Strong security goes hand in hand with consistency. When you lock your house up for your annual vacation you go through each room in turn making sure that all the windows and doors are locked, and the burglar alarm is set. What you are doing is nothing short of executing a process. The larger the house the more time you spend on the process.
Even though this is a slightly trivial example it illustrates the need for process and discipline to make sure the likelihood of getting burgled is minimised. It is only through the rigorous adherence to the process that consistency is achieved – in our example all entrances and ways into the house are secured. A more haphazard approach may have missed the closet window because the closet is hardly ever used, which would have resulted in the whole security of the house being undermined through a simple lack of consistency.
The "2019 Verizon Risk Report" clearly calls out that the inconsistent application of security controls is a major threat to business.
Consistency across the IT landscape is a huge problem for many organisations, especially those with large and complex environments. This lack of consistency can be considered highly damaging to the security posture of an organisation and its capacity to adapt to change which in turn places the overall business at risk. Without consistency the notion of enforcing security remains purely academic.
There are many factors that lead to inconsistency. These might be related to the coverage of controls across different disciplines that directly or indirectly impact security and/or the dependency on human resources to do what they are supposed to do.
New IT and business initiatives such as the deployment of new cloud solutions (IaaS & SaaS), company mergers, IT and business process outsourcing, are all examples of situations where inconsistencies arise because security was not properly considered in the process of delivering on these initiatives.
This may occur because of business pressure to get the exercise completed in as short a time as possible for the least cost, because of cultural differences between the participating organisations and/or logistics of deploying solutions across geographical time zones and frequently into countries very different to the western world.
These factors taken in isolation would prove to be challenging for most organisations. When taken together as is often the case the supporting organisations are subject to immense pressures and inconsistency introduced into the environment at this early stage becomes an uphill battle to turn around.
The great news is that there is now software available to help organisations to combat these challenges, enabling business to increase consistency through a comprehensive set of best practices codified in workflows and automation, across broad set of security controls. If you would like to learn more don’t hesitate to reach out.