This isn't a one-size-fits-all situation. Simplify as much as you can, as the saying goes, but no more than that.
Complexity has become a significant issue. Enterprises suffer from overcomplicated cybersecurity environments that are underutilized, undermanaged, undermonitored, and laced with misconfigurations.
Complex environments cause a number of problems. They aren't cost-efficient, it is impossible to optimize them, they significantly lengthen the incident response process, and they act as a barrier for innovation, often turning small requirements for technical changes into large-scale projects.
While cybersecurity threats are constantly rising, security professionals are expected to achieve more with the same amount of resources. This means choosing simplicity over complexity, making cybersecurity environments easy to manage, control, change, and maintain.
Follow these nine principles to simplify your cybersecurity environment:
Automation is the key to the future of cybersecurity. Many companies have already implemented various automation products, such as security orchestration, automation, and response (SOAR) and breach and attack simulation (BAS). But automation is not a product, it's an approach. There are numerous activities that security teams can automate.
Underutilization of security products is a global epidemic. Companies tend to purchase new solutions without realizing that they could have utilized existing ones.
3. Suites Over Individual Products
Companies should prioritize purchasing product suites over buying several separate point solutions, even if that means compromising, to some extent, on product quality.
4. Managed Services
Depending on your specific situation, it might be highly preferable and cost-effective for you to use managed security services. Such services could shift some of the complexity to the service provider, allowing you to maintain a lighter technological environment.
5. Overcome the Cross-Units Barrier
In most enterprises, it is almost impossible to implement and utilize a particular solution when more than one department wants to use it. In such cases, it is common for such projects to face issues such as "which unit is going to finance this?" and "who will get the credit?"
As an undesired consequence, in many cases, a relevant department will try to avoid such an issue either by implementing it without involving other potential stakeholders, or, worse, by passing on the product purchase altogether.
6. Cybersecurity Approach
A company's approach toward cybersecurity is influenced by many factors, such as organizational culture, risk appetite, the CISO's personal approach, and so on. Some approaches are much simpler to maintain compared with others. For example, a zero-trust strategy can save you a lot of time by creating a unified access methodology for employees, suppliers, and/or partners.
7. Training and Knowledge Management
The more trained your security team is, the simpler it will be for team members to manage your security environment.
8. Life-Cycle Management
When evaluating a new product, make sure to assess its entire life cycle. Sometimes, the product implementation seems straightforward, but then the organization discovers that the day-to-day operation of the product consumes an unacceptable amount of resources. This can happen for various reasons: The vendor issues critical patches frequently, the product's documentation is lacking, the vendor has a poor support mentality, etc.
9. Back to Basics
This is a hype-oriented industry. It's easy to get excited about the next-generation-AI-powered-autonomous-anomaly-detection-prevention-response-and-remediation-system with smart-integration and advanced-data-visualization that runs on dedicated-quantum-computing-chip. But it is imperative to remember that the basic security controls are still the most important ones: Patch management, permissions, network segmentation, USB restrictions, etc.
As the quote often attributed to Einstein goes, "Everything should be made as simple as possible, but not simpler." Simplification should become a strategic goal for every security team. Nevertheless, it's not a one-size-fits-all situation. Simplify as much as you can, but no more than that.