2015 promises to be a challenging year for IT organizations. There are two primary vectors to this challenge: CYBER SECURITY and OPERATIONAL MATURITY.
CYBER SECURITY has been a rising concern for the past several years, and 2015 will be no exception. The number and intensity of attacks will continue to rise in 2015. Organizations will be directing both their budgets and their attention to this increasingly dangerous area of their risk portfolio. Here’s a summary of the things they’re doing:
- COVER THE BASICS – Many organizations are lagging in their basic InfoSec processes. They may have many of the check-boxes filled – firewall, IPS, SIEM, etc., but they don’t have these products configured, maintained, or reviewed. Logs and events are of no use if no one is reviewing them.
- TIGHTEN MOBILE SECURITY – Many organizations have implemented mobile and remote offerings in response to executive requirements. In these cases, security has often taken a back seat to user experience. This represents too great a risk in today’s security environment. Gotham expects many clients to revisit their mobile offerings with an eye toward security.
- ADVANCED PERSISTENT THREATS – Many organizations saw APTs and state-sponsored attacks as something that only very large financial institutions would have to be concerned about. Experience has shown that the groups behind these threats have the depth and breadth to attack a large number of victims. In response, many organizations are now increasing their capabilities to detect and remediate APTs.
- RIGHTS MANAGEMENT – There comes a point in almost every major breach where the attacker undertakes the task of gaining administrative rights to the victim’s network. Control over administrative rights is critical to controlling the scope of a breach.
- INCIDENT MANAGEMENT – In 2015 breaches are inevitable for all organizations. Responding quickly and effectively to incidents is going to make the difference between a breach that’s inconvenient and one that’s irreparable. Organizations need to plan and drill their incident response process.
OPERATIONAL MATURITY is critical to IT success. From a cyber-security perspective, operationally mature organizations are able to pinpoint anomalies and quickly reset or re-provision infected systems. Operationally mature organizations understand their cost model and can make effective outsourcing decisions for cloud technologies. Operationally mature organizations can automate well documented and consistent deployment rules for necessary cost savings. Here are some of the focus areas around this initiative:
- AUTOMATION – Automation is the key to a cost effective strategy for hybrid cloud operations and managing security incidents. The current demands for both of these initiatives require either a high level of automation or large increases in IT headcount. Automation is the obvious choice, but it requires all of the elements below in order to be effective.
- PROVISIONING – Provisioning structures are key to cloud, automation, and incident response. Unfortunately, this is an area where technology is relatively easy to buy and relatively difficult to deploy. Many organizations require new depth in their standardization process.
- KNOWLEDGE – Many organizations struggle without an accurate knowledge of their own environment. Their internal inventories of systems and applications are incomplete. Without this knowledge, provisioning is impossible.
- CONTROL – Many organizations will gain full knowledge of their systems and applications to facilitate a specific migration project and then let that knowledge degrade. Having gained this knowledge, IT organizations must maintain control of their environments to meet current requirements.