Now that the Mayan calendar gives us until October 13, 4772, we have some time to focus on 2013 in earnest. As I was thinking of my resolutions for 2013, I thought I’d compile some of the things that I predict will be on the resolution list for many organizations in the New Year.
Start With A Strategy
Sounds silly, I know, but some people still shoot from the hip when it comes to security initiatives and their desired outcomes, how they map back to business objectives, and what metrics to use to measure success. I know it can be a hassle getting all of the business units together and mediating the process, but it’s worth it! Everyone understanding the goals and having their input validated will go a long way to getting buy-in across the board. And that will go a long way to the success of the strategy.
Leverage What You’re Already Doing
Chances are, you’re already doing a pretty good job in many areas. One opportunity for a more secure 2013 could be to leverage the efforts that may be siloed in your organization and look at them as parts of an overall solution. Part of your strategy should have been to define what security capabilities are needed to support the business objectives…and these capabilities can most likely be obtained by using the investment in people, process, and technology that has already been made and augmenting it with a holistic approach to the problem. Security analytics could be the glue for this.
Reevaluate The Tools You’re Using
“If you do what you’ve always done, you’re going to get what you’ve always gotten.” This may sound like the opposite of the previous point, but bear with me…it is very possible that the amount of effort it takes for your highly skilled security team to detect a security incident could be reduced by simply changing or adding some capabilities. Less effort = less time = quicker resolution = less exposure to the threat. That is pretty simple math.
Invest In Your People – “Sharpen the Saw”
Let’s not forget the people who are keeping our data safe and within the perimeter of our networks. These folks are great but they are typically buried in operations all day. This means that all of their opportunity to learn new skills happens on the job…which could lead to a situation where the “learning experience” results in an exposure. As you plan for 2013, plan to allow these folks some downtime to attend conferences, take classes to enhance their skills, and play in the lab with new technologies and tools. Right now, these folks are in high demand, and retaining top talent should always be a top priority.
That’s my short list…I hope this validated your 2013 security plan, and if not, you’ve still got a little time before the ball drops.
Jason Rader is the Chief Security Strategist for RSA Global Services; he can be reached at firstname.lastname@example.org