Keil Hubert: What a medieval farming village can tell you about your security systems

Keil Hubert: What a medieval farming village can tell you about your security systems

If you want to keep your company’s production data network reasonably secure, then keep your executives a healthy distance away from information security appliance salespeople.

keil-fullI’m deadly serious, and not for the reasons you’re probably assuming. I like a good security information and event management (SIEM) tool as much as the next head of IT. What I don’t care for is the common belief held by non-technical executive types that a shiny new security appliance could do a human security expert’s job. It can’t. All of those lovely intrusion-prevention systems and log aggregators and alerting systems are wonderful security awareness tools, but they’re all useless without trained and savvy operators.

If it helps, think about your production network as if it were a medieval farming village: picture a bunch of smithies, carpenters, and other shops that provide critical services, people running about doing work that benefits the community, and well-marked roads leading in and out of town. If those roads are left unguarded, then any blaggard could sneak into town, break into an unlocked storeroom, and nick some valuables. If you only guard the city gates, then a baddie can run around for weeks causing havoc inside because no one’s paying attention. It’s a metaphor, but it works.

Most people want the security and stability that comes with living in a gigantic stone fortress, but those are hugely expensive – only the Fortune 500 global megacorps can afford to build impregnable castles. The rest of us have to make do with improvised, partial measures. That’s the security appliance vendors’ niche: they provide a cost-effective solution for significantly improving your meagre defences. In our village metaphor, they offer to build you a tall and sturdy watchtower in the centre of town. From there, your watchmen can survey the entire community, thereby allowing them to spot suspicious activity to help thwart the occasional evildoer. It’s a practical solution for most companies’ security situations.

Where the appliance solution inevitably falls apart is after the SIEM watchtower gets erected in the village green. “We have a security appliance,” the mayor announces. “Therefore we’re safe. Everybody get back to work.” The trouble is, the mayor neglects the most important part of the equation – there’s no one stationed inside the tower to keep watch. The baddies then saunter in and nick everyone’s valuables without difficulty.

If it seems I’m oversimplifying things, please understand that I’ve seen this exact scenario play out at far too many medium-sized businesses in real life. I recently interviewed the CISO of a multi-billon dollar company about how his team leveraged his monitoring kit. He sheepishly admitted that his company had spent oodles of cash deploying them, but that no one on staff was tasked to monitor them. The appliances sounded the alarms 24/7, but no one received the alerts. The deployment of SIEMs had made their executives feel good, but accomplished absolutely nothing. They were worse than useless.

That is not the fault of the security appliance manufacturer. Most of the ones I know make good products that can be wickedly effective when properly employed. Their function is to arm up a well-trained security team with tools optimised to aid security incident detection, response, and management. What many executives miss is that the security people are the critical elements in the equation; you cannot make security work effectively without them.

When it comes to systems security, start by hiring, resourcing, and empowering a savvy infosec team. A watchtower is useless without a watchman; a security appliance is equally useless without well-trained security analysts monitoring it.

Keil Hubert

Keil Hubert

POC is Keil Hubert, keil.hubert@gmail.com Follow him on Twitter at @keilhubert. You can buy his books on IT leadership, IT interviewing, horrible bosses and understanding workplace culture at the Amazon Kindle Store. Keil Hubert is the head of Security Training and Awareness for OCC, the world’s largest equity derivatives clearing organization, headquartered in Chicago, Illinois. Prior to joining OCC, Keil has been a U.S. Army medical IT officer, a U.S.A.F. Cyberspace Operations officer, a small businessman, an author, and several different variations of commercial sector IT consultant. Keil deconstructed a cybersecurity breach in his presentation at TEISS 2014, and has served as Business Reporter’s resident U.S. ‘blogger since 2012. His books on applied leadership, business culture, and talent management are available on Amazon.com. Keil is based out of Dallas, Texas.

© Business Reporter 2021

Top Articles

How 2020 changed consumer expectations of insurance

The coronavirus pandemic has pushed insurance, an inherently conservative industry founded on minimising risk, into a new reality.

Is simpler technology the key to successful hybrid working?

With 75 per cent of businesses keen for more straightforward collaboration, today’s video conferencing tools may be a barrier to…

The future of insurance – is risk pooling a thing of the past?

When we talk about the future, we often conjure up images from science fiction novels

Related Articles