DEV Community

Cover image for Good Security Boosts Your Flow
Víctor Jiménez Cerrada
Víctor Jiménez Cerrada

Posted on • Originally published at safetybits.io

Good Security Boosts Your Flow

Everyone agrees that implementing security is necessary. However, it’s often seen as throwing a spanner in the works, slowing down your momentum.

Delaying security gives a false sense of speed. Yes, you go faster and have less to worry about, but it will always come back to bite you. The moment a critical security incident shows up, it will stop you completely, you may receive substantial fines, and you will definitely suffer an impact on your reputation.

This argument is widely known, and still companies assume the risks, so let’s try a new approach in this article:

When security is implemented correctly, it boosts your operations speed.

A good approach to security motivates you to follow best practices in many areas. As a result, you end up streamlining many processes, improving your efficiency.

Such a paradigm change requires some time to adapt. But done right, you should only slow down for a short period and then proceed to be faster than ever.

So, where does this “momentum killer” reputation that security has come from?

Most of the time, it comes down to flaws when adapting. For example, overlooking some processes that don’t fit the new paradigm or not providing enough training to workers. You suddenly find yourself with a workforce that is no longer confident; thus, things don’t work as they should.

Why is a Radical Change Needed?

Well, the world has changed. When compared to a couple of decades ago, everything is connected now, and we have a huge attack surface.

At a personal level, we went from a laptop to also owning a mobile phone, a tablet, a watch, a TV, and other home appliances that all connect to the internet.

Two mobile phones, one old one, one iphone 3gs. A big technological change has occurred in the last decades.

Companies are hosting their servers in fewer instances, increasingly leveraging cloud services. Plus, remote working is a thing now. You not only have to keep in mind your office’s security but also the one at your employees’ homes.

And the industry is more connected than ever. Production lines are now filled with PLCs and sensors that can be monitored from a control room. Machine manufacturers now request remote access to machines so technicians can perform maintenance without driving to the factory.

This interconnected world has plenty of advantages, and we love it. However, we sometimes forget how radical this change has been.

The more connected we are, the more important cybersecurity is. And we placed connectivity at the core of our lives and businesses, so cybersecurity should be as well.

But… I’m just a medium-small company. Who is gonna target me?

Well, attackers have changed too. Attacks are now mostly indiscriminate and automated, driven by botnets that restlessly scrape the internet. It doesn’t matter who you are.

You can easily test this. Leave unprotected remote access to a machine connected to the internet and monitor the access logs. How long do you think it will take for attackers to start pinging the door? The last time I tried it, it took only seconds.

It is no longer a matter of “if” you are going to be attacked but a matter of “when.”

The world has made a fundamental change comparable to the industrial revolution without us realizing it. Now, we need to adapt to radical changes if we want to survive.

Adapting to Change is key to Success

If you implemented security from the start, you are lucky. You probably are following best practices, and you had time to slowly tweak and improve processes.

However, if you are like most, you find yourself at a point where a big step up in security is required. Maybe you need to conform to a new security compliance standard in a short time frame, you thought your security was enough, and now you realize the journey ahead of you is more than you expected.

A construction building in Tokyo. Japanese cities are constantly adapting to a new world.

Don’t worry, you are not alone.

This happens to every company sooner or later; there is a lot of expertise on the topic, and the road is already paved.

The key to success will be your ability to adapt quickly.

Don’t fight it, you’ll end up implementing security halfway, many things won’t work, your employees will feel uncertainty, and overall, you’ll feel like you are slowing down.

Embrace security as a centerpiece of your strategy and take the time to do things right:

  • Place cybersecurity as a core pillar of your company.
  • Drive the changes from the top level.

It’s not enough to have a cybersecurity team pushing for the changes. You need the support of the top level, leading by example. It’s the only way the whole company will take this seriously, and people will get invested in doing things properly. After all, why will someone take care of cybersecurity if that’s the responsibility of another team? The message must be “We are all on the same boat.” A cybersecurity team can lead the way, but everyone must do their part.

Once the company culture is on the right path, it’s time to get to work.

Take your time to analyze the areas and processes that will need to change, and dedicate enough effort to empower your workers so they can work confidently under the new paradigm.

Some tips for this phase:

  • Re-evaluate processes and make them easier to follow.
  • Identify manual tasks and automate them as much as possible. Reduce the chance of errors that may compromise your security.
  • Work closely with each area to understand how they work. Don’t impose on them; it will feel like you are telling them how to do their work. If a security policy slows them down, look for solutions as a team.

The moment your workers have the right tools and processes are clear and ironed out; they will feel more confident and more effective than ever at their work.

You’ll Need Good Security Tools

One of the perks of implementing security nowadays is that you have access to a plethora of security tools that already solve most of the challenges you face. You’ll just need to identify those that are best for you.

A spoon holding a market stall in Galway, Ireland. The spoon is failing. You need the right tool for the job.

A quick tip: Security tools must understand your workflow and work with you instead of against you. Look for things like:

  • Integrating security with your systems should be straightforward.
  • Security tools must provide you with the insights and reports you need right away.
  • Out-of-the-box detection rules and compliance controls must cover most of the threats, reducing onboarding and customization to a minimum.
  • Alerts must be precise. A false positive in an industrial facility may translate into stopping production.

A good security tool saves you time by guiding you:

  • It works ahead of you, assisting you prevent issues before they are incidents and proposing remediation and mitigation actions.
  • It cuts through the noise, highlighting the areas in need of immediate attention.

And finally, a good security tool treats security as a whole instead of focusing on a single problem. Attacks nowadays are complex, and you’ll need to correlate insights from several sources to detect them. The bigger the scope of your security tool, the more threats it will be able to detect.

If security is integrated every step of the way, you can stop thinking about security and focus on your work. This will work towards our goal of being faster than without security tools.

Let’s see a few concrete examples of features on security tools that can boost your flow.

Asset Auto-Discovery

Think of a cloud environment where you can have dozens of services. Or an industrial facility with hundreds of devices connected to a production line.

Keeping a manual inventory is a time-wasting endeavor. And it’s also error-prone, as some changes may be overlooked.

By contrast, a security tool can auto-discover all the network devices in a facility and automatically check compliance against them.

Then, you can focus on installing new devices. If a worker commits a mistake while setting a device, it will be easily recoverable; your security tool will find it, and it will be fixed soon enough.

Tracking Compliance Progress

When you are implementing compliance, the traditional way of reporting on progress is to manually check each of the requirements. Although you can automatize some of these checks, it’s another time-wasting process.

Moreover, what happens if a configuration change makes some assets fall out of compliance? When will you notice?

A good security tool will provide automation out-of-the-box for you. It will go even further, running checks periodically so you always have an up-to-date view of your compliance score, and suggesting remediation steps to assist you in meeting the requirements.

Your teams will spend less time doing checks and more time progressing toward compliance.

Continuous Vulnerability Management

A final example is vulnerability management.

It’s just too much work to constantly check for new vulnerabilities and manually check which of your resources is vulnerable.

However, a good security tool can do this automatically and continuously for you. It can even gather context from your environment to prioritize which vulnerabilities pose a higher risk for you and provide mitigation steps for your team.

Instead of performing painful manual checks, your team will be acting directly on the areas that will make a bigger impact. That’s vastly more rewarding.

Conclusion

Times have changed, and now cybersecurity must be at the very core of every business.

Resisting this change turns into half-assed implementations that slow down companies.

However, when security is integrated properly, you end up streamlining processes and growing your toolset. Good security tools also provide great insights that anticipate your needs and make you go faster.

Top comments (0)