Understanding the importance of IT Operations Management in a cybersecurity-focused market
Our businesses are under attack from every angle imaginable. Cybercriminals want to get rich off our hard-earned efforts. National state-sponsored attackers want to destroy our economy. Competition-sponsored attackers are intent on stealing our intellectual property (IP) and hacktivists do it all for the thrill of the hunt.
If these threats are not worrisome enough, our data is compromised daily by well-intentioned employees being human and making mistakes as humans often do.
Contractors working to support our efforts may potentially impact us by not following cybersecurity best practices. Business partners allow us to expand and/or support our service offering but are often the weak link in the supply chain, and if this isn’t bad enough, compromised internal accounts can rob us of our market credibility with one fateful click.
Once this realization hits us, we immediately think of vulnerability assessments, penetration testing, ethical hacking, security incident event management (SIEM) tools, threat hunting, email filtering and a host of other areas and capabilities that we need to stand up. This is analogous to building a 5-bedroom house on a 200-year-old foundation without reinforcement. Tragedy is bound to hit.
Before we do anything, we need to bring stability to that foundation. It may mean a rip-and-replace of the old technology solutions with something newer, or it may mean bringing in the latest advancements in foundation technology to reinforce what we have.
Even if we reach the point of having a “strong house”, a weak link in our supply chain can easily turn into a significant compromise.
Over the next series of articles, I’d like to provide insight into how bad actors can gain access to your digital assets without ever digitally entering your organization. I’ll show you how they can easily identify the “low-hanging-fruit” and take advantage of those that are unaware of their own cyber profile. I’ll also show you how a weak link in the supply chain will significantly increase your cyber risk factor and how bad actors will exploit that weak link.
In many organizations, the IT operations teams are often separate from the IT security teams. Some actually become adversaries and complain about how difficult the other is to work with, without really understanding the “why” behind the positions they are taking. Even in the managed service market, managed service providers (MSP) – focused on management of the infrastructure – are separate from managed security service providers (MSSP) and rarely coordinate activities based on their common customer. Just a personal note: I do believe these two should be different companies to avoid any conflict of interest or even the appearance of “the fox guarding the hen house.” But they do need to communicate!
An MSP is typically focused on general network & system IT support, patching, backup and recovery and monitoring the infrastructure for availability, performance and event management; typically working out of a network operations center (NOC). The MSSP is focused solely on security services, such as intrusion detection, vulnerability scanning, security incident event management (SIEM), threat hunting and threat mitigation; typically working out of a security operations center (SOC).
When isolating the IT operations management (ITOM) team from the IT security team, a cone-of-silence can be created between the two teams, putting both themselves and their clients (internal and/or external) in a vulnerable situation. It is critical that both teams work together to provide a safe and secure environment to project the assets of the organization they support. Without a stable and efficient infrastructure, the security team cannot operate with confidence, not knowing if the doors and windows are locked up tight. Without the blanket of security provided by the security team, the ITOM team cannot operate effectively, always looking over their shoulder wondering when they are going to be knocked down.
During FY2022, I will provide a series of articles hitting various key areas that both the ITOM and IT security team have a shared stake in and responsibility for. We’ll look at how each of these areas impact the other as well as benefit the other. I’ll also provide recommendations on how to get the greatest impact and benefit from both. I’ll also explain the importance of a stable infrastructure and the importance of proactively managing that infrastructure for known vulnerabilities. You’ll see that ITOM tools are capable of monitoring more than availability, performance and events. They can easily be configured to close the gaps of a weak foundation.
An organization can bring in all types of high-end cybersecurity management applications, which we fully endorse as needed. But without the applications managing the infrastructure, we have a risk manager’s nightmare.
All structures need to be built upon a strong foundation. Your cybersecurity management approach strategy is no different.
Mike Battistella is the President of Solutions³ LLC, an IT Management Company focusing on Cybersecurity Governance, Risk Management, Compliance (GRC), & Training, IT Service Management (ITSM), IT Operations Management (ITOM), Critical Notification, and Technical Training. Mike is also the North American Regional Director for Cybersecurity-Professionals.