Director, Consulting Delivery
Looking back to my childhood and my fascination with superheroes drew me to the perfect metaphor for the importance of collaboration.
In my last blog, I shared my thoughts on the importance of focused and coordinated collaboration between the two functions of IT and security. Batman and Robin. The enabler and the protector.
Today I want to share my thoughts on the three key things that IT must do today to support security strategies:
1. Know your assets
With so much of the modern organisation powered by IT, visibility into IT infrastructure is crucial. A configuration management database (CMDB) should include reliable configuration data for physical and virtual servers, computers, routers, switches, applications, cloud instances and so on.
Getting this correct is an integral part of an organisation’s understanding of their IT landscape and can provide a huge value proposition to support decisions at every level of activity. Once you have a complete and accurate CMDB, this becomes the source of truth to apply all insights and processes.
2. Evaluate risk vs reward
Several of the current cybersecurity frameworks contain a maturity level or security profile level. This is designed to provide organisations with guidance or even compliance requirements to match their security risks. However, these can be difficult to meet, particularly if the existing approach to improving maturity involves throwing more human capital (people) at the problem.
To automate for effective change, organisations must identify the process that provides the least amount of risk but provides the maximum amount of strategic and tactical benefit. From there, looking beyond the tactical benefits is critical to determining how the IT capability will improve the organisation's cybersecurity posture.
3. Back up, back up, back up
Daily backup is another of the Australian Signal Directorate (ASD)’s essential 8 baseline mitigation strategies. In essence, ASD suggests that having reliable and frequent backups of each hardware and software asset improves an organisation's opportunity to recover from a breach. The increased frequency of these backups provides less risk in terms of lost information.
With reports showing that the average cost of a ransomware attack has jumped from $3.86 million to $4.24 million in the last year, the risks are no doubt a major concern. As such, back-up strategies need to be holistic, complete and more frequent. Operationalising this IT capability to a level that mobilises speed and verified accuracy requires a new approach to capability. It’s a matter of asking: can you identify all assets critically assessed against importance? Are you backing these up? How old is the latest backup? If the organisation was to be completely compromised, could you recover?
Every relationship takes work
Today’s cybersecurity challenges are not solved simply by replacing one technology with another. It’s about making improvements to IT’s operational capability so it can better support security functions.
Reviewing processes across each asset, whether outsourced managed or insourced managed, is critical to understanding how to operationalise scale. Scaled IT operations will move the needle on security improvement.
Digital transformation is driving a revolution in capabilities for organisations, but it can only succeed if overlaid with a consistent, robust security framework.
In our work at CGI, our focus is building a genuinely collaborative and successful partnership with clients. Often this relationship means providing guidance on how to operationalise bringing IT and security together. It’s not just about systems and technology.
Our members take people on the journey, go through change, understand and then digest their part in driving transformation. And teamwork is an essential part of that formula for success.
If driving and fostering long term partnerships with clients sounds exciting to you, keep an eye on our careers page for upcoming roles.
On their own, Batman and Robin have their strengths. But together, they’re invincible.