Strategies for Enhanced Cybersecurity and Cost-Efficiency
Arun Dutta is an astute technologist who has led large technology centers for global companies, seeing success not only in software development and platform transformation and operations but in being a site leader that has helped grow teams in India, building culture and belonging, and fostering innovation.
In a conversation with Keerthana H K, Correspondent, CIO Insider Magazine, Arun Dutta, Managing Director at Expedia Group, shared his views and thoughts on the scalability of technology impacting the cost of operations and cybersecurity measures within an organization. And what strategies companies can employ to ensure improved availability while reducing operational costs in the context of cybersecurity.
As a leader who has worked in multiple industries and business sectors, I can say without a doubt that while any legacy technology comes with cybersecurity risks equally as important is the drag on innovation and costs. The key is finding the right balance for your business. Security is key but it has to run in parallel with growth and optimization else any business is bound to failure. With that in mind, here are a few cybersecurity essential agnostics of Industry or sector.
According to you, what are the common security risks associated with maintaining legacy systems, and how do they affect operational costs?
The most challenging risk with legacy environments is that they more are susceptible to security vulnerabilities and cyberattacks. They tend to fall out of compliance with the modern day governance requirements. Ultimately, businesses have to deploy compensating controls to manage that risk. These methods tend to be expensive, can slow down growth opportunities and increase cost. Intentional and consistent migrations to more modern technologies will always accelerate growth opportunities and better security.
What strategies can companies employ to ensure improved availability while reducing operational costs in cybersecurity?
Any organizational strategy has three critical components - people, process and technology. Availability is ensuring that these components continue to operate even when things don’t go well. Lack of availability costs a business revenue and reputation, while driving away current and potential customers. First and foremost, organizations should ensure that they have a clear end to end Cybersecurity strategy along with priorities and a roadmap on how to improve. This will ensure everyone is working on the same problems. To an extent it makes sense, as organizations can consider leveraging managed security specialized vendors (MSPP) for the parts of the security program that can benefit from increase velocity and iterative improvement. Often times they come at a lower cost with increased expertise and more flexible technology. This also frees up the inhouse security experts to work on more challenging and complex problems. Lastly people being the epicentre of all business, organization should invest in proper training and education on impact
and avoidance of security breaches.
How should companies measure the effectiveness of their cybersecurity investments over cost savings and improved security?
First and foremost every organization should have comprehensive ‘Security metrics dashboard’ providing an overview of key security KPI’s such as availability, reliability, resiliency, observability, including ‘cost of operations versus cost of incidents’. This helps keep a tab on return on investments around losses from incidents, regulatory fines and downtime. In addition, tracking of Mean time to failure (MTTF) and Mean time to recovery (MTTR) provides a roadmap for yet to be achieved targets. In terms of employee awareness an organization should measure phishing and social engineering resilience of its employees via regular tests. Lastly it should also keep an eye on company’s reputation in the market and impact of improved cybersecurity which in turn might affect the premium a company pays for cybersecurity insurance
Most scalable technologies often come with automation capabilities and central monitoring and management systems which in turn bring down the cost of operations via reduced human intervention.
Scalability and cost of operations are the yin and yang of the cybersecurity world. Any organization should be adaptable to the seasonality of its business and to the fluctuations of the new age market. Once these two are handled, cost of operations automatically goes down. Most organizations invest in cloud-based technology architecture and pay-as-you-go models to cater market seasonality without burning the pockets. Most scalable technologies often come with automation capabilities and central monitoring and management systems which in turn bring down the cost of operations through reduced human intervention. One key aspect many organizations sometimes ignore in the process are customization and development integration. Cybersecurity should be introduced very early in development lifecycle and should be promoted as DEVOPS mandate. This significantly reduces the costly post development security fixes. Customization allows elasticity in security control configurations so that an organization is always thinking ahead and stays not only current but futuristic in its growth roadmap. In a nutshell from a cybersecurity perspective, scalability allows organizations to adapt to evolving threats, automates incident response, and ensures that security measures can grow or shrink in tandem with the organization's scale.
What emerging trends or technologies in the cybersecurity field promise improvement for both security and cost-effectiveness?
Field of cybersecurity is dynamic and organizations need to stay current on market developments that inform about emerging key trends. Here are a few promising trends and technologies that go hand in hand with cybersecurity.
Cloud Security Posture Management (CSPM): As more organizations adopt cloud for scalable operations it’s important to be on point with cloud infrastructure configurations and CSPM provided complete visibility into all cloud environments and its integrations with the organization.
Artificial Intelligence (AI) and Machine Learning (ML): Advanced AI and ML technologies provide excellent pattern recognition capabilities which in turn help with threat and anomaly detection. This helps take care of vulnerability incidents even before they occur and saves millions for businesses.
Zero Trust Security Model: When it comes to security, organizations should trust no one. The basic concept is that no matter an insider or an outsider everyone should go through multifactor authentication when accessing critical systems and confidential data sources.
Blockchain for Cybersecurity: Mostly used for identity management and secure data sharing for reduced data breaches and preventing unauthorized access.
Endpoint Detection and Response (EDR): Enhanced ability to detect and respond to endpoint threats.
User and Entity Behaviour Analytics (UEBA): Analysis of user behavior patterns to identify anomalous activities early on.
DevSecOps (Security in DevOps): Embed continuous security in the development life cycle.