“New tooling or intelligence approaches can help automate steps for key areas, such as security analysis and investigation”
The current pandemic is one of the biggest events in human history. It’s affected healthcare, government, public sector organisations, international supply chains, media companies and large swathes of retail. For some, the pandemic is a serious business risk that puts livelihoods at stake. For others, the shift to online business models has been a boon, increasing traffic levels and attracting spend. Either way, this puts IT – and IT security in particular – under the microscope, writes George Gerchow, Chief Security Officer, Sumo Logic
However long it may appear, it looks as if there is an end in sight. Potential vaccines are in research, which should help everyone once testing is completed. For countries initially affected by the pandemic such as China and South Korea, their economies are starting to open up again and the lockdown process is being gradually reversed.
For countries in Europe and the US, this process is frustratingly close and far away at the same time. What unifies all companies across the world is how they get back to normal, whatever normal will be in the future.
To prepare your security team for this change, it’s worth spending some time on what will be coming next. Depending on your company and its position in the economy, this could be an exercise in belt-tightening and cost reduction, or about keeping up with digital transformation and online growth. Either way, the picture for security may be different from what exists today.
Whatever is coming, preparing your team is an important first step. Creating a ‘mission statement’ for the security team is a good way to prepare. It might seem like a case of too much management-speak in action, but there is a practical reason behind this. It helps everyone understand what is expected of them and what changes will be coming up. By defining your approach, you can put a baseline in place, set what the “new normal” is for the business and prepare for whatever the future holds.
Secondly, make a prescriptive decision on how you will run your security operations in future. This will be based on the success of your business today, what your forecasts suggest over the next couple of years, and what timeframes are realistic. Now, none of us are fortune tellers; however, we can define what we intend to deliver over time and look to stick to it. This prescriptive approach demonstrates leadership to your team and provides guidance to the rest of the business as well.
Alongside this forward-looking approach, consider how to implement some new practices and procedures to support your team. For example, organisations will look at whether they will bring all their employees back in one go, or stagger their offices being opened. For your security team, you have a similar choice to make.
To support social distancing, you may want to stagger team members being in the office. This should make transmission of any infection between security team members harder, while making the transition easier. You can also consider looking at meeting areas for social distancing and hygiene support, so that people feel comfortable coming back in.
Demonstrating empathy during this difficult phase is also important. Team members should feel that their wishes around getting back to work are being respected – whether that means relieving the strain of juggling family life alongside remote work, or enabling a return to a familiar working environment and team. The idea should be to phase in any changes gradually. Your approach should reflect how you are looking at the long-term picture for your team’s health, and demonstrate how you support your team in being effective around their goals.
Making the Most of Security
For many security tasks, the ability to perform well is inextricably linked to personal workspace and, in particular, the amount of screen real estate employees have. While some will have been able to take monitors home and carry on as normal, many will have been restricted to working from laptops. This will have led to some compromises and changes in how people work.
However, some of the adjustments may have led to better results or more effective collaboration. New tooling or intelligence approaches can help automate steps for key areas, such as security analysis and investigation. If you found any benefits from remote working then you can start adding them to complement your previous processes.
Lastly, discuss some new approaches to how you run your team. This can be a team-building activity during what will remain a difficult and stressful time. For example, look at how to support teams that are split across locations – carrying out remote sessions for team-building such as eating lunch together over video calls or having non-work related calls can really help. It will take some time to get back to normal, but these efforts can help everyone find their stability while under pressure.
For security teams, this process of implementing the “new normal” will affect them in two ways – the first as a department, and the second as part of a company within the wider economy. To get ready for these changes, it’s important to prepare. Using your data, your processes and your team skills can all help.