yet more point solutions that promise to address specific threats and reduce risk. As businesses start stacking technologies and point solutions, they begin increasing complexity and operations management workload that ultimately ends up in the hands of already overloaded security staff. This becomes an exponential problem as their security operations staff is spending more time on tools management and trying to integrate these tools instead of focusing on reducing risk!

IBM Commissioned a Forrester Consulting Thought Leadership paper titled “Complexity in Cybersecurity Report. How reducing complexity leads to better security outcomes.” A key point of this paper is “As today’s security leaders struggle to manage the complexity of their security environments, they are learning the tough lesson that adding more point solutions doesn’t simplify anything. The lengthy deployment cycles, difficult integrations, and user training involved with managing an influx of solutions present risks that make technology investments fail.”

As detailed further in the paper, security leaders should be focused on the following when considering technology investments.

  • Prioritize Simplification
  • Maximize existing investments through reinvention/reinvestment in existing tools and technologies.
  • Consider consolidation to a platform when and wherever possible.

Solutions II has a framework for change called the Adaptable Data Center® (“ADC”) that simplifies the complexity while decreasing technical debt with IT investments. The ADC framework takes security into consideration and all of your priorities and creates an actionable roadmap to take you from your current state to your future state. This can be a game-changer not only in your security approach to 2021 but in all of your IT priorities.