Express Computer
Home  »  Guest Blogs  »  Democratizing Cybersecurity: Prevention is Better than Detection

Democratizing Cybersecurity: Prevention is Better than Detection

0 244

By Shambhulingayya Aralelemath, Associate Vice President and Global Delivery Head, Cybersecurity, Infosys

An exponential increase in cyberattacks, the prevalence of cyber threats, and the expansion of attack surfaces require the adoption of comprehensive steps for safeguarding enterprises from breaches. Companies are continuously deploying more and more cybersecurity tools to improve their security posture. Despite this, enterprises continue to get attacked. The challenge of falling short of achieving the optimal security posture is amplified by a lack of skilled talents who can effectively configure the tools for achieving the best outcomes. As a result, security is perceived as a stumbling block that slows down the pace of digital transformations.

However, cybersecurity is not the responsibility of a few skilled individuals or the CISO security office team alone. Instead, an effective security posture mandates the adoption of a shared security responsibility model, which is enabled by the democratization of cybersecurity. It facilitates the interlinking of secure-by-design principles with business-centric architecture and determines the effectiveness of the deployed security controls. Further, it bridges the talent gap with the enablement of cross-functional teams to deliver the security requirements, as per the shared responsibility model.

The democratization of cybersecurity amalgamates user experiences with outcomes of the deployed security controls and tools. The approach of enabling enterprise workforce on security best practices, making them aware of non-secure behavior, and providing a construct for being responsible by design in the use of frameworks helps in reducing the friction in homogenous adoption of cybersecurity controls across an enterprise.

The framework for the democratization of cybersecurity in an enterprise should be curated to derive quantifiable metrics that can establish an empirical correlation between the business risks and the maturity of the security posture. However, the metrics may not provide efficient insights if there is a lack of visibility of the complete attack surface of an enterprise. One can build the foundation for successful democratization of cybersecurity by using appropriate tools, policies, processes, and people skills that help with the ability to observe, protect, detect, and respond to cyber threats.

The rollout of a security-first culture aligned with the shared responsibility model helps reduce dependency on the availability of niche skilled cybersecurity experts. It enables everyone to contribute to the protection of an enterprise’s digital ecosystem. Enterprises can keep pace with the continuous, dynamic threats by adopting the shift-left of security principles and automation in implementing security control, policies, and compliances integrated with AI and machine learning principles.

For example, the security posture is strengthened through centralized collection and normalization of real-time telemetry data from existing security tools and control points, analyzed with machine learning techniques to detect anomalies, and integrated with automation capabilities to accelerate response to incidents.

Some of the key features for the successful orientation of the security transformation approach include:

Secure By Design: It requires mapping business prerogatives with the enterprise security architecture and ensuring minimalistic, yet effective controls are designed and implemented across the lifecycle journey of any technology deployment (for example, the rollout of modern workplace capabilities) in an enterprise. The Secure by Design framework lays the foundation for the cybersecurity shared responsibility model.

Visibility of attack surface: Enterprises suffer from cyber threats that attack assets that are not protected due to lack of visibility. Processes defined to bring about observability of all enterprise assets that exist on-premise, on-cloud, or are SaaS-based ensure the elimination of blind spots in managing attack surfaces.

Protection with cybersecurity controls: The security controls ensure that the enterprise is adequately protected from cyber threats, and effective guardrails are enforced to prevent the occurrence of cyber incidents. The controls to be deployed are aligned with the Enterprise Security architecture and conform to the applicable regulatory and compliance standards (for example, NIST CSF, ISO 27001, CSA CCM, and more)

Integration and interoperability of cybersecurity controls: Adoption of architectural principles like Cybersecurity Mesh Architecture (CSMA) enables the implementation of security controls with composability and contextual correlation across heterogeneous technology interfaces.

Detection and response to cyber incidents: Continuous monitoring, identification of threats, and ability to respond to cyber incidents help enterprises be ready to address any cyber incident. This also includes the ability to perform the root cause analysis for cyber incidents and perform correlation with historical data to enable effective remediation.

Thus, we recommend a structured approach to the democratization of cybersecurity by leveraging the shared responsibility model and defining technology patterns for strengthening the integration of multiple cybersecurity tools. An enterprise that has succeeded in this endeavor can respond effectively to emerging cyber threats.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image