“My Very Educated Mother Just Showed Us Nine Planets”—remember the school days, how we used to place the sequence of planets in terms of their distance from the sun? Or “BB ROY Of Great Britain has a Very Good Wife”—that told us the resistance color codes? But somewhere as we grew up, technical jargon, business jargon, and clichés replaced those exciting ways to remember things.
Within the IT domain, while user-facing areas like Martech, social media, IoT, Big Data see some occasional light-hearted banter, security is considered too serious to ‘succumb’ to that.
It need not be. We could make a small beginning by converting today’s security managers’ focus to an interesting acronym. As I was working on that, I found that the Swara (voice) of the security managers can be expressed by the five swara varnas (vowels) – A, E, I, O, U.
So, here are the security managers’ five vowels (Pancha Swara, going by the fashion these days of giving a Sanskrit name). And they are not necessarily mutually exclusive.
Here are the five vowels and what they mean for the security manager.
Automation. In today’s context, Security Automation serves four significant objectives. The lowest hanging fruit in all automation—security is no exception—is enhanced efficiency. Two, response and resolution must be small for many tasks such as incident response and investigation requiring automation. With the large volume of data needed to be sifted and analyzed, a human process is not just inefficient, and it is prone to errors. And finally, the availability of a skilled workforce is a challenge. Automation allows to free up human beings from repetitive tasks even while doing them better. No surprise, from simple monitoring to advanced proactive threat detection, automation is ruling the security landscape.
Emerging technologies. Much of the automation and advanced thwart techniques use newer technologies today, which did not exist five years ago. Machine learning, artificial intelligence, robotics process automation (RPA), deep learning, user behavior analytics are areas of new technologies and their applications. The expectation today from a security manager is the same as that of a business manager—they must help the organization build a competitive advantage. A good security manager is expected to hunt for new technologies and find ways to make them work to create value for the organization.
Innovation. As the role of a security manager changes from a task-based (read tickmark-based) implementer of tools and technologies to an outcome-based business executive, there is a need for strategy. What’s more, unlike any other function in the organization, you are continuously being questioned. You have to fight them even while planning for future-proofing. Innovation is a greater need in security than in traditional IT these days.
Orchestration. The Holy Grail of any security manager. No area within IT is so fragmented when it comes to solutions. Points solutions still rule; there is a significant change in the security landscape requiring newer solutions and even approaches to solutions, leading to newer players joining the party almost every day, doing one job exceptionally well. While the best-of-breed approach in many areas has given way to end-to-end, insecurity is not just surviving but thriving. That makes orchestration significant task in security. All the investment could come naught if you fail to do proper orchestration. I feel automation and orchestration often have different objectives to achieve, and they should be treated separately.
User education. Traditionally, this has never been part of a security manager’s list of tasks. But today, the realization has dawned that no matter how great you are as a professional and no matter how efficient tools and technologies you have, you cannot fight the war alone. At best, you can fight some battles. You need the entire user base to join you in the fight. That is what is achieved by user education. Today, a significant time of a security manager must go to build user awareness, promote best practices and work actively to ensure that users participate in the journey. Creating a policy is not the end of it.
I thought this would make it easier for the security manager to focus. When in doubt, listen to your five swaras—five vowels.