A Cyber Security Message In A Bottle
It’s natural that orgs will fall back to bad or even unsafe practice even after governance is put in place. That movement can be fast and intentional or gentle and almost imperceptible.
This day-to-day movement away from standards is also known as “standards drift.”
That said, standards drift presents options and opportunities. Drift can be continually dealt with by your team or you make the discovery of drift as something more actionable.
What if you thought of drift as an inverse qualitative measure of the effectiveness and immediacy of detective controls in place for a given standard?
- If effective detective controls for the drift are in place, an alert will be generated immediately as the drift begins.
- If effective detective controls are not in place, the drift will begin and then continue until noticed by some other means.
Of course there are some alternative ways to discover drift.
- Luck.
- Audit findings.
- Breach.
Like a message in a bottle, the drift may never be found. Those are chances that I wouldn’t want to bet on.
Pro Tip: Discovery has value because behind every discovery of drift away from standards should be some missing or disabled control.
And, a chance to automate the governance of the associated standard.
For instance, if your policy is that no standard user accounts ca be present in the local admin group and, over the past few months, a help desk team member has been adding them without your knowledge, you don’t have sufficient detective controls in place.
If there was no bad intent, some orgs just shrug their shoulders and say, “human error”. But, human error only has an opportunity when insufficient controls are governing the activity.
So, you’ll want to invest in the discovery work for that standards drift (or human error) when it first starts. The incremental investment of automated alerting for the control would be near zero. Fixing the drift without fixing the detective control issue means perhaps revisiting the same drift issue again in the future.
Face it. Someone will find drift.
It might be a bad actor.
But, it might as well be you.
