RSA 2018 presented a stunning but at times bewildering array of security technologies. From proven staples provided by established vendors to innovative solutions coming from fascinating startups, the show was definitely out to impress. On this score, the event succeeded. However, the scale and scope of the offerings on display raised a familiar but no less troubling question: If an organization adopts multiple security tools, how can they best manage them?
This was the question I posed to Jonathan Goldberger, Vice President and General Manager of Security Solutions at Unisys. He spends his life dealing with this issue. “RSA can make you feel like a kid in a candy store,” he said. “It’s like, I want that. I want that, and that, too… But the challenge is going to be operationalizing the security technology once you get it set up. If you can get it set up.”
Indeed, as Goldberger pointed out, sometimes the problems with operationalizing security begins before the solutions are even up and running. “Take SIEM, for example,” he added. “These solutions can be incredible if you get them tuned to your infrastructure. That takes time, however, and usually, a fair amount of personnel resources, which may be in short supply. If you can’t get SIEM set up for your specific needs, it may end up being a net drain on resources with excessive false positives and the like.”
The Unisys Security Solutions group helps organizations address these kinds of challenges. “If you work with 80 security vendors, you have a big vendor management—and technology management—job on your hands,” Goldberger said. “We can play this role in an organization, either on a short-term, get yourself organized basis or on a completely outsourced basis.”
Operationalizing security technology is a multi-layered process. As Goldberger explained, there’s the basic, but extremely important work of coordinating SecOps and enabling effective security policy implementation across diverse solution sets, incident response workflows and so forth. “You also have to get people from different backgrounds, organizational levels and sets of incentives to come together, or at least communicate meaningfully about cyber security,” he said. “For example, CISOs are very much in the ‘threat world,’ dealing with actual threats to digital assets. The board is focused on risk management at a higher level and always looking at return on investment and margins.”
The Unisys approach is to work collaboratively with each group of stakeholders and facilitate a meaningful set of security policies that everyone can agree upon. Then, the firm works closely with IT teams and others to put the required technologies to work in alignment with the organizational structure. “No two companies are alike,” Goldberger added. “It keeps us on our toes.”
Not every organization will want or need an external partner to help with the operationalizing of security technology. However, as many of Goldberger’s clients have found, it can be helpful to have a neutral participant in the process. “People want to feel heard,” he said. “What we can sometimes reveal is that almost everyone wants the same time. They just talk about their goals and decision-making processes differently. We can bring people together for a common purpose.”