4 Principles That Should Define Your Evolving Security Operations Model

March 20, 2020
| |
3 min read

I recently had the opportunity to speak at a security conference where I presented the operating models that an organization can embrace when managing cyberthreats and the guiding principles associated with them. It was a great chance to share some of my experiences with the greater community and foster intellectual curiosity around an increasingly important topic.

A Shift in Approach

Maintaining a strong security posture is a dynamic challenge for any organization. It depends on many factors, which can vary over time; companies across the globe are migrating to the cloud to scale more quickly, adopting the latest technology trends to expand the digital footprint and embracing new methodologies such as DevOps to accelerate time to market and address customer expectations.

Yet companies’ operating models are bolted onto an old paradigm that is not delivering the expected value. Although there’s no one-size-fits-all approach to the question of how to best organize the next security operations model, it is often effective to start with a top-down approach involving executives to establish a common aspiration and enable the broader transformation.

The four principles identified below are distilled from the lessons learned during many security transformation journeys.

1. Define Your Goals Clearly

A cybersecurity transformation requires leaders to clearly articulate the goals and principles that are driving it. After aligning all involved parties on these goals, executives can prioritize the work to be done.

Large organizations will have many items on their agenda, so it’s vital for management to agree on what comes first according to the principles. Moreover, this clarity helps middle management become a sponsor as well, enabling deeper, better-managed initiatives that harness the full potential of all available resources.

2. Build a Strong Security Culture

A strong security culture is the foundation of an effective operating model. However, this kind of mindset requires more than just the occasional security awareness training. To ensure every single employee sees security as an intrinsic part of their responsibilities, it’s necessary to build and maintain a security culture up, down and across all levels of the organization.

Using language accessible to all parties, provide clarity around security operations. Promote it as an enabling presence that protects the business and its employees rather than as a barrier that imposes restrictions on business.

3. Create an Adaptive Organization

When the security operations team works on an island, with no connection to cross-functional business strategy, the results of their work have limited impact. Imagine the vulnerabilities created by a large IT project with no involvement or oversight from the security team.

Security should be integrated into all processes from the ground up rather than as an afterthought to the main objective. Although there’s no specific organizational model for adaptive security, creating interdepartmental teams that make integrated decisions to protect corporate information and assets is paramount. Companies achieve their goals more quickly and efficiently by joining forces rather than making fragmented, piecemeal efforts across the enterprise.

4. Partner to Strengthen Readiness and Resilience

It’s no longer possible to succeed alone. The role of many cybersecurity firms has evolved from a provider of technology to, in many cases, a key member of the executive team.

Many companies require a trusted partner to guide their security operations centers (SOC) through their security transformation journey and advise them in day-to-day security and threat operations. Sourcing best-in-class capabilities from partners not only allows an organization to grow with less capital, but also enables it to pursue innovation through collaboration.

Don’t Wait for Threats to Come to You

Boards and CEOs alike must reevaluate the security journey from end to end, as countless organizations in both the public and private sectors and across all industries have lost a lot due to security incidents. Transforming the old security operations model is crucial to unlocking cyber resilience capabilities that enable an organization to stay ahead in this ever-changing threat landscape.

Again, there’s no one set way to accomplish this transformation — multiple roads can lead to success. But making the right choices at the beginning of the journey is fundamental to achieving and sustaining business results.

It’s never too soon to start laying out a road map that fits your organization’s resources — people, processes, culture and technology — to set the stage for your next-generation security operations model.

Demetrio Milea
Executive Consultant, IBM Security

Demetrio Milea is an Executive Consultant for the Security Intelligence & Operations Consulting Practice in Europe. In this capacity he deals with next-g...
read more

Think On Demand banner
Think banner ad
Your browser doesn’t support HTML5 audio
Press play to continue listening
00:00 00:00