Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
12/16/2014
09:15 AM
Kevin T. Reardon
Kevin T. Reardon
Partner Perspectives
50%
50%

Balancing Accounting Policy & Security Strategy

A long-term approach involves focusing on security as a platform, instead of a selection of individual products and point defenses.

While accountants track quarters and years, cyber security time is measured in seconds, minutes, and months. For instance, Intel Security’s “Malware Zoo” grows at the rate of four new pieces of malware or malicious software every four seconds. Currently, this Zoo has more than 375 million pieces of malware, 103 million obtained and classified in the last nine months alone. The average useful life of a poorly configured or unprotected PC on the open Internet is four minutes.

As a security practitioner, you would not let a device sit idly by unprotected. Now consider this: For anything you want to invest in, your CFO wants to amortize the investment over three to five years, as he or she does for other computer equipment. How can you maintain a strong security strategy and position against an exponentially growing threat, while balancing the rules of GAAP that seem to dictate current security strategy?

In almost every organization, there are tensions between different functions or departments, as they try to maximize their own objectives. Accounting or finance is trying to maximize the value of the firm, preserving cash, recording assets with as much value as possible, and minimizing capital and operating expenditures. Security is trying to maximize protection for those assets with the smallest impact on everyday operations. (Of course, it is difficult to demonstrate a level of protection, since it involves proving a negative.) The fact is, your security strategy should not mirror your accounting policy. How do you reconcile these two very different perspectives?

Let’s start with the definition of an asset as something that has a probable future economic benefit to your organization. If some aspects of your security system are outdated and can be readily circumvented by the latest attacks, then they have ceased to provide an economic benefit. But how do you use this when you are building a business case for greater investment in security?

With the flurry of recent security breaches, an easy approach is the “fear, uncertainty, and doubt” routine. This may make it easy to get approval for a temporary budget increase or a pile of reactionary purchases, but it does not do much for your long-term security posture. Reactionary purchases result in a series of security silos that cannot talk to each other and that increase operating and capital costs. You may consider this a layered defense strategy, which is better than point systems, but it has higher operating costs and the potential for a false sense of security.

A better long-term approach is to focus on security as a platform, instead of a selection of individual products and point defenses. Your organization has likely invested in platforms in other areas such as office automation, network infrastructure, and enterprise resource planning, because standardization and consolidation improve efficiency and reduce cost. In today’s threat landscape of complex and adaptive attacks, a critical component of an effective security platform is sharing of data among all of the sensors, defenses, and controllers. This communication enables all devices to get the knowledge and assistance they need, and the security operations center to have a true picture of the active threat level.

The next component of an effective security platform is integration and automation between security processes in real time, which helps drive down operational costs. While technologies can share data over standard formats, the ideal model shares data using a real-time communications backplane so that the data can provide assistance in problem solving immediately, rather than be used solely to reconstruct the past. With the demand for security personnel outstripping the supply of experienced professionals, integration reduces the time-consuming “swivel-chair management” technique of monitoring multiple consoles, and automation filters out the normal, expected noise and other clutter to provide more visibility to the anomalous and abnormal alerts and events.

Finally, you want a platform that supports multiple vendors and technologies, without requiring a wholesale replacement of your existing infrastructure. No single vendor can deliver all of the current and new technologies, and competition and open architectures help to keep prices down, business responsiveness up, and functionality increasing.

The use of an integrated platform has been proven in several other parts of the organization, and it is time to demand this from the security area as well. Long-term operational cost savings, sustainability, and future-proofing far outweigh the perceived short-term gains of cash flow management. A connected security platform reduces capital and operating costs while vastly improving your security posture, satisfying both finance and security. In our recent study on security management platforms, respondents identified the platform as the most important and valuable part of the security system, surpassing endpoint protection, with a 66% increase in value since 2012. In the end, you need a security program by design, not by accounting policy.

Kevin T. Reardon is a Vice President in the Office of the CTO and is responsible for Intel Security's worldwide Value strategy and program. With more than 18 years' experience in the IT security field, Kevin acts as a key advisor to top Intel Security commercial and ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2079
PUBLISHED: 2019-11-22
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
CVE-2019-11325
PUBLISHED: 2019-11-21
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVE-2019-18887
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.
CVE-2019-18888
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. T...
CVE-2019-18889
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.