One of the largest frustrations I’ve heard from security industry professionals over the years is that they are under constant pressure to prove that the work they do, or the solutions they implement are making their business safer. Unfortunately, nearly 80% of senior IT and IS leaders believe their organizations “lack sufficient protection against cyberattacks despite increased IT security investments made in 2020 to deal with distributed IT and work-from-home challenges”, according to a new IDG Research Services survey commissioned by Insight Enterprises. Further aggravating the issue is that many also feel that they don’t have the visibility needed to accurately and measurably report on their progression closing the gaps. As such, some rely on cybersecurity dashboards to such ends, whether constructed internally or provided by vendors.
In this blog post, we discuss the advantages a well-developed security dashboard can impart to developing organizations and IT teams. We approach this from the perspective of expectations of IT stakeholders. Finally, we describe how our own portal endeavors to achieve these benefits for our clients, in a few specific contexts: cybersecurity risk reduction, hygiene, and initiative tracking (such as compliance or proactive hardening efforts).
What do we mean by a Portal?
A portal or dashboard plays an important role in overcoming the visibility and progress gaps described above. It also provides a transparent, secure and open forum for collaboration across the numerous stakeholders who contribute to the security of the organization, from IT staff responsible for helpdesk or systems administration, to dedicated network or security personnel, to those in operations, leadership, or GCR teams.
Building an effective portal takes time, and must provide incremental value if it’s to become regularly used. Simply creating an online version of a report and calling it a ‘portal’ won’t suffice. It must enable the user to achieve their greater goals — in our space, that’s security improvement.
What should a security portal or dashboard include?
So, what should organizations expect in a portal? Below, I break down what I believe to be the key elements of any good offering, whether built in-house, or included in a provider’s service.
Security portals provide complete visibility into interactions between IT and cybersecurity. You should expect to see health indicators of the environment. In this context, that’s usually metrics around security events (like total number of monitored events, security incidents, and investigations) and overall security posture. In the case of a portal provided by a service, add support requests, and the ability to download documents that can be easily shared across team members and leadership alike.
While greater visibility into the environment is essential, portals must also serve to educate stakeholders on risks that directly affect their business. Leadership doesn’t always wish to wait for the next weekly/monthly/annual report for a list of critical gaps that need to be addressed. By providing actionable intelligence within the portal, and clear paths to remediation, security stakeholders (internal, or those at an MDR, like ActZero), can offer IT teams simple and efficient processes to harden their systems from threats. Having convenient access to important information, and ways to resolve issues in a timely and transparent manner, leaves IT stakeholders far more prepared for success in cybersecurity.
Lately, the identity of portals as information sharing centers only is diminishing. Portals are shifting to become interactive workspaces, where leadership teams can not only consume from, but provide information to the teams or vendors for purposes of maintaining their own profile, services, or organizational development.
Within ActZero’s customer portal, for example, we’ve introduced our new Maturity Model. The Maturity Model is a risk-based meta-model representative of security controls from across a variety of cybersecurity standards. The model provides a business-driven approach to evaluating cybersecurity maturity based on an organization’s risk profile, and desired security posture. Customers can not only understand their current state, but develop strategies for improving their security posture, track their progress as they fix things, and get advice to shepherd them through their security journey.
And finally, it’s great when an organization can make significant headway to achieving its goals, but even better when you can share those successes. Portals need to provide simple means to access and use reporting tools. These tools should allow users to quickly generate reports for management, third parties, or auditors - so that they can clearly demonstrate the continuous protection efforts made against protecting the organization from cyberattacks. And, as mentioned in the previous section, their interactive nature should also provide the opportunity to capture and label evidence towards the initiatives/outcomes that they are reporting on. This application is especially important in a regulatory compliance (audit) context. We discuss the compliance/audit use case in greater detail here.
Whether you consume information from your provider’s portal, or build your own, you now have the necessary context for what is possible in terms of capabilities, as well as specific use cases for information within a portal. Not to mention a thorough understanding of the goals for an effective security portal program. For more information about security KPIs you might expect to find within a portal, check out our white paper. Or, to learn more about what’s in our customer portal at ActZero, including our maturity model, download our Solution Brief now.