When I am asked by friends to discuss the security breaches that feature ever more frequently in the news, I use a music analogy. Why music? For one thing, I am a fan of traditional classical music; for another, this allows me to describe the roles of security teams without the usual pile of acronyms and product names that are well known to those of us in the security industry but are unfamiliar to those who are not. Most importantly, the music analogy fits because I know that no complex system happens by accident.
In an orchestra, the string, woodwind, brass, and percussion sections work together to produce beautiful music – if they are handled by trained musicians. Similarly, with security orchestration, all systems and technologies within an organization function in harmony to achieve the desirable state in which data remains secure from end to end. However, while musicians can acquire classical training and can practice both alone and in groups, there is no holistic training and practice in the security industry today. Security professionals often must practice the art of attack avoidance or protection efficacy in real time.
A security team comprises several individuals, ranging from the security analyst up to the director of the security operations center. Consider the security team’s role analogous to that of the orchestra conductor. The orchestra conductor’s job is to keep the sections in time with each other; his job is not to instruct the musicians on how to play their instruments. The security team assists with system coordination, and timing, and the moderation of people and process. Security teams don’t code their own firmware for security appliances, nor do they choose their own silicon specifications. They do, however, set application priorities and enforcement algorithms within device policies.
Just as for an orchestra conductor, coordination, timing, and moderation for the benefit of the whole is critical for the security conductors. Success is measured in fractions of a second, and the failure of one part will lead to the failure of the whole.
Coordination: In the security context, systems must be deployed based on policy or protection needs and security teams must work with application teams and businesses to ensure the right data is allowed to pass, while securely restricting that traffic that is not permitted.
Timing: For security, timing refers to investments, frequency of updates, signatures, acceptable downtime, and even behavioral or breach detection. Scheduling should even extend to permissible outages for applications or services given that an outage might be construed as a security event dependent on the vertical.
Moderation: An element of security that is often overlooked is the moderation of people and processes – security is simply what must occur or is assumed while the business innovates. If a security architect is involved in an application concept or rollout, the architect can provide guidance to ensure that the risk management office is involved and that policies or guidelines can be met or managed. The security architect can also assess whether the existing security infrastructure is capable of providing the mandated levels of security across the entire lifecycle from detection through event management and even remediation.
When the conductor and the musicians are on the same page, the conductor can often fade into the background as the music takes center stage. Similarly, orchestration in the enterprise is not necessarily noticed until different parts of the organization fail to work in harmony. It is then that people wonder who is in charge of paying attention to the organization’s “big picture” needs. With diligence, a bit of focus, and the right disposition, today’s cacophony of security functions can become tomorrow’s secure melody.
Follow me on Twitter (@mikespanbauer) to keep informed as new research is released.
Follow us on Twitter (@NSSLabs) to keep informed as new research is released.