As a result, deploying comprehensive cyber security has become so complex that it’s nearly impossible to implement it effectively. This complexity is compounded by both solution proliferation and a shortage of security professionals. Therefore many, if not most, security initiatives have become inherently counterproductive.
The solution, at least conceptually, is simple… establish standards that can be implemented consistently across organizations. We see three necessary steps in creating those standards:
- Create a cloud security reference architecture. A few tools, well deployed, would raise the security profile of most organizations.
- Have a fully integrated and tested technology stack based on that architecture to avoid “one-off” deployments.
- Implement “best practice” policies & governance based on the NIST standard, fully incorporating major frameworks like PCI and HIPAA. One size fits all.
Once the standards are established, the next phase is to drive adoption by educating security leaders, executives, providers, and students on the advantages of standardization. Not only would it simplify cyber security, but it would also eliminate the need for individual audits and their associated costs.
Cyber Simplicity: Simple Solutions in a Complex World