Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:05 AM
Lamont Orange
Lamont Orange
Connect Directly
E-Mail vvv

When It Comes To Security Tools, More Isn't More

Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success.

Companies fast-tracked their security plans in 2020 due to the pandemic. Timelines that had stretched into the next three or five years were condensed into six months as the business landscape underwent rapid change and the remote workforce boomed. 

Even pre-pandemic, many companies were undergoing significant transformation as they transitioned to cloud or hybrid architectures and grappled with problems caused by tool sprawl due to the quick adoption of many disparate tools. For some, COVID fueled and exacerbated these challenges.

Organizations, and especially chief information security officers (CISOs), should keep the following in mind with the COVID-accelerated shift to the cloud, where they're running into trouble with tool sprawl and looking to implement new security solutions.

Related Content:

Cloud Identity and Access Management: Understanding the Chain of Access

Building an Effective Cybersecurity Incident Response Team

7 Infamous Moments in Adobe Flash's Security History

Factors to Remember When Shifting to the Cloud
It's no secret that companies have been moving to the cloud in droves. In some cases, the pandemic sparked this shift, but many were already on the path. And COVID's impact hasn't been all negative; in many ways it let organizations hit the "restart" button and take a close look at their security strategy. 

Regardless of what prompts a company's move to the cloud, it's important to not neglect the first requirement of any successful security program: Visibility. 

Companies must be cognizant that their existing tools may not provide as much (if any) value in the cloud. Visibility is the key to determining whether old tools still provide value, and if not, what should be replaced. 

Additionally, companies need to set a cadence of patching and maintaining systems that are no longer on-premises. Even though an organization is in the cloud, there are still infrastructure components that must be patched, like software as a service (SaaS), infrastructure as a service (IaaS), function as a service (FaaS), and containerization. 

When it comes to data loss prevention (DLP), storage strategies used on-premises won't fit the bill. There will be an onslaught of SaaS applications storing data, so companies need a strategy for gaining the data control and protection they need. 

It's also critical for organizations to manage endpoints effectively, since that's where the data is going. Companies need to ensure that their endpoints control threat protection at every stage of the journey.

In the rush to adopt new technology and transition to the cloud, companies tend to neglect these practices and fail to uphold security standards. This can cause major security gaps down the line.

The Trouble With Tool Sprawl, and the Perks of Eliminating It
Many organizations felt tremendous pressure to bolster their security strategy when their workforce suddenly went remote in 2020. For some, this sparked panic-buying of new solutions without much consideration to security, return on investment (ROI), and integration. We have yet to see the long-term effects of these actions, but there's no doubt that they caused numerous gaps in security, and bad actors may be lying in wait. 

But COVID isn't 100% to blame: Tool sprawl has been alive and well since long before the pandemic. This added complexity creates natural gaps, with negative effects including breaches, disclosures, and even a scramble to remove new tools that create vulnerabilities. Tool sprawl also generates more operational challenges for security teams and can increase how long it takes to identify, resolve, and report incidents. 

Another issue with many disparate tools is a dip in workforce productivity and satisfaction. Managing multivendor environments is operationally challenging and adds complexity. Complexity introduces gaps and mounting alerts that stress teams' productivity and endurance. If, for example, small teams are bombarded with thousands of security alerts per day, it hurts their work efficiency and sense of well-being. Alert-management tools (especially those powered by artificial intelligence and machine learning) can help teams sift through the signal-to-noise ratio and uncover what's important. However, the ultimate goal should be to eliminate tool sprawl altogether through optimization. Integration is the key to simplification.

At its core, tool sprawl may be due to security leaders trying to "technology" the business with a tool-centric approach. By taking a more business-centric approach and focusing on optimizing tools, companies stand to enhance security, increase ROI, save on budget, and see immediate value from moving to new stacks.

Still in the Market for New Tools? Consider This
Of course, not all tools are bad. But companies need to do their due diligence when researching new solutions because their old checklists may no longer apply. 

Focus on rationalizing and optimizing new tools by taking a more business-focused approach. For example, CISOs can ask themselves: Can I consolidate these four solutions that provide marginal value into one that covers all my bases? 

When onboarding new solutions, CISOs should put as much emphasis on the capabilities of new tools as on who they're purchasing them from. Does the vendor pride itself on its security standards? Does it have the most robust certifications? Does it employ individuals who are exclusively responsible for security? 

Since applications have access to an organization's data, workforce, and team, these factors should be closely examined before diving into a tool's capabilities, integrations with existing tools, management, risk factors, and more.

Businesses have undergone a massive amount of change recently, and there are no signs of that slowing down. As companies take on security, it's important to remember that, when it comes to tools, more isn't always more. Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success as the world continues creating new demands for security.

Lamont Orange has more than 20 years of experience in the information security industry, having previously served as vice president of enterprise security for Charter Communications (now Spectrum) and as senior manager for the security and technology services practice at ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
1/12/2021 | 4:52:48 AM
Who is responsible for security in the cloud?
Tightly said the "cloud" has become an inseparable part of today's business.

When adopting cloud solutions, many organizations fail to balance the benefits of the cloud against the cloud security threats and challenges they may face.

But the major question to ask is, who is responsible for security in the cloud?

Being an entrepreneur I had to go through the same especially in this lockdown. I also tried many solutions but it was expensive for a start-up like mine. I finally landed in some free solutions with a limited number of otp users and quite satisfied till now.
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-11
RiyaLab CloudISO event item is added, special characters in specific field of time management page are not properly filtered, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks.
PUBLISHED: 2021-05-11
Special characters of IGT search function in igt+ are not filtered in specific fields, which allow remote authenticated attackers can inject malicious JavaScript and carry out DOM-based XSS (Cross-site scripting) attacks.
PUBLISHED: 2021-05-11
An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution.
PUBLISHED: 2021-05-10
In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor
PUBLISHED: 2021-05-10
In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/ action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML.