If there’s one thing that’s been made crystal clear to me during the Covid-19 pandemic, it’s that a security program is only as good as the data that makes up its foundations.
In an ever-changing cybersecurity landscape, it is critical for organizations to develop and maintain security programs that rely on complete and accurate data. Such programs not only help security leaders “connect the dots,” but allow them to make good security investment decisions.
So how exactly does a security organization ensure that its data is complete and accurate? What else does such data enable? And how can a modern BI platform help?
The two types of data
The backbone of a good security program is formed by two types of data. The first type is architectural data, which offers insight into the hardware and software assets that make up an organization’s IT ecosystem.
The second type is contextual data, such as security logs, security events, heuristic data, behavioral data, and threat intelligence information. If collected and analyzed properly, this type of data becomes the force multiplier in enhancing an organization’s ability to successfully implement preventive and detective security measures.
Without architectural and contextual data, security teams must rely on the lack of adverse events—such as data exfiltration or compromise—to prove their value to the business. This approach leads to a reactive security model, which forces teams to play “catch up” with ever-evolving threats, resulting in a security posture that is unsustainable.
In today’s world, where many people work remotely using devices or assets that are not always owned or managed by their organization, a reactive approach to security is not scalable, either. Therefore, it is important that the new threat models redefine the concept of “asset inventory,” and use contextual information to help organizations make appropriate security decisions.
What the right data does for decisions—and what data-driven decisions do for security leader?
When security leaders make decisions based on complete and accurate architectural and contextual data, they can align security activities with the business’ goals, focus on the root cause of a problem rather than the symptoms, and assign the right resources to high-priority issues.
Take, for example, mean time to detect (MTTD) and mean time to remediate (MTTR)—two of the key performance indicators (KPIs) in incident management. If data on those indicators is tracked, then security leaders can not only decipher how well their incident detection and response programs are functioning, but make informed decisions around those programs, as well.
And if contextual data is applied, then determining when existing resources are at capacity, or when the volume of detected incidents might require additional resources, becomes so much easier. This leads to a more efficient response to critical security events, which in turn protects the business and aids its growth—and enables security leaders to gain the trust of executives.
Establishing a data-driven security program
When it comes to establishing a data-driven security program, one of the most important aspects is designing the process of data collection. It is crucial to understand what data to collect and how to process that data, as doing so enables management to make informed decisions.
The data collection process also needs to be repeatable. And the data collected must be able to describe the performance of the security program and identify deficiencies that require additional investments. A great set of data provides true security performance measurements and helps to answer critical strategy questions, such as:
- Are the existing security policies adequate to address the risks to the business?
- What relevant actions need to be taken to improve the security services designed to reduce the risks to revenue, operations, regulatory requirements, or reputation?
- What does the organization need to invest in to reduce its susceptibility to or the frequency of major security incidents?
How Domo can help
With a modern BI platform such as Domo, security organizations can establish a repeatable and vetted process of data collection. What’s more, because of the platform’s many advanced capabilities (think data science and machine learning), they can quickly build the foundation of a security program that provides information to the right stakeholders, in the right context, and drives intelligent action.
Learn more about Domo’s security framework, including its many security layers and features.