Managing Security in a Modern Workplace… and Modern Threat Landscape
By Peter Straight, Security Practice Lead, Insight Enterprises
Modern workplaces mean a need for modernized security. The equation sounds simple, whereas the actual implementation can admittedly be a huge undertaking. Nevertheless, it’s a general rule that holds true, as organizations seek to keep up with the times.
And keeping up with the times is the only way to successfully mitigate cyberthreats, which are only increasing in number. To illustrate just that, 48.8% of executives recently polled by Deloitte expect the number and size of cyberthreats to their organization to increase in the coming year.
The reasoning is in front of everyone’s eyes. As the number Internet of Things (IoT) devices increases — and it will, with a projected 41 billion in 2027 according to Business Insider Intelligence, up from 8 billion in 2019 — the number of potential attack vectors goes up too. On top of that, workloads are shifting to the cloud too, creating a need for a shift in how companies approach their security.
What makes for a modern workplace?
Now, there’s room to argue how exactly you should define a “modern workplace.” When you hear the term, your mind may race to a visual of a complex straight out of the next blockbuster science-fiction movie, sustainably powered and rife with sensors, automation, the whole nine yards, etc.
You wouldn’t necessarily be wrong, at least not completely based on how we thought modern workplaces should look a few years ago. However, with the emergence of remote work ever since it’s only one part of the aforementioned equation. Workers are undeniably going back to the office more, as society recovers some semblance of pre-pandemic normalcy. Still, as a contributing factor to the ever-increasing amount of IoT devices, you’re realistically looking at hybrid work staying put as a staple, at least in terms of what workers seek in potential employers.
For example, Gartner reported “… the hybrid workstyle will remain prominent in 2023 and beyond,” with even more workers (39% in 2023 vs. 37% in 2022) working in this manner.
Managed cybersecurity vs. managing your own cybersecurity
Just to get everyone on the same page, “knowledge workers” is a term to describe employees who don’t engage in physical labour, i.e., today’s “white-collar” workers, which for all intents and purposes includes your IT team. So, Security Operations Centres (SOCs), which are key components to every company’s strategy to protect against cyberattacks, are hybrid as well.
In other words, SOCs don’t necessarily correspond to a physical location in a building, at least not completely. Consider the sheer existence of managed SOCs, where the duties of an SOC are effectively outsourced to another company. Admittedly, certain roles call for a need to be on-site. For example, threat analysts should ideally be able to take advantage of shared modelling. Being in the same place, they can each see a live dashboard of collective customer data all at once.
However, generally speaking, one expression fits more than most: Where there’s a will, there’s a way. It just so happens there’s a general will to work remotely, and these days, following the scramble on the part of IT teams in the early days of the pandemic, the infrastructure is in place to enable it. However, it goes beyond a simple desire on the part of employees to avoid a daily commute to the office, specifically regarding cybersecurity. There’s a practical/financial facet to consider too.
It comes down to how some companies are large enough to house their own SOCs. Other companies have little other choice but to go the managed route. More and more, companies are even hiring contractors for Managed Detection and Response (MDR) purposes, where an outside organization will manage their Endpoint/Extended Detection and Response (EDR/XDR) technologies, a service that in practice tends to also fulfill SOC responsibilities too.
The evolutionary cybersecurity lifecycle
It’s been an evolution to get to this point, where SOCs aren’t just commonplace in business, but required from a sheer functionality standpoint. Companies need them to operate in the real world. Doing without one would needlessly leave an organization exposed. Over the last decade, leveraging a Security Information and Event Management (SIEM) platform became a compliance need for just that reason.
Once companies began deploying SIEMs, their IT and security teams soon realized how overwhelming one can be, leading to a trend toward managed SIEMs (outside their respective organizations). Meanwhile, the general desire to expand security portfolios eventually led to the inclusion of SOC services in managed offerings to provide centralized threat detection (and MDR services most recently).
As alluded to, compliance, in terms of Governance, Risk and Compliance (GRC), is relevant in that it drives the outcomes a SOC needs to see. For example, by following the National Institute of Standards and Technology (NIST) Cybersecurity Framework, you set yourself up to first identify threats, but also your assets, applications, users and data. With the right processes and technologies, like automation, in place, you can respond to threats coming in, in kind, to form an evolutionary lifecycle.
Connecting the link between GRC and SOC
The truth is, similar to with cybersecurity, there would be no lifecycle without GRC. GRC along with the presence of an effective SOC builds trust. Staying compliant addresses regulations, forcing companies to become more efficient and stay competitive by meeting the 18 Center for Internet Security (CIS) Critical Security Controls and ISO/IEC 27001 controls for information security management systems.
In effect, GRC helps companies measure against benchmarks and their own maturity models. That’s how companies adapt to fill gaps in their respective environments… or how service providers like Insight do just that for clients through features like:
· 24/7/365 data centre threat detection and security incident remediation
· Adoption of a client’s processes, for seamless integration with your team
· Regular monthly, quarterly and semi-annual health checks
· Automation to accelerate time to value
What sets Insight Managed Services apart is a deep partnership with top-tier security providers. For example, with Microsoft Sentinel, one such SIEM platform, Insight Managed Security hunts threats and remediates incidents on the client’s behalf (as their data stays in their Microsoft tenant in consideration for data laws that change from country to country). Assigned teams leverage third-party intelligence to lower risk levels and deliver responses faster than clients can on their own (without a managed service).
Threat vectors have changed over the last couple of years. Companies may simply lack the proper staff to catch or respond to threats accordingly. Adequate security comes down to the wherewithal to first say, “Hey, does my traditional way of looking at things still apply, with my workloads having moved to the cloud?”
How do you view those things differently and add more technologies to protect against cyberthreats? It’s now a matter of having the right level of automation/processes in place, enabling you to do more as cost-effectively as possible — maybe through a managed service. The end result is the same regardless: a modernized workplace, where “modern” is effectively a synonym for “secure.”
