Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
09:15 AM
Kevin T. Reardon
Kevin T. Reardon
Partner Perspectives

Balancing Accounting Policy & Security Strategy

A long-term approach involves focusing on security as a platform, instead of a selection of individual products and point defenses.

While accountants track quarters and years, cyber security time is measured in seconds, minutes, and months. For instance, Intel Security’s “Malware Zoo” grows at the rate of four new pieces of malware or malicious software every four seconds. Currently, this Zoo has more than 375 million pieces of malware, 103 million obtained and classified in the last nine months alone. The average useful life of a poorly configured or unprotected PC on the open Internet is four minutes.

As a security practitioner, you would not let a device sit idly by unprotected. Now consider this: For anything you want to invest in, your CFO wants to amortize the investment over three to five years, as he or she does for other computer equipment. How can you maintain a strong security strategy and position against an exponentially growing threat, while balancing the rules of GAAP that seem to dictate current security strategy?

In almost every organization, there are tensions between different functions or departments, as they try to maximize their own objectives. Accounting or finance is trying to maximize the value of the firm, preserving cash, recording assets with as much value as possible, and minimizing capital and operating expenditures. Security is trying to maximize protection for those assets with the smallest impact on everyday operations. (Of course, it is difficult to demonstrate a level of protection, since it involves proving a negative.) The fact is, your security strategy should not mirror your accounting policy. How do you reconcile these two very different perspectives?

Let’s start with the definition of an asset as something that has a probable future economic benefit to your organization. If some aspects of your security system are outdated and can be readily circumvented by the latest attacks, then they have ceased to provide an economic benefit. But how do you use this when you are building a business case for greater investment in security?

With the flurry of recent security breaches, an easy approach is the “fear, uncertainty, and doubt” routine. This may make it easy to get approval for a temporary budget increase or a pile of reactionary purchases, but it does not do much for your long-term security posture. Reactionary purchases result in a series of security silos that cannot talk to each other and that increase operating and capital costs. You may consider this a layered defense strategy, which is better than point systems, but it has higher operating costs and the potential for a false sense of security.

A better long-term approach is to focus on security as a platform, instead of a selection of individual products and point defenses. Your organization has likely invested in platforms in other areas such as office automation, network infrastructure, and enterprise resource planning, because standardization and consolidation improve efficiency and reduce cost. In today’s threat landscape of complex and adaptive attacks, a critical component of an effective security platform is sharing of data among all of the sensors, defenses, and controllers. This communication enables all devices to get the knowledge and assistance they need, and the security operations center to have a true picture of the active threat level.

The next component of an effective security platform is integration and automation between security processes in real time, which helps drive down operational costs. While technologies can share data over standard formats, the ideal model shares data using a real-time communications backplane so that the data can provide assistance in problem solving immediately, rather than be used solely to reconstruct the past. With the demand for security personnel outstripping the supply of experienced professionals, integration reduces the time-consuming “swivel-chair management” technique of monitoring multiple consoles, and automation filters out the normal, expected noise and other clutter to provide more visibility to the anomalous and abnormal alerts and events.

Finally, you want a platform that supports multiple vendors and technologies, without requiring a wholesale replacement of your existing infrastructure. No single vendor can deliver all of the current and new technologies, and competition and open architectures help to keep prices down, business responsiveness up, and functionality increasing.

The use of an integrated platform has been proven in several other parts of the organization, and it is time to demand this from the security area as well. Long-term operational cost savings, sustainability, and future-proofing far outweigh the perceived short-term gains of cash flow management. A connected security platform reduces capital and operating costs while vastly improving your security posture, satisfying both finance and security. In our recent study on security management platforms, respondents identified the platform as the most important and valuable part of the security system, surpassing endpoint protection, with a 66% increase in value since 2012. In the end, you need a security program by design, not by accounting policy.

Kevin T. Reardon is a Vice President in the Office of the CTO and is responsible for Intel Security's worldwide Value strategy and program. With more than 18 years' experience in the IT security field, Kevin acts as a key advisor to top Intel Security commercial and ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, Gigamon,  7/10/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...