• United States




4 reasons why CISOs must think like developers to build cybersecurity platforms and stop investing in ‘silver bullets’

Jul 02, 20184 mins
APIsData and Information SecurityDeveloper

The Chief Information Security Officer is the latest addition to the C-suite with funding, staff and authority to ensure the confidentiality, integrity and availability of corporate digital assets. The CISO must quickly shed the tool-centric mindset and instead start thinking like a developer to leverage API and microservices to build integrated cybersecurity platforms. A digital CISO must break down cybersecurity data silos, embrace open API’s and architect platform-centric cybersecurity solutions that enable security as code.

number 4 four with binary grunge background
Credit: Getty Images

CISOs are under the gun to produce results rapidly and staunch the constant “bleeding” from cybersecurity attacks. Cybersecurity attacks are increasing in complexity, velocity and ferocity. The reflexive response is to acquire the latest set of shiny new tools and roll them out quickly. This rapidly leads to cybersecurity data silos produced by tools that do not integrate. It is impossible to get a consolidated view of the threats, which is critical to create an actionable and automated response. Further, as threats evolve, the number of tools required keeps increasing – leading to a tangled mess of cybersecurity spaghetti!

The top 4 challenges faced by every CISO include:

1.  Drowning in the cybersecurity data deluge

There is a constantly growing list of “sensors” generating security data. Anti-virus scan reports, DLP logs, firewall logs, vulnerability scan data, server access logs, authentication logs, insider threat reports, advanced persistent threats – the list keeps growing with no end in sight! The velocity, variety, and volume of data easily overwhelm security analysts. Analytics and automation are the only way out.

2. Tool and data “balkanization”

The CISO is constantly reacting to threats and buying “silver bullet” tools. This leads to a messy digital hodgepodge of PDF reports, HTML pages, XML extracts, and .CSV files that are hard to integrate, analyze and program for creating automated responses.

3.  From discrete security events to continuous security

Cloud and DevOps are accelerating code deployments and introducing dynamic environments that challenge the traditional “certify once and monitor forever” waterfall security model. Rapid code, environment and data changes require a proactive and dynamic approach to security. Security as code is the only way to scale and react in real time.

4. Reactive and passive posture

Logging, monitoring and alerting are not timely enough. The ability to react in near real-time is critical to limit damage. Proactive threat-hunting and highly automated security operations and incident response are key to protecting digital assets.

CISOs must think like developers!

Developers are constantly looking for ways to extend services and share data using API’s & Microservices. Microservices help weave a digital fabric through a set of loosely-coupled services stitched together as a platform. Platform-centric architectures provide for extensibility with the ability to plug-and-play new tools and services using API’s with open data formats like JSON. CISO’s similarly must start thinking of ways to break down data silos and integrate the data from various tools and sub-systems. The list of “sensors” generating security data is endless and keeps growing every day. Anti-virus scan reports, firewall logs, vulnerability scan data, server access logs, authentication logs and threat profiles are just some of the sources of critical security information. All this data only makes sense when integrated into one single view and analyzed using AI-models. The volume, velocity and variety of data make it impossible for human-beings to analyze and react. AI-driven models help discern anomalous behavior from regular patterns and are the only scalable approach for detecting threats in near real-time. Security operations, automation, analytics and incident response as an integrated platform is the way to go.

Emerging security operations, automation, compliance and response solutions are next-generation solutions for the Digital CISO. Cybersecurity platforms provide the ability to plug and play new services. Additional features include the ability to generate and produce compliance reports required by HIPAA, FedRAMP, GDPR and NIST security standards as well as proactive incident response to ensure the confidentiality, integrity and availability of digital assets.

Creating a digital CISO playbook

Embracing inter-operability, API’s, machine-readable data formats and using code to automate manual processes are part and parcel of a developer’s playbook. Taking a leaf from a developer’s playbook here are 4 key pillars for the Digital CISO:

  1. Ask cybersecurity tool vendors to provide access to cybersecurity data through API’s and use of open data formats. Microservices and JSON are the way to go. Stay away from proprietary and closed systems that create data silos.
  2. Create a platform-centric architecture that does not rely on expensive silver bullet “tools” that don’t play nice with other tools or technologies. Develop a layered architecture with data ingestion, indexing, AI-analytics, alerting, response and reporting capabilities. Developers use Microservices and API’s to avoid inflexible interfaces and use JSON based objects stored in NoSQL databases.
  3. Invest in AI-technologies that help automate manual tasks and analysis. Understanding and leveraging a whole host of services that include NLP (for analyzing text and report highlighted patterns), statistical & regression techniques, adaptive algorithms that discern normal behavior from anomalous patterns are just some starting points.
  4. Create a developer mindset with a focus on security as code. Security analysts must move away from creating spreadsheets and word documents and embrace toolsets like Chef, Ansible, CloudFormation, Python and JSON.

Gaurav “GP” Pal is CEO and founder of stackArmor. He is an award-winning Senior Business Leader with a successful track record of growing and managing a secure cloud solutions practice with over $100 million in revenue focused on U.S. federal, Department of Defense, non-profit and financial services clients. Successfully led and delivered multi-million-dollar Amazon Web Services (AWS) cloud migration and broker programs for U.S. government customers including the Department of the Treasury, and Recovery Accountability & Transparency Board (RATB) since 2009.

GP is the Industry Chair at the University of Maryland’s Center for Digital Innovation, Technology and Strategy (DIGITS). He has strong relationship-based consultative selling experience with C-level executives providing DevOps, Managed Services, IaaS, Managed IaaS, PaaS and SaaS in compliance with US FedRAMP, FISMA, HIPAA and NIST Security Frameworks. He has a successful track record of delivering multiple cloud solutions with leading providers including Amazon Web Services (AWS), Microsoft, Google and among others.

GP is a published author and thought leader having spoken at Cloud Expo East, and published in InformationWeek, Gigaom, JavaWorld and IEEE among others.

The opinions expressed in this blog are those of GP and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.