22 Apr 2021

Bring strategy back into your security posture by turning to chess

Guest blog: Ramsés Gallego, International Chief Technology Officer, CyberRes, Micro Focus as part of our #Cyber2021 week.

In chess, players must think both tactically and strategically. They must respond to the immediate situation by countering threats, while also understanding how their moves might create vulnerabilities that their opponent can exploit. The same is true for securing your business. 

During 2020, organizations went through a wave of rapid digital transformation which, understandably, was more tactical than strategic. The need for flexible remote working led to a massive rollout of new devices and permissions to access data. New applications were deployed to ensure continuity of business processes and services. More tools and cloud capacity were added to the IT infrastructure to keep up with demand. 

Now that the world is reopening, organisations need to take a strategic look at their technology and solidify the benefits of this digitalization. This means mitigating the risks of a bigger attack surface that was created by the additional devices, applications, users, and data. 

Make your best moves with a helping hand 

The strategic approach to digital transformation is to run and transform simultaneously, bridging existing and emerging technologies while mitigating risks. Remote working, for example, isn’t just about handing out devices. It’s about providing secure access to the systems individuals need and taking into account what could happen after access is granted. Once data can be accessed from anywhere, a single breach could compromise large swathes of valuable data.  

Rather than building walls that silo information and lock down identity privileges, the strategic move might be to implement a User and Entity Behaviour Analytics (UEBA) tool. These AI tools monitor all system activity in real time, identifying anomalies and responding to risk. This is context-aware computing: security that works with how employees work, rather than creating barriers to productivity.  

We can also build DevSecOps processes that centre on security and introduce tools such as Runtime Application Self-Protection (RASP) that automate the detection and prevention of threats at the application layer. The strategic move, however, might be to also include HR in the response process and call on business leaders to promote teamwork. 

This form of risk is heightened by the realities of remote working. Staff need to share data, but if the officially-sanctioned tool presents a problem, they might turn to alternative solutions, removing that data from security oversight in the process. Likewise, if they need to access data frequently, they might save copies in multiple places to avoid repeated security checks.  

All of this creates a growing mass of shadow data. While continued digital transformation might reduce non-sanctioned practices, the strategic move might be to put data discovery tools in place and in return bring shadow data back under the influence of your security strategy. 

Checkmate in three 

Your business is the king you must protect. In chess, finding your king in check means making a move that eliminates the danger. Similarly, any threat to your business continuity needs to be answered immediately. The best strategy is to avoid check by making cybersecurity the queen that keeps your business safe. 

At CyberRes, we understand the right strategies to protect what’s most valuable. We read the board for threats that are specific to an organisation and supply solutions that put risk in checkmate. We keep businesses cyber resilient with three key moves: Manage Identities, Secure Applications, and Protect Data. 

To learn more about how we make businesses resilient through transformation, please contact Ramsés Gallego or visit Cyberres.com  

Dan Patefield

Dan Patefield

Programme Head, Cyber and National Security, techUK

Charlie Wyatt

Programme Assistant, techUK

Jill Broom

Programme Manager, Cyber Security & Central Government, techUK

Sam Wyatt

Sam Wyatt

Programme Manager, Defence and Cyber Security, techUK