Security operations is not a new concept. In fact, it’s earned quite a few gray hairs in its roughly three-decade history, which got its start around the mid-1990’s with Log and Search. Each maturation of security operations has become more complex than the last, over time incorporating compliance, detection and response, intelligence, real-time threat hunting, and leaning towards fusion centers, as well as a whole host of other continuously developing capabilities.
The progression had been ongoing, but somewhat measured and predictable. Its evolution had been closely aligned with new technology innovations and new methods of adopting those innovations to deliver business outcomes.
External Influences
Then COVID-19 suddenly hit, and we saw a mass acceleration of what many called the “digital transformation.” Memes by the dozens found their way into our social feeds, talking about how it wasn’t the CEO, the CIO, or even business strategy and foresight that led this transformation. It was COVID.
Businesses went into pandemonium and the adversaries took advantage, using the chaos to advance their nefarious agendas. In the shifting of the workforce from offices to remote, literally overnight, attack surfaces were not just increased, but expanded to a point they were hard to discern, and with the expanded attack surface we saw a corresponding increase in business risk.
For several reasons, all predominantly related to the power of human resilience in some way, shape, or form, we adapted to the new normal. Companies sped up their plans to move to the cloud. They started exploring the concepts of a perimeter-free world and zero trust models and making years’ worth of digital transformation progress in a matter of months. In fact, according to the CyberRes 2021 State of Security Operations report, 85% of organizations increased their adoption of cloud-based security solutions in the past year, with at least 99% or organizations now having at least some part of their security operations solutions now deployed in the cloud.
Yet somehow, in all this modernization and embracing of new technologies and capabilities, the methods upon which the foundation of security operations are built have been completely overlooked, and the status quo has prevailed.
What now?
It is time for companies to rethink how they bring efficient security operations into the post- pandemic world. Most security operations centers are still living in metaphorical houses built on traditional on-premises foundations. From SOC floor layouts, to governing processes, to daily standups and basic communication flows, organizations are spending too much time trying to figure out how to extend legacy methodologies into the cloud, resulting in a Frankenstein approach with neck bolts and stitches largely based on the concept of universal data centralization. Perhaps, organizations should be thinking about new ways to realize the potential of their full cybersecurity ecosystems — embracing the data silos that extend across multiple environments.