Thursday, September 20, 2018
With input from George Finney and Michelle Malcher, Fuel User Group Board Members
Earlier this year at the Ignite Cybersecurity Conference in Anaheim, California, Fuel set up an interactive wall for attendees to mark areas where they are spending their time in their work, such as firewall configuration, and areas where they’d like to spend more time, such as private cloud management. The wall tells a great story—by peers, for peers—about where the industry stands. Here, we’ve broken down a few of the findings, with input from two Fuel User Group Board Members.
One clear theme is that everyone is spending too much time on firewall configuration. While almost every job role indicated this was where they are currently spending their time, no one ranked this as what they think they should be doing. While it’s critical to manage firewall policies, it’s not a good use of staff time and should be automated wherever possible.
Data center managers and management teams were the only ones who had a different focus. Data center managers are focused on securing their data centers and the private cloud, while management teams are spending their time on reporting, auditing and threat protection and mitigation.
Across all roles, there is agreement that more time should be spent on new deployments and service expansion, as well as threat protection and mitigation. Ideally, if security professionals could spend less time on managing current services, they could do more advanced work and expand their cybersecurity posture.
"Some of the most important tools at our disposal are the ones that make our security teams more efficient,” said George Finney, chief security officer at Southern Methodist University and Fuel Board Member. “If two vendors offer similar services, we invariably choose the one with less overhead to keep engineers and analysts focused on finding gaps in our security, instead of fixing the tools themselves.”
Interestingly, members who identified as working in NetOps and SecOps also indicated that public cloud security should be a focus area, but management teams didn’t give this priority.
If you ask professionals what they’d like to do with their time, threat protection and mitigation is still top of mind, but private cloud and data center management climbs into top contention. There’s also a strong interest in endpoint protection.
If you view these results as a staged approach, professionals seem to be indicating that they need to get away from manual policy management so they can do more to bring their organizations up to speed, and then try to get in front of potential threats.
Management at all levels of security professionals are in agreement on priorities, so it’s time to identify barriers to progress. “Collaboration between teams to help automate regular security processes and configurations will allow for discussions between the teams for better threat protection and mitigation of issues,” notes Michelle Malcher, security architect at Extreme Scale Solutions and Fuel Board Member. Demonstrating that there is a common goal to move forward toward, such as new deployments or threat mitigation, can help to remove some of these barriers.
Where do you spend your time, and where do you want to spend more time? What steps can you take to remove barriers to progress? Start a conversation with your Fuel peers in the Virtual Water Cooler.
More to Explore
Check out these Fuel blog posts for further reading: