In today’s hyper-connected world, with multi-faceted cloud services operating in a private, public or hybrid ecosystem, network appliances such as firewalls, routers, switches and other similar devices have become an essential part of our IT environment. They help us stay connected, protected and efficient but at the same time, they generate an enormous amount of data that can be overwhelming to manage and analyse.
As organisations become ever-more reliant on technology to conduct business operations and store valuable data, ensuring the security of their information assets has become a significant challenge.
Housing-specific cyber-attacks
We’ve seen a massive increase in sophisticated cyber-attacks across the housing sector, and the likelihood of an advanced and persistent Russian-led (and other nation states) attack is a real concern; for the first time, housing providers are being actively targeted.
It’s therefore vital to understand the threat landscape and the security posture of your most critical assets and, most importantly, their ‘breach value’. However, the challenge is deciding which data is important and which isn’t, and then how this triaging can be used to identify threats, understand their impacts, and prioritise your security remediation activities.
Governance arrangements
To protect these assets, it’s important to have effective governance arrangements in place that help you to understand their security value and cost, allocate budgets for security measures and prioritise your remediation activities. However, these governance arrangements aren’t without their challenges because there is often a lack of understanding around what makes an effective governance model, the board doesn’t always understand their responsibilities, cyber-security risk isn’t always on the board agenda and governance frameworks aren’t necessarily wholly-aligned to cyber risk and the corporate objectives.
This article explores the magnitude of data generated and the challenges in managing and analysing that to gain insights into the security posture of a network. We will also look at possible solutions and strategies that have helped Notting Hill Genesis effectively leverage this data to improve our own security posture and mitigate cyber threats.
We collected large amounts of data from security systems, network appliances, security assessments and large datasets (both structured and unstructured formats). Making sense of this was extremely difficult, which meant we couldn’t make informed decisions about our security posture and how to secure our most critical data.
Security value and cost
One of our first challenges was to understand the security value and cost of our information assets. This required a comprehensive understanding of the assets’ role in our organisation, the potential impact of a breach or loss, and the cost of implementing effective security measures. Without this understanding, we found it very difficult to make informed decisions about how to allocate resources for protecting our information assets.
Like many organisations, budget considerations and limited resources were another challenge. We therefore made a deliberate decision to move away from agnostic security solutions that were expensive, resource-intensive to manage and provided little value in terms of security telemetry and tangible detect-and-response capabilities. With Microsoft investing billions of dollars in security and leading many of Gartner’s ‘Magic Quadrants’, it seemed sensible to invest in leading technology solutions that would provide the best and most appropriate security value for the business, with a single ‘pane of glass’ for our security telemetry.
Using this approach brought about significant security benefits:
We consolidated and centralised our security management. This enables our security teams to manage and monitor security policies, configurations and incidents from a central location. It led to more efficient and effective security operations by reducing complexity and improving visibility into our security events across the organisation.
We configured our security platforms to work seamlessly with other Microsoft tools and technologies, including Windows, Office 365, Azure and others. This integration helped us to create a more holistic security environment, where our security teams can use high-quality information and data from multiple sources to detect, prevent and respond to security incidents.
By consolidating security intelligence, we can generate more accurate and reliable security metrics and analytics. This approach helps us to measure and track the effectiveness of our security controls and identify areas for improvement. It was also pivotal in the creation of our unified security dashboard, providing a single view of our security posture.
Our centralised approach offers advanced threat-protection capabilities, including machine learning, behavioural analytics and threat intelligence. These technologies help us to identify and respond to complex and advanced threats in real time, reducing the risk of data breaches and other security incidents.
Creating comprehensible data
One of our biggest challenges wasn’t collecting intelligent data but turning it into a security metric that stakeholders, senior leadership teams and our audit and risk committee understood. After all, how do you begin to understand or articulate what your security posture looks like?
Reporting security metrics to the board can be a challenge. The board is typically responsible for overseeing the organisation’s overall strategy (including risk management) and requires clear and concise information about the organisation’s security posture. However, reporting security metrics can be complex and requires a deep understanding of the technical details of security measures as well as an ability to communicate this information effectively.
Defence in-depth security
Having sophisticated Microsoft security technology that continually scans for vulnerabilities and gaps in security enables us to understand which security data is most valuable and relevant, which we can then analyse to produce risk scores across our ‘defence in-depth security’, aligned with the most prominent attack vectors. This then equates to recommendations on how to improve our security; we apply a risk-based approach, aligned to our risk appetite, to identify priorities based on our other defence in-depth measures.
We’ve created several Microsoft PowerBI dashboards to slice up the data to make it intelligent. Essentially, we use intelligent data to drive our security decisions on a continual basis.
The dashboards include all of the key security metrics that comprise our security layers which depict, at a governance level, our security defence in-depth. Our targets are calculated by knowing tangible and achievable security remediation actions, based on our risk appetite and where we can confidently balance security risk and reward without affecting critical business operations.
These metrics are measured at an executive level and the data that underpins these metrics drives cost and resource to get the scores at the agreed target level.
Understanding our security posture
Never before have we been able to understand, at this level, what our security posture looks like. By collecting and collating data from security platforms in Azure, for example, and presenting the data in this way, you can see how we’re driving security excellence through everything we do.
But more importantly, we continually scrutinise our security to drive excellence. We found one way to do this is by benchmarking our security against other organisations. We do this against the other G15 housing providers and we also do this against FTSE-250 companies that share the same sector as us. But excellence for us means leading in other sectors too.
Overall, effective governance arrangements for protecting information assets require careful planning, resource allocation and clear communication. By addressing these challenges head-on, organisations can better protect their valuable information assets and maintain the trust of their customers and stakeholders.
Gavin Inns is the IT security manager at Notting Hill Genesis.
